e e Prof. Lingyu Wang
|
|
- Timothy Underwood
- 6 years ago
- Views:
Transcription
1 INSE 6130 Operating System Security Logging/Auditing g/ g and Vulnerability/Defense e e Prof. Lingyu Wang 1
2 Outline Logging and Auditing Vulnerability and Defense 2
3 Overview Motivation Normal users - trust, but verify (Доверяй, но проверяй) Attacker track down what has happened Logging Record events or statistics (summary) to logs Example: failed logins, failed su s, last logins, system calls, network traffic, etc. Auditing Analyze log records for meaningful results Example: manual inspection, intrusion detection (IDS), alert correlation, IP trace back, etc. 3
4 Overview (Cont d) Relationship Logging provides inputs to auditing Auditing makes sense out of logs Challenge Logging: Attackers will alter or delete logs of their activities Auditing: Heavily depend on human intervention Good research topic: How to automatically extract useful information from logs 4
5 Logging Example: Windows Three logs for different types of events System event log: system crashes, component failures, etc Application event log: as requested by applications Security event log: logging in and out, system file accesses, etc Log files are binary Use Event Viewer to read Default location: C:\WINNT\system32\config\ (AppEvent.Evt, Evt SecEvent.Evt, Evt SysEvent.Evt) Evt) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog Default size 512K Can set to overwrite events when exceeding a certain size 5
6 Logging Example: Windows (Cont d) 6
7 Logging Example: Windows (Cont d) Performance logs Performance data from local or remote computers In a comma-separated or tab-separated format, a binary log-file format, or SQL database format Because logging g runs as a service, data collection o occurs regardless of whether any user is logged on Three types Counter: e.g., cpu usage, memory, etc. Trace: begin logging only after an event occur, e.g., crash Alert: a message be sent, a program be run, an entry be made to the application event log, etc. 7
8 Auditing Example - Backtracker Question: When break-ins happen, how can we figure out which application was exploited? Backtracker solution: In operating systems, causal dependencies exist between processes and files/file names (e.g., read/write a common file) Use the causal dependency to track from detected event (e.g., using Tripwire) back to exploited applications Based on Sam King and Peter Chen s Slides here 8
9 BackTracker intrusion occurs intrusion detected BackTracker runs, shows source of intrusion Online component logs objects and events - Logging Offline component find entry point and sequences of events leading to the detecting point - Auditing 9
10 What Dependency To Track? Process / Process fork, clone, etc (creating, sharing memory, signaling) Process / File read, write, exec Process / Filename open, creat, link, unlink, mkdir, rmdir, chmod, etc 10
11 Process File Socket Detection point Fork event Read/write event 11
12 Outline Logging and Auditing Vulnerability and Defense 12
13 Top Vulnerabilities - Windows Top Vulnerabilities in Windows Systems Internet Explorer (buffer overflowed by examples) Microsoft Office (buffer overflowed by examples) Windows Libraries, for example:.wmf image causes remote execution (CVE ) Buffer overflow DOS in HTML help (.hhp) (CVE ) Windows Services, for example: Buffer overflow in Server Service (CVE ) Windows Configuration Weaknesses NTLM password hashes 13
14 Top Vulnerabilities - UNIX Top Vulnerabilities in UNIX Systems UNIX Configuration Weaknesses E.g., Brute-force attack on SSH passwords Mac OS X E.g., Safari, when rendering RTF files, can directly access URLs without performing the normal security checks (CVE ) Securing Mac OS X 10.4 Tiger ( com/white-papers/ securing-mac- securing mac os-x-tiger.pdf) Resources for vulnerability CVE, Bugtraq, Nessus plugin DB, NVD, etc. 14
15 Vulnerability Example PHP open_basedir race condition vulnerability Release Date: 2006/10/04 Author: Stefan Esser php.net] Application: PHP 4/5 Risk: Critical The successful exploitation of this vulnerability allows access to files normally not accessible due to the open_basedir restriction E.g., /etc/shadow 15
16 Background PHP open_basedir configuration directive It tells PHP only files within the specified directory trees can be opened by scripts Symbolic links are fully parsed, so no get around (well, let s see) Example If my web space s s root is /www/home/w/wang, then my php scripts cannot visit /etc You cannot even create a symbolic link to /etc using function symlink(), either But 16
17 Create the Link to / Symbolic links are fully parsed So no easy get around Suppose we are in /www/home/w/wang / / / and we want to take a look at / through php scripts <?php mkdir("a/a/a/a"); symlink("a/a/a/a", "dummy"); symlink("dummy/../../../../", mylnk"); unlink("dummy"); symlink(".", "dummy");?> Now mylnk points to / 17
