43 Class Review
There are too many topics in computer security
Final reschedule:
Close book and notes, but you can have a Twopage cheat-sheet
Assurance
Human Issues
Operational Issues
Confidentiality
Integrity
Availability
(1) Confidentiality
Communication
channel
Sender
encr
ypt
Recipient
d
dec
rypt
ciphertext
plaintext
plaintext
shared
secret
key
Attacker
(eavesdropping)
shared
secret
key
password=ucIb()w1V
mother=Jones
pet=Caesar
10
(2) Integrity
C4: Authorization:
the determination if a person or system is allowed
access to resources, based on an access control policy.
Such authorizations should prevent an attacker from
tricking the system into letting him have access to
protected resources. E.g., MAC address
Tools:
Backups: the periodic archiving of data.
12
(3) Availability
Tools:
Physical protections: infrastructure meant to keep
information available even in the event of physical
challenges. bomb-proof building
Authenticity
Anonymity
14
Assurance
Authenticity
Primary tool:
digital signatures. These are cryptographic
computations that allow a person or system to
commit to the authenticity of their documents in a
unique way that achieves nonrepudiation,
which is the property that authentic statements
issued by some person or system cannot be denied.
16
Classes of Threats
Disclosure
Tools:
Deception
Snooping: wiretapping
Modification, spoofing, repudiation of origin, denial
of receipt
Disruption
Physical attacks, DoS, DDoS
Usurpation
To take over without authority bot
Modification, spoofing, delay
18
Alice
plaintext M
Bob
encr
ypt
Communication
channel
Recipient
decr
ypt
plaintext M
shared
shared
ciphertext
C
C secret
secret ciphertext
key
key
Eve
19
Attacker
(intercepting)
20
From: Alice
(really is from Eve)
Alice
21
22
Bob
23
24
Passive threats
Active threats
Release of
message contents
Traffic analysis
Masquerade
Replay
Modification
of message
contents
Denial of
Service (DOS)
25
26
Composition of policies
If policies conflict, discrepancies may create security
vulnerabilities: which rule to follow?
Goals of Security
Prevention is ideal
Prevent attackers from violating security policy
E.g., Intrusion Prevention Systems (IPSs), really?
Policies must
secure or unsecure
Mechanisms
Types of Mechanisms
Types of Mechanisms
secure
insecure
precise
32
Assurance
Operational Issues
A secure system can be breached by improper operation
E.g., when accounts with no passwords are created
Cost-Benefit Analysis
Is it cheaper to prevent or recover?
Specification
http://www.schneier.com/blog/archives/2010/11/tsa_backscatter.html
Human Issues
34
Threats
Policy
Specification
Design
People problems
Implementation
Operation
Social engineering
Phishing email or phone calls
35
36
Compromise
recording
Work
factor
Psychological
acceptability
Economy
of
mechanism
Economy of mechanism
10
Security
Principles
mechanism
Complete
mediation
(1975)
Least
common
Fail-safe
defaults
Open
design
Separation
Least
privilege
of
privilege
37
Fail-safe defaults
38
Complete mediation
39
Open design
40
Separation of privilege
42
Least privilege
43
44
Psychological acceptability
Work factor
45
46
Compromise recording
Traditional topic on a
single computer
Authentication
Access control
matrices/lists
47
Passwords
File protection
48
/usr/bin/
/u/roberto/
/admin/
root: r,w,x
mike: r,x
roberto: r,x
backup: r,x
root: r,w,x
root: r,w,x
roberto: r,w,x backup: r,x
backup: r,x
root: r,w
mike: r
roberto: r
backup: r
49
50
3. Capabilities
a subject-centered
approach to access
control
root
backup
Department
Chair
Administrative
Manager
/usr/passwd: r; /usr/bin: r;
/u/roberto: r,w,x
Accountant
Lab
Manager
Secretary
Lab
Technician
Administrative
Personnel
Undergraduate
TA
Backup
Agent
Technical
Personnel
Undergraduate
Student
Faculty
Graduate
TA
Graduate
Student
Student
Department
Member
51
Social Engineering
System
Administrator
52
Something-for-something
4. Eavesdropping
5. Physical interface attacks
54
shell
diverpin
tumbler
spring
sheerline
Key pin
cylinderorplug
Locate the pin stack that's being pinched at the shear line (it
resists slightly when pushed up)
Continue to push that pin stack up until its cut reaches the
shear line and the plug turns slightly
keyway
56
55
Authentication Technologies
Cheap hinges
password=ucIb()w1V
mother=Jones
pet=Caesar
57
58
A Scientific process of
The Forensic
Paradigm
Identify
specific
that
Browser history
objects
store
important data
for the case
analysis
Collection
Establish a
chain of
custody and
document all
steps to prove
that the
collected data
remains intact
and unaltered
Analysis and
Evaluation
Determine the
type of
information
stored on
digital evidence
and conduct a
thorough
analysis of the
media
Reporting
Prepare and
deliver an
official
report
60
10
A Computer Model
OS Concepts
I
/
O
CPU
0
1
2
3
4
5
6
7
8
9
.
