Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University
Dive into the essential topics of software security, network security, OS security, and cryptography in the course offered by Vyas Sekar at Carnegie Mellon University. Explore control flow hijacks, cryptography terminology, and the importance of network security in protecting data transmissions. Learn about the challenges and potential fixes in routing security protocols like BGP, emphasizing the need for robust security measures in today's digital landscape.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
18487 Course Review Vyas Sekar Carnegie Mellon University
This Class: Introduction to the Four Research Cornerstones of Security Software Security Network Security OS Security Cryptography 2
Control Flow Hijacks shellcode (aka payload) computation + control padding &buf Allow attacker ability to run arbitrary code Install malware Steal secrets Send spam 4
Goals Understand and believe you should never, ever invent your own algorithm Basic construction Basic pitfalls 10
What is Network Security? Public Channel Alice Bob The Network, typically runs IP protocol 1. Providing a reliable channel If the network protocols have flaws, crypto may not save you 12
E.g., Unauthorized origin ISP (prefix theft) Destination Route Destination Route Google M Google G B G B C M M s route to G is better than B s 13
Takeaways on routing security BGP was built on the assumption of cooperation Assumption does not apply anymore Many routing misconfigurations, bugs, and even attacks (several per day) Proposed fixes are many, but all have some limitations TTL hacks, MD5 signatures S-BGP Relies on a PKI Potentially significant overhead Very hard to retrofit security in an existing model! 14
What is Network Security? Public Channel Alice Bob The Network, typically runs IP protocol 2. Providing an available channel Can Alice talk to Bob? Can Eve deny service to Alice/Bob? 15
DoS: General definition DoS is not access or theft of information or services Instead, goal is to stop the service from operating Deny service to legitimate users Why? Economic, political, personal etc .. 16
Why is DDoS a hard problem Simple form of attack No complex technique, just send a lot of traffic Toolkits readily available Prey on the Internet s strengths Simplicity of processing in routers Total reachability Attack machines readily available Easy to find 10,000 s vulnerable machines of the Internet Attack can look like normal traffic E.g., HTTP requests Lack of Internet enforcement tools No traceability Lack of cooperation between targets ISPs are competitive, and cooperation only at human timescales Effective solutions hard to deploy We can t change the core of the Internet easily 17
TCP SYN Flood I: low rate (DoS bug) C S Single machine: SYN Packets with random source IP addresses SYNC1 SYNC2 Fills up backlog queue on server SYNC3 SYNC4 No further connections possible SYNC5 18
Backscatter analysis Internet telescope/backscatter measurement (example: SYN flood) Network telescope , e.g., empty /8 network SYN, from IP = A Attacker SYN-ACK, to IP = A By monitoring unused portion of address space, possibility to see evidence of backscatter and infer type/number of DDoS attacks Does this work with botnet-based attacks? 19
DDoS Defense Taxonomy Location Host vs network vs protocol Response timescale Preventive vs Reactive Response action E.g., filter, rate limit, multiply, bug fix/patch 20
What is Network Security? Public Channel Alice Bob The Network, typically runs IP protocol 3. Providing an enforcement for observing/mediating access Stop Eve s malware from reaching Bob in the first place Observe aggregated view of malicious intents 21
Taxonomy Approach: Policy vs Anomaly Location: Network vs. Host Action: Detect vs. Prevent Semantics: IP vs TCP vs App Type Host, Rule, IDS Host, Rule, IPS Net, Rule, IDS Net, Rule, IPS Host, Anomaly, IDS Net, Anomaly, IDS Net, Anomaly, IPS Example Tripwire Personal Firewall Snort Network firewall System call monitoring Working set of connections 22
Think of the Bayesian detection rate as the set of intrusions raising an alert normalized by the set of allalerts. (vs. detection rate which normalizes on intrusions.) I A Defn: Bayesian Detection rate Crux of IDS usefulness ! 23
Key things to remembers for firewall/IDS Firewalls 3 types: Packet filtering, Stateful, and Application Placement and DMZ IDS Anomaly vs. policy-based detection How can we exploit for evasion? E.g., fragmentation, TCP session reassembly, TTL How can we attack the defense infrastructure? E.g., overload, algorithmic complexity Detection theory Base rate fallacy 24
Injection flaws occur when an application sends untrusted data to an interpreter. --- OWASP Like Buffer Overflow and Format String Vulnerabilities, A result of from the possibility of interpreting data as code https://www.owasp.org/index.php/Top_10_2010-A4-Insecure_Direct_Object_References 26
Cross site scripting (XSS) is the ability to get a website to display user-supplied content laced with malicious HTML/JavaScript 27
Cross Site Request Forgery (CSRF) A CSRF attack causes the end user browser to execute unwanted actions on a web application in which it is currently authenticated. 28
Clickjacking Clickjacking occurs when a malicious site tricks the user into clicking on some element on the page unintentionally. Click for a FREE iPad! Slides modeled after presentation by Lin-Shung Huang at USENIX 2012. Paper: Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter, and Collin Jackson. 2012. Clickjacking: attacks and defenses. In Proceedings of the 21st USENIX conference on Security symposium (Security'12). USENIX Association, Berkeley, CA, USA, 22-22. 29
Key takeaways for web security Different attack models Understand the differnet classes of attacks Injection XSS CSRF Clickjacking etc Proposed defenses E.g., sanitization, secure tokens etc 30
Designing Secure Systems Vyas Sekar Carnegie Mellon University
Protection Mechanism Control Transfer of Information Among Users of the Utility 32
Abstract Access Control Model Audit Requested Operation Approved Operation Reference Monitor Guard Principal Object Source Resource Authentication Authorization 33
Design Principles Economy of mechanism a.k.a KISS /Low TCB Fail-safe defaults Complete mediation Separation of privilege Least privilege Factor in users/acceptance/psychology Work factor/economics Detect if you cant prevent Don t rely on security by obscurity 34
Key takeaways for system security Know Lampson s gold standard Authentication Authorization Audit Know types of authorization mechanisms Understand concept of TCB Internalize design principles for secure systems 35
Key takeaways for mobile security How is mobile security different? Ecosystem, hardware, software? How do popular systems work? iOS vs Android What new threats arise? Poor use of crypto, PII leakage Techniques to detect misuse E.g., control and call graphs 36
Exam 3 37
Exam 3 Mechanics Same format as exams 1 and 2. In class, closed note, closed book, closed computer BRING A CALCULATOR (no cell phones, PDA s, computers, etc.) Think of this as a hint. Topics: Anything from class 38
The Most Important Things Anything is fair game, but the below are things you absolutely must know Base Rate Fallacy Web attacks Authenticated encryption Stack diagrams/buffer overflow/etc. Questions from exam 1 and exam 2 (study what you missed) 39
Questions? 40