18 Let s Race Run two scripts simultaneously a.php: keeps alternating a symbolic link newlnk between mylnk y and /www/home/w/wang / / / / g in a loop b.php: keeps listing directory newlnk in a loop Sooner or later b.php gives you the content in / 18
19 Race Condition There is a small time span between php checks permissions and it actually opens a file When php check for permission, newlnk points to /www/home/w/wang, which is allowed When php p opens the directory, newlnk points to mylnk, which in turn points to / bphp b.php a.php open_basedir p okay /www/hom / e/w/wang /www/hom e/w/wang / 19
20 Defense - Objectives Detect intrusions Previously known attacks Zero-day attacks In a timely fashion Real-time Present accurate results False positives, false negatives In an easy-to-understand format Alerts versus attack scenarios 20
21 Classification of Intrusion Detection (We are considering Host-Based IDS) Anomaly detection Assumption: attacks vary from normal behaviors Method: statistics, data mining, Machine learning, etc. Advantage: potentially detect zero-day attacks Disadvantage: (theoretically) less accurate Misuse detection ti Assumption: attacks can be identified with a signature Method: state transition, colored Petri net, etc. Advantage: more accurate Disadvantage: can only detect modeled attacks 21
22 Example of Anomaly Detection Sequence of system calls (Forrest 1996) Training Training data: open read write open mmap write fchmod close Sliding window of size 1+3 (1 followed by 3) open read write open open mmap write fchmod read write open mmap write open mmap write write fchmod close mmap write fchmod close fchmod close close This is the normal behavior 22
23 Example of Anomaly Detection Detection open read write open open mmap write fchmod read write open mmap write open mmap write write fchmod close mmap write fchmod close fchmod close close open read read open mmap write fchmod close Differs in 5 places: Second read should be write (1st line) Second read should be write (3rd line) Second open should be write (3rd line) mmap should be open (3rd line) write should be mmap (3rd line) 18 possible places of difference 18=5*3+2+1 Mismatch rate 5/18 28%? A pre-defined threshold 23
24 Difficulty w/ Anomaly Detection Question: Is an 99% accurate IDS any good? Intuitively Answer: maybe? Counter-intuitively Answer: not necessarily! If attack rate is one attack per 1,000,000 calls Which h is reasonable The base rate fallacy says the IDS will generate about 10, false positives for every real attack it detects Why? Which is absolutely not acceptable 24
25 Base Rate Fallacy What does the attack rate mean? In 100,000,000 calls, there are 100 real attacks What does 99% accuracy mean? False positives: (100,000, )*1/100= 1,000,000 False negatives: 100*1/100= 1 100,000, normal and not detected 1,000,000 normal but detected attack but not detected t d 1 99 attack and detected 1,000,000 false positives per 99 detected attacks! false negative false positive 25
26 Example of Misuse Detection t1 %cp p/ /bin/csh/ /usr/spool/mail/root/ / / t2 %chmod4755 /usr/spool/mail/root t3 %touch x t4 %mail root<x t5 %/usr/spool/mail/root t6 $ t1,t2 create a SUID shell /usr/spool/mail/root t3,t4 t4 let mail to change the shell ss owner to be root Then you have an executable root s shell Cool, but how do we create a signature for this attack? 26
27 Colored Petri Net The attack steps are partially ordered t1<t2, t3<t4, t1<t5,? Modeled with a colored Petri net 27
28 Colored Petri Net (Cont d) Will these be detected? t3, t1, t2, t4 t1, t3, t2, t4 t2, t1, t3, t4 t1, t2, t4 28
29 Difficulty of Misuse Detection Zero day exploit Exploit is on the same day or before the vulnerability is publicized It has no signature Other defense methods, for example, Buffer overflow overwrite memory from the buffer to the return address So put a canary word before return address If it s been changed, the function won t return The canary word must be random, why? 29
30 Other OS Defense Methods NX bit No execute bit (last bit of the paging table entry) Can be used to mark stack as non-executable to prevent buffer overflow attacks Pentium tu 4 or later, AMD64 Many OS support this or emulate it via software Linux, Solaris 10, WinXP SP2, Win2003 SP1, etc. Vulnerable to return-to-libc attack No need to return to shell code on stack, but return to existing function 30
31 Other OS Defense Methods Memory randomization Make buffer overflow, including return-to-libc, more difficult Basic idea: Buffer overflow and return-to-libc exploits need to know the address of attack code in the buffer, or address of a standard kernel library routine Same address is used on many machines Slammer infected 75,000 MS-SQL servers using same code So introduce artificial diversity Make stack addresses, addresses of library routines, random Supported by OpenBSD, Windows vista, PaX, Hardened d Gentoo, etc. 31
32 w/o Randomization Stack Frame c o d e b u f Exploit! r e t a dd d r 3 GB 32
