Wedge: Splitting Applications into Reduced-Privilege Compartments
|
|
- Chastity Evans
- 5 years ago
- Views:
Transcription
1 Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko Mark Handley Brad Karp University College London April 17, 2008
2 Vulnerabilities threaten sensitive data Exploits allow running arbitrary code on servers. An exploited web server can be used to leak sensitive information such as credit card numbers. Have we managed to mitigate or prevent vulnerabilities? Time (years) Source: osvdb.org Vulnerabilities per year
3 Process-based privileges are too coarse-grained Need to keep SSL web server s RSA private key secret. (create) master (process) (read) network worker /etc/rsa key (file)
4 Process-based privileges are too coarse-grained Need to keep SSL web server s RSA private key secret. Apache worker running as root: Can read any file. Can invoke any system call. (create) master (process) (read) network worker /etc/rsa key (file)
5 Process-based privileges are too coarse-grained Need to keep SSL web server s RSA private key secret. Apache worker running as root: Can read any file. Fix: run as nobody. Can invoke any system call. Fix: use systrace, SELinux,... master (create) (process) (read) network worker /etc/rsa key (file)
6 Process-based privileges are too coarse-grained Need to keep SSL web server s RSA private key secret. Apache worker running as root: Can read any file. Fix: run as nobody. Can invoke any system call. Fix: use systrace, SELinux,... Are we done protecting the private key? master (create) (process) (read) network worker /etc/rsa key (file)
7 Process-based privileges are too coarse-grained Need to keep SSL web server s RSA private key secret. Apache worker running as root: Can read any file. Fix: run as nobody. Can invoke any system call. Fix: use systrace, SELinux,... Are we done protecting the private key? (create) master (process) (read) network worker /etc/rsa key (file)
8 Problem: processes grant all code access to all memory Need to keep SSL web server s RSA private key secret. (worker process) network HTTP parser SSL engine (code) private key (memory)
9 Problem: processes grant all code access to all memory Need to keep SSL web server s RSA private key secret. (worker process) network HTTP parser SSL engine (code) (read) private key (memory)
10 Problem: processes grant all code access to all memory Need to keep SSL web server s RSA private key secret. (worker process) network HTTP parser SSL engine (code) (read) private key (memory)
11 Problem: processes grant all code access to all memory Need to keep SSL web server s RSA private key secret. This talk: how to limit access of code to memory at fine granularity. (worker process) network HTTP parser SSL engine (code) (read) private key (memory)
12 Old idea: principle of least privilege Principle of least privilege: Partition code into compartments. Assign each compartment the minimal privileges it needs for its operation. Restrict interface and interactions between compartments. How to implement compartments? Processes?
13 Why are traditional processes not sufficient? Creating compartments with UNIX, e.g., fork: Default grant. Child inherits memory map and file descriptors. Operation of fork private key parent /etc/passwd
14 Why are traditional processes not sufficient? Creating compartments with UNIX, e.g., fork: Default grant. Child inherits memory map and file descriptors. Operation of fork private key parent fork child /etc/passwd
15 Why are traditional processes not sufficient? Creating compartments with UNIX, e.g., fork: Default grant. Child inherits memory map and file descriptors. Operation of fork private key parent fork child /etc/passwd Default-deny: inherit nothing from parent. Closer to least-privilege.
16 But default-deny is difficult to use for legacy code How many permissions do we need to explicitly grant? (worker process) network HTTP parser SSL engine (code) private key (memory)
17 But default-deny is difficult to use for legacy code How many permissions do we need to explicitly grant? Worker Apache s client handler uses over 600 memory objects.
18 Contributions New system calls for default-deny. Creating compartments. Specifying privileges. Tools to make default-deny usable when partitioning legacy code. Identifying the privileges for compartments.
19 Outline 1. Wedge. New system calls for default-deny. Crowbar: tool for partitioning legacy code. 2. Wedge applied to Apache+OpenSSL.
20 sthreads: default-deny compartments private key parent /etc/passwd Like processes, but default-deny. Like threads: can easily share pointers and file descriptors. Programmer must explicitly grant all permissions.