.
.
RAM
Disk
Drive
61
62
Multitasking
Give each running program a
slice of the CPUs time, 1ms
Process scheduling
New Task
63
Userland
Operating System
Non-essential OS
Applications
The OS Kernel
CPU, Memory,
Input/Output
64
Hardware
65
66
11
What is a Process?
68
Memory Management
segments
70
Virtual Machines
Benefits:
Hardware Efficiency
Portability
Management
Security
71
72
12
What is an Exploit?
An exploit is any input that takes advantage of a bug
or vulnerability in order to cause an attack
i.e., a piece of software, an argument string, or
sequence of commands
73
74
strcpy() Vulnerability
High Addresses
0xFFFF FFFF
domain.c
Heap
BSS
Data
Top of
Memory
0xFFFFFFFF
Stack
argv[1]
var1argv[1]
(15 char)
(15
(20char)
char)
Overflow
command
exploit
(20 char)
..
.
Text
Low Addresses
0x0000 0000
Stack
Fill
Direction
Bottom of
Memory
0x00000000
75
f() arguments
return address
buffer
attackers input
local variables
EIP
f() arguments
return address
EIP
current
frame
previous
frames
get(buf);
76
Buffer
next location
Canary
(random)
Return
address
Other data
padding
Buffer
program code
Other
local
variables
Overflow data
Corrupt
return
address
Attack code
program code
77
78
13
Calling Convention
79
80
81
82
This restores the stack to its state before the call was
performed.
84
14
85
86
1. Push the value of EBP onto the stack, and then copy the
value of ESP into EBP
push ebp
mov ebp, esp; copy the stack pointer to the base pointer; create
new
We push the old base pointer value at the beginning of the subroutine so
that we can later restore the appropriate base pointer value for the caller
when the subroutine returns.
the caller is not expecting the subroutine to change the value of the base pointer
We then move the stack pointer into EBP to obtain our point of reference for
accessing parameters and local variables.
87
88
base pointer
89
90
15
Packet switching
Packets transported
independently through
the network
Connectionless protocol
Connection-oriented protocol
92
Network Layers
Internet Layers
Application
Application
Transport
Transport
Network
Network
Network
Network
Link
Link
Link
Link
Fiber
Optics
Ethernet
Wi-Fi
Physical Layer
93
94
Encapsulation
A packet typically consists of
Control information for addressing a packet: header/ footer
Data: payload
TCP
Header
IP
Header
Payload
Footer
Application
data, e.g.,
email
Application Layer
TCP Data
Transport Layer
IP Data
Network Layer
Footer
Frame
Header
Payload of p2
95
Frame Data
Frame
Footer
Link Layer
96
16
Network Interfaces
MAC Addresses
is a 48-bit number usually represented in hex
E.g., 00-1A-92-D4-BF-86
computer to a network
98
Operation of a switch
ARP Spoofing
100
101
102
17
Wireshark
Internet Protocol
Connectionless
Unreliable
Delivery on a best effort
basis
No acknowledgments
104
IP header includes
Source address
Destination address
IP protocol version
Fragmentation information
Broadcast addresses
E.g., 128.148.32.255
v
E.g., 128.148.32.110
10.0.0.0 - 10.255.255.255
Private networks
IP Routing
Routing table
length
fragmentation info
TTL
prot.
netstat r, --route
source
destination
105
106
Internet Routes
Internet Control Message Protocol (ICMP)
Used for network testing and debugging
Simple messages encapsulated in single IP packets
Considered a network layer protocol
108
18
ICMP Attacks
Smurf Attack
Ping of death
ICMP specifies messages must fit a single IP
packet (64KB)
Send a ping packet that exceeds maximum size
using IP fragmentation
Amplifying
Network
echo
response
echo
request
echo
response
Smurf
Ping a broadcast address using a spoofed source
address
Attacker
109
echo
response
Victim
110
Attack propagation
Starts at zombies
Source:
M.T. Goodrich, Probabalistic Packet
Marking for Large-Scale IP Traceback,
IEEE/ACM Transactions on
Networking 16:1, 2008.
IP source spoofing
Hides attacker
Scatters return traffic from
victim
111
19