33 w/ Randomization Stack Frame c o d e b u f r e t a d d r b u f crash 3 GB 33
34 De-Randomization The amount of randomness is limited PaX only uses 16 bit of random shift Subject to de-randomization attacks Repetitively guess randomized address Spraying injected attack code 34
35 De-Randomization 1 Stack Frame c o d e b u f r e t a d d r Pad crash Step 1 35
36 De-Randomization 2 Stack Frame c o d e b u f r e t a d d r Pad crash Step 2 36
37 De-Randomization 3 Stack Frame r c o d e b u f e t a d d r Pad Exploit! 216 seconds (avg.) to derandomize! Step
38 Spraying Attacks Exploit a buggy application and spray p y attack code in write-able user-level memory areas c o d e b u f Exploit! 38
What a user knows, has, is
Recap Authentication What a user knows, has, is Password authentication Basic model, why hash Online, offline dictionary attack Time-memory tradeoff (dictionary, attack, advantage) Password salting abc
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 14: Software Security Department of Computer Science and Engineering University at Buffalo 1 Software Security Exploiting software vulnerabilities is paramount
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationI run a Linux server, so we re secure
Silent Signal vsza@silentsignal.hu 18 September 2010 Linux from a security viewpoint we re talking about the kernel, not GNU/Linux distributions Linux from a security viewpoint we re talking about the
More informationSoftware Security: Buffer Overflow Attacks
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationUMSSIA INTRUSION DETECTION
UMSSIA INTRUSION DETECTION INTRUSION DETECTION Sensor1 Event1, Event2 Monitor No intrusion M SensorN Event1, Event2 Alarm! IDS CHARACTERISTICS Characteristics an IDS can be classified/evaluated by: Type
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationSoftware Security: Buffer Overflow Defenses
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Defenses Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationBuffer overflow prevention, and other attacks
Buffer prevention, and other attacks Comp Sci 3600 Security Outline 1 2 Two approaches to buffer defense Aim to harden programs to resist attacks in new programs Run time Aim to detect and abort attacks
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationPractical Techniques for Regeneration and Immunization of COTS Applications
Practical Techniques for Regeneration and Immunization of COTS Applications Lixin Li Mark R.Cornwell E.Hultman James E. Just R. Sekar Stony Brook University Global InfoTek, Inc (Research supported by DARPA,
More informationLecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 2 Question 1 Software Vulnerabilities (15 min) For the following code, assume an attacker can control the value of basket passed into eval basket.
More informationECS 153 Discussion Section. April 6, 2015
ECS 153 Discussion Section April 6, 2015 1 What We ll Cover Goal: To discuss buffer overflows in detail Stack- based buffer overflows Smashing the stack : execution from the stack ARC (or return- to- libc)
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.893 Fall 2009 Quiz I Solutions All problems are open-ended questions. In order to receive credit you must
More informationCNIT 127: Exploit Development. Ch 14: Protection Mechanisms. Updated
CNIT 127: Exploit Development Ch 14: Protection Mechanisms Updated 3-25-17 Topics Non-Executable Stack W^X (Either Writable or Executable Memory) Stack Data Protection Canaries Ideal Stack Layout AAAS:
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Intrusion Detection CIT 480: Securing Computer Systems Slide #1 Topics 1. Definitions and Goals 2. Models of Intrusion Detection 3. False Positives 4. Architecture of
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationMcAfee Certified Assessment Specialist Network
McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationDatasäkerhet/Data security EDA625 Lect5
Ch. 6 Unix security Datasäkerhet/Data security EDA625 Lect5 Understand the security features of a typical operating system Users/passwords login procedure user superuser (root) access control (chmod) devices,
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationProgram Security and Vulnerabilities Class 2
Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity
More informationTest Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,
Test Conditions Closed book, closed notes, no calculator, no laptop just brains 75 minutes Steven M. Bellovin October 19, 2005 1 Form 8 questions I m not asking you to write programs or even pseudo-code
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationSoftware Security: Buffer Overflow Attacks (continued)
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Software Errors Buffer Overflow TOCTTOU 2005-15 Portions copyright by Bogdan Carbunar and Wikipedia. Used with permission Why Security Vulnerabilities?