21 sthreads: default-deny compartments private key parent sthread create child (sthread) /etc/passwd Like processes, but default-deny. Like threads: can easily share pointers and file descriptors. Programmer must explicitly grant all permissions.
22 Virtual memory { char *key, *buffer; char *config; key = malloc(16); buffer = malloc(80); page n page n+1 parser } config = malloc(128);
23 Tagged memory { tag = tag_new(); key = malloc(16); buffer = smalloc(80,tag); page n page n+1 parser } config = smalloc(128,tag);
24 How can sthreads use sensitive data? Callgates. Problem: unprivileged code cannot access sensitive data directly but must still use it. private key parser Callgates: an entry-point with predefined privileges. Callgates are created and invoked at a later time. At creation, a subset of creator s privileges is given to callgate. At invocation, code is run with creation privileges.
25 How can sthreads use sensitive data? Callgates. Problem: unprivileged code cannot access sensitive data directly but must still use it. session key private key parser Callgates: an entry-point with predefined privileges. Callgates are created and invoked at a later time. At creation, a subset of creator s privileges is given to callgate. At invocation, code is run with creation privileges.
26 How can sthreads use sensitive data? Callgates. Problem: unprivileged code cannot access sensitive data directly but must still use it. session key private key client handler invoke setup session key Callgates: an entry-point with predefined privileges. Callgates are created and invoked at a later time. At creation, a subset of creator s privileges is given to callgate. At invocation, code is run with creation privileges.
27 How can sthreads use sensitive data? Callgates. Problem: unprivileged code cannot access sensitive data directly but must still use it. session key private key client handler invoke setup session key Callgates: an entry-point with predefined privileges. Callgates are created and invoked at a later time. At creation, a subset of creator s privileges is given to callgate. At invocation, code is run with creation privileges.
28 Summary: Wedge applied to Apache session key private key client handler setup session key Sthreads: default-deny compartments low privilege. Callgates: privilege elevation high privilege. Tagged memory: naming memory for privilege specification.
29 Ad-hoc code study? Worker Apache s client handler needs access to 222 heap objects and 389 globals. Need to read 72 source files (for heap only). 1. Which code is executed? 2. What objects do pointers point to? 3. Where were objects allocated?
30 Static analysis of memory accesses? Static analysis for C code does not have runtime context (e.g., format string for printf). Consequences: May fail. e.g., function pointers. If conservative, may give superset of privileges actually needed. e.g., may follow code paths corresponding to exploits!
31 Crowbar: runtime analysis of memory accesses Dynamic analysis yields least privilege: GET URL POST data private key parser Server uses minimal privileges to execute an innocuous request. 1. Use runtime instrumentation to produce memory trace. 2. Train using benign requests. Need to ensure high trace coverage, e.g., with test suite.
32 Crowbar: runtime analysis of memory accesses Dynamic analysis yields least privilege: GET URL POST data private key parser Server uses minimal privileges to execute an innocuous request. 1. Use runtime instrumentation to produce memory trace. 2. Train using benign requests. Need to ensure high trace coverage, e.g., with test suite.
33 Crowbar: runtime analysis of memory accesses Dynamic analysis yields least privilege: GET URL POST data private key parser Server uses minimal privileges to execute an innocuous request. 1. Use runtime instrumentation to produce memory trace. 2. Train using benign requests. Need to ensure high trace coverage, e.g., with test suite.
34 Outline 1. Wedge. New system calls for default-deny. Crowbar: tool for partitioning legacy code. 2. Wedge applied to Apache+OpenSSL.
35 Protecting keys and sensitive user data Goal: protect sensitive data (e.g., credit card). session key private key client handler setup session key Have we protected sensitive data? Are we done?
36 Protecting keys and sensitive user data Goal: protect sensitive data (e.g., credit card). session key private key client handler setup session key Have we protected sensitive data? Are we done? Threat models, with increasing complexity: 1. Passive eavesdropping and server exploit. 2. Active man-in-the-middle and server exploit.
37 Attacker can generate arbitrary session key Session key components exchanged during SSL handshake client client random server server random encrypted pre-master secret
38 Attacker can generate arbitrary session key Session key components exchanged during SSL handshake client client random server server random encrypted pre-master secret private key client handler setup session key
39 Attacker can generate arbitrary session key Session key components exchanged during SSL handshake client client random server server random encrypted pre-master secret private key client handler client random server random setup session key encrypted pre-master secret
40 Attacker can generate arbitrary session key Session key components exchanged during SSL handshake client client random server server random encrypted pre-master secret session key private key client handler client random server random setup session key encrypted pre-master secret
41 Attacker can generate arbitrary session key Session key components exchanged during SSL handshake client client random server server random encrypted pre-master secret session key client handler HACKED private key client random server random setup session key encrypted pre-master secret
42 Attacker can generate arbitrary session key Session key components exchanged during SSL handshake client client random server server random encrypted pre-master secret random session key private key client handler client random setup session key encrypted pre-master secret
43 Preventing arbitrary session key leak session key private key client handler setup session key
44 Preventing arbitrary session key leak session key private key client handler setup session key server random Attacker exploiting client handler: Has no control over server random and session key generation. Cannot generate session key of eavesdropped sessions. Can only obtain a new, personal session key.
45 Vulnerable to man-in-the-middle Disclosing session key causes a security breach with man-in-the-middle (MITM) attacks: client MITM server
46 Vulnerable to man-in-the-middle Disclosing session key causes a security breach with man-in-the-middle (MITM) attacks: client MITM server client random server random pre-master secret
47 Vulnerable to man-in-the-middle Disclosing session key causes a security breach with man-in-the-middle (MITM) attacks: client MITM server client random server random pre-master secret exploit session key
48 Vulnerable to man-in-the-middle Disclosing session key causes a security breach with man-in-the-middle (MITM) attacks: client MITM server client random server random pre-master secret exploit End of handshake Encryption starts session key
49 Vulnerable to man-in-the-middle Disclosing session key causes a security breach with man-in-the-middle (MITM) attacks: client MITM server client random server random pre-master secret exploit End of handshake Encryption starts POST cardnum session key
50 Vulnerable to man-in-the-middle Disclosing session key causes a security breach with man-in-the-middle (MITM) attacks: client MITM server client random server random pre-master secret exploit End of handshake Encryption starts POST cardnum session key
51 Man-in-the-middle defense overview Can we protect against a MITM that has also exploited the server? master SSL handshake (clear-text) network Strategy: 1. Prevent session key disclosure during handshake.
52 Man-in-the-middle defense overview Can we protect against a MITM that has also exploited the server? master SSL handshake client handler (clear-text) network (MACed channel) Strategy: 1. Prevent session key disclosure during handshake. 2. MITM cannot exploit client handler without session key: packets with invalid MAC will be dropped.
53 Implementation Sthreads: Linux v line diff, 1485 line module. Userland library: 1154 lines. Crowbar: Binary instrumentation tool (using Pin): 2391 lines. Post processor: 959 lines. Applications we partitioned using Wedge: Apache+OpenSSL. OpenSSH (prior to privilege separation).
54 Wedge reduces size of privileged code Have we reduced the size of the privileged code?
55 Wedge reduces size of privileged code Have we reduced the size of the privileged code? Line counts in Wedge s Apache+SSL Component Line count Percentage Apache+OpenSSL total 252, % Default config after accept 60,844 Callgates total (privileged) 15,769 6% Lines changed when partitioning: 1,700 (0.7%).
56 Crowbar performs acceptably for developers Crowbar is used by developers for partitioning. It is not an overhead seen during production run-time. Does Crowbar perform acceptably for developers? A trace for Apache was obtained in 15s. Traces for SPEC applications: 82s on average. Anecdotally, one trace was enough for our Apache (and OpenSSH) partitioning.
57 Enhanced privacy at acceptable cost Throughput of many clients retrieving small static page: No sessions cached Requests/s x Vanilla 0.53x Wedge
58 Enhanced privacy at acceptable cost Throughput of many clients retrieving small static page: No sessions cached All sessions cached Requests/s x Vanilla 0.53x Wedge Requests/s x Vanilla 0.22x Wedge Vanilla reuses workers we create new sthreads. We create many compartments & callgates per session.
59 Related work We build on privilege separation: OpenSSH, OKWS, Privtrans Wedge allows finer-grained partitioning, and with default-deny, encourages tighter privileges for each compartment. DIFC: JIF, Asbestos, HiStar, Flume, DStar Crowbar is complementary: could help partitioning legacy code in DIFC systems. Wedge does not allow unprivileged code to compute over sensitive data.
60 Conclusion Wedge: Generalizes privilege separation and provides primitives for fine-grained default-deny partitioning of applications. Crowbar: tool to aid in partitioning legacy code. Wedge enables fine-grained partitioning of legacy code: Programmers can defend applications against stronger adversaries and more complex threat models than those addressed to date.
Wedge: Splitting Applications into Reduced-Privilege Compartments
Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko Mark Handley Brad Karp University College London Abstract Software vulnerabilities and bugs persist, and so
More informationInformation Flow Control For Standard OS Abstractions
Information Flow Control For Standard OS Abstractions Maxwell Krohn, Alex Yip, Micah Brodsky, Natan Cliffer, Frans Kaashoek, Eddie Kohler, Robert Morris MIT SOSP 2007 Presenter: Lei Xia Mar. 2 2009 Outline
More informationLeast-Privilege Isolation: The OKWS Web Server
Least-Privilege Isolation: The OKWS Web Server Brad Karp UCL Computer Science CS GZ03 / M030 14 th December 2015 Can We Prevent All Exploits? Many varieties of exploits Stack smashing, format strings,
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationtcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
tcpcrypt: real transport-level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt the vast majority of TCP traffic? Performance
More informationCMPSC 497 Attack Surface
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Attack Surface
More informationPrivilege Separation
What (ideas of Provos, Friedl, Honeyman) A generic approach to limit the scope of programming bugs Basic principle: reduce the amount of code that runs with special privilege without affecting or limiting
More informationSecuring Software Applications Using Dynamic Dataflow Analysis. OWASP June 16, The OWASP Foundation
Securing Software Applications Using Dynamic Dataflow Analysis Steve Cook OWASP June 16, 2010 0 Southwest Research Institute scook@swri.org (210) 522-6322 Copyright The OWASP Foundation Permission is granted
More informationProcesses. CS 416: Operating Systems Design, Spring 2011 Department of Computer Science Rutgers University
Processes Design, Spring 2011 Department of Computer Science Von Neuman Model Both text (program) and data reside in memory Execution cycle Fetch instruction Decode instruction Execute instruction CPU
More informationShreds: S H R E. Fine-grained Execution Units with Private Memory. Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu D S
Shreds: S H R E D S Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu RiS3 Lab / Computer Science / Stony Brook University 1 Execution Units
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationBetween Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications
Between Mutual Trust and Mutual Distrust: Practical Fine-grained Privilege Separation in Multithreaded Applications Jun Wang, The Pennsylvania State University; Xi Xiong, Facebook Inc. and The Pennsylvania
More informationTopics : Analysis of Software Systems. Side channel analysis. Remote Timing Attacks are Practical
Topics 7-654: Analysis of Software Systems Spring 2005 4/2/2005 Timing attack Algorithms leak information Nice example of practice trumping theoretical security Hardening algorithms: randomization Privilege
More informationThe case for ubiquitous transport level encryption. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt all the traffic on the Internet,
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationAsbestos Operating System
Asbestos Operating System Presented by Sherley Codio and Tom Dehart This Talk Recap on Information Flow Asbestos Overview Labels Special Rules Discretionary Contamination Declassification/Decontamination
More informationThe case for ubiquitous transport-level encryption
1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt
More informationUniform Resource Locators (URL)
The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web
More informationEvaluation Criteria for Web Application Firewalls
Evaluation Criteria for Web Application Firewalls Ivan Ristić VP Security Research Breach Security 1/31 Introduction Breach Security Global headquarters in Carlsbad, California Web application security
More informationInline Reference Monitoring Techniques
Inline Reference Monitoring Techniques In the last lecture, we started talking about Inline Reference Monitors. The idea is that the policy enforcement code runs with the same address space as the code
More informationExplicit Information Flow in the HiStar OS. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières
Explicit Information Flow in the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazières Too much trusted software Untrustworthy code a huge problem Users willingly run malicious
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationPractical Techniques to Obviate Setuid-to-Root Binaries
Operating Systems, Security, Concurrency and Architecture Research Practical Techniques to Obviate Setuid-to-Root Binaries Bhushan Jain, Chia-Che Tsai, Jitin John, Donald Porter OSCAR Lab Computer Science
More informationSPIN Operating System
SPIN Operating System Motivation: general purpose, UNIX-based operating systems can perform poorly when the applications have resource usage patterns poorly handled by kernel code Why? Current crop of
More informationHardware Acceleration for Tagging
Parallel Hardware Parallel Applications IT industry (Silicon Valley) Parallel Software Users Hardware Acceleration for Tagging Sarah Bird, David McGrogan, John Kubiatowicz, Krste Asanovic June 5, 2008
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.1: OS Security Basics of secure design Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Dan Boneh (Stanford)
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationHost Website from Home Anonymously
Abstract Host Website from Home Anonymously Prerna Mahajan 1 and Kashish Gupta 2 1 Professor, Department of Computer Science, IITM Janakpuri, New Delhi, India 2 Research Scholar, Department of Computer
More informationOpal. Robert Grimm New York University
Opal Robert Grimm New York University The Three Questions What is the problem? What is new or different? What are the contributions and limitations? The Three Questions What is the problem? Applications
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationHaving learned basics of computer security and data security, in this section, you will learn how to develop secure systems.
Having learned basics of computer security and data security, in this section, you will learn how to develop secure systems. In particular, we will learn threat modeling process during secure system design.
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationDistributed Systems Operation System Support
Hajussüsteemid MTAT.08.009 Distributed Systems Operation System Support slides are adopted from: lecture: Operating System(OS) support (years 2016, 2017) book: Distributed Systems: Concepts and Design,
More informationHunting Security Bugs
Microsoft Hunting Security Bugs * Tom Gallagher Bryan Jeffries Lawrence Landauer Contents at a Glance 1 General Approach to Security Testing 1 2 Using Threat Models for Security Testing 11 3 Finding Entry
More informationSysSec. Aurélien Francillon
SysSec Aurélien Francillon francill@eurecom.fr https://www.krackattacks.com/ https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-ofhigh-security-keys-750k-estonian-ids/
More informationtypedef void (*type_fp)(void); int a(char *s) { type_fp hf = (type_fp)(&happy_function); char buf[16]; strncpy(buf, s, 18); (*hf)(); return 0; }
Dawn Song Fall 2012 CS 161 Computer Security Practice Questions 1. (6 points) Control Hijacking Indicate whether the statement is always valid. Indicate true or false, and give a one sentence explanation.
More informationMidterm Exam CPS 210: Operating Systems Spring 2013
Your name: Sign for your honor: Midterm Exam CPS 210: Operating Systems Spring 2013 The last page of this exam is a list of terms used in this class, and whose meanings you should know. You may detach
More informationPROCESS MANAGEMENT. Operating Systems 2015 Spring by Euiseong Seo
PROCESS MANAGEMENT Operating Systems 2015 Spring by Euiseong Seo Today s Topics Process Concept Process Scheduling Operations on Processes Interprocess Communication Examples of IPC Systems Communication
More informationModule: Return-oriented Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Return-oriented Programming Professor Trent Jaeger 1 1 Anatomy of Control-Flow Exploits Two steps in control-flow exploitation First -- attacker
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationSecurity Enhanced Linux