More informationBuffer Overflows. A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers.
Buffer Overflows A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers. By: Brian Roberts What is a buffer overflow? In languages that deal with data structures
More informationTraining for the cyber professionals of tomorrow
Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationLab 6: OS Security for the Internet of Things
Department of Computer Science: Cyber Security Practice Lab 6: OS Security for the Internet of Things Introduction The Internet of Things (IoT) is an emerging technology that will affect our daily life.
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationExam4Free. Free valid exam questions and answers for certification exam prep
Exam4Free http://www.exam4free.com Free valid exam questions and answers for certification exam prep Exam : MA0-150 Title : McAfee Certified Assessment Specialist- UH Vendors : McAfee Version : DEMO Get
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Modified 2-22-14 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate NetWare OS targets
More informationWeb Security. Outline
Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?
More informationThe Evolution of System-call Monitoring
The Evolution of System-call Monitoring Stephanie Forrest Steven Hofmeyr Anil Somayaji December, 2008 Outline of Talk A sense of self for Unix processes (Review) Emphasize method rather than results Evolutionary
More informationHacking Blind BROP. Presented by: Brooke Stinnett. Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh
Hacking Blind BROP Presented by: Brooke Stinnett Article written by: Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazie`res, Dan Boneh Overview Objectives Introduction to BROP ROP recap BROP key phases
More informationCRAXweb: Web Testing and Attacks through QEMU in S2E. Shih-Kun Huang National Chiao Tung University Hsinchu, Taiwan
CRAXweb: Web Testing and Attacks through QEMU in S2E Shih-Kun Huang National Chiao Tung University Hsinchu, Taiwan skhuang@cs.nctu.edu.tw Motivation Symbolic Execution is effective to crash applications
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationShellbased Wargaming
Shellbased Wargaming Abstract Wargaming is a hands-on way to learn about computer security and common programming mistakes. This document is intended for readers new to the subject and who are interested
More informationUnix Groups and Users
CHMOD TUTORIAL AND XOOPS FILE SECURITIES The Xoops Site Security Guide has dealt with securities issues almost exclusively about possible intrusions or threats from outside of your Xoops site or server.
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationLecture 1: Buffer Overflows
CS5431 Computer Security Practicum Spring 2017 January 27, 2017 1 Conficker Lecture 1: Buffer Overflows Instructor: Eleanor Birrell In November 2008, a new piece of malware was observed in the wild. This
More informationOperating Systems. Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) alphapeeler.sf.net/pubkeys/pkey.htm
Operating Systems Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationSpectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick
Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Thomas @orinthomas Jeff Melnick Jeff.Melnick@Netwrix.com In this session Vulnerability types Spectre Meltdown Spectre
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationRobust Shell Code Return Oriented Programming and HeapSpray. Zhiqiang Lin
CS 6V81-05: System Security and Malicious Code Analysis Robust Shell Code Return Oriented Programming and HeapSpray Zhiqiang Lin Department of Computer Science University of Texas at Dallas April 16 th,
More informationSCP SC SC0-471 Strategic Infrastructure Security. Practice Test. Version
SCP SC0-471 SC0-471 Strategic Infrastructure Security Practice Test Version 1.3 QUESTION NO: 1 You wish to increase the security of your Windows 2003 system by modifying TCP/IP in the Registry. To alter
More informationLab 6: OS Security for the Internet of Things
Department of Computer Science: Cyber Security Practice Lab 6: OS Security for the Internet of Things Introduction The Internet of Things (IoT) is an emerging technology that will affect our daily life.
More informationSoftware Security: Buffer Overflow Defenses and Miscellaneous
CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Defenses and Miscellaneous Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationFundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 8 Arbitrary Code Execution: Threats & Countermeasures
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationExam Questions MA0-150
Exam Questions MA0-150 McAfee Certified Assessment Specialist- UH https://www.2passeasy.com/dumps/ma0-150/ 1.An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"
More informationIntroduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013
Introduction to Penetration Testing: Part One Eugene Davis UAH Information Security Club February 21, 2013 Ethical Considerations: Pen Testing Ethics of penetration testing center on integrity (ISC)² Code
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Intruders & Attacks Cyber criminals Activists State-sponsored organizations Advanced Persistent
More informationAuthentication System
A Biologically Inspired Password Authentication System Dipankar Dasgupta and Sudip Saha Center for Information Assurance University of Memphis Memphis, TN 38152 Outline Motivation Position Authentication
More informationCollaborative Intrusion Detection System : A Framework for Accurate and Efficient IDS. Outline
Collaborative Intrusion Detection System : A Framework for Accurate and Efficient IDS Yu-Sung Wu, Bingrui Foo, Yongguo Mei, Saurabh Bagchi Dependable Computing Systems Lab School of Electrical and Computer
More informationDataflow Anomaly Detection
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationLecture 08 Control-flow Hijacking Defenses
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation
More informationSoftware Security II: Memory Errors - Attacks & Defenses
1 Software Security II: Memory Errors - Attacks & Defenses Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab1 Writeup 3 Buffer overflow Out-of-bound memory writes (mostly sequential) Allow
More informationSmashing the Buffer. Miroslav Štampar
Smashing the Buffer Miroslav Štampar (mstampar@zsis.hr) Summary BSidesVienna 2014, Vienna (Austria) November 22nd, 2014 2 Buffer overflow (a.k.a.) Buffer overrun An anomaly where a program, while writing
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationIntrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationA Sense of Self for Unix Processes
A Sense of Self for Unix Processes Stepannie Forrest,Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff Presenter: Ge Ruan Overview This paper presents an intrusion detection algorithm which is learned
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationCS155: Computer Security Spring Project #1. Due: Part 1: Thursday, April pm, Part 2: Monday, April pm.
CS155: Computer Security Spring 2008 Project #1 Due: Part 1: Thursday, April 17-1159 pm, Part 2: Monday, April 21-1159 pm. Goal 1. The goal of this assignment is to gain hands-on experience with the effect
More informationAutomated Signature Generation: Overview and the NoAH Approach. Bernhard Tellenbach
Automated Signature Generation: Overview and the NoAH Approach Structure Motivation: The speed of insecurity Overview Building Blocks and Techniques The NoAH approach 2 The speed of insecurity Source:
More informationSTING: Finding Name Resolution Vulnerabilities in Programs
STING: Finding Name Resolution ulnerabilities in Programs Hayawardh ijayakumar, Joshua Schiffman, Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache has 49%; IIS has 36% (source: http://news.netcraft.com/archives/2008/09/30/
More information6.858 Lecture 4 OKWS. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS.
6.858 Lecture 4 OKWS Administrivia: Lab 1 due this Friday. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS. Privilege separation
More informationUsing a VMware Network Infrastructure to Collect Traffic Traces for Intrusion Detection Evaluation
Using a VMware Network Infrastructure to Collect Traffic Traces for Intrusion Detection Evaluation by Frederic Massicotte, Mathieu Couture and Annie De Montigny Leboeuf http://www.crc.ca/networksystems_security/
More informationHeaps of Heap-based Memory Attacks
Heaps of Heap-based Memory Attacks Kevin Leach kleach2@gmu.edu Center for Secure Information Systems 3 October 2012 K. Leach (CSIS) Heaps of Heap-based Memory Attacks 3 October 2012 1 / 23 Goals During
More informationA Knowledge-based Alert Evaluation and Security Decision Support Framework 1
A Knowledge-based Alert Evaluation and Security Decision Support Framework 1 Jinqiao Yu Department of Mathematics and Computer Science Illinois Wesleyan Univerisity P.O.Box 2900 Bloomington, IL 61701 Ramana
More informationWordpress Security. GIMPA, November
Wordpress Security GIMPA, November 2018 By: @niiankrah What is Wordpress? WordPress is a free and open-source content management system based on PHP and MySQL. It uses a plugin architecture and a template
More informationInternet infrastructure
Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 04/03/2014 1 Topic Vulnerability and patch management (c) A. Mariën 04/03/2014 2 Requirements Security principle: Everything can and will
More informationCyberP3i Hands-on Lab Series
CyberP3i Hands-on Lab Series Lab Series using NETLAB Designer: Dr. Lixin Wang, Associate Professor Hands-On Lab for Application Attacks The NDG Security+ Pod Topology Is Used 1. Introduction In this lab,
More informationHost. Computer system #1. Host Hardening
Host Hardening Series of actions to be taken in order to make it hard for an attacker to successfully attack computers in a network environment (March 28, 2016) Abdou Illia Spring 2016 Host In network
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationCMPS 105 Systems Programming. Prof. Darrell Long E2.371
+ CMPS 105 Systems Programming Prof. Darrell Long E2.371 darrell@ucsc.edu + Chapter 1 + Introduction n Operating systems provide services for programs n Execute a program, open a file, read a file, allocate
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market (Apache has 70%; IIS has 20%) Both major servers have lots
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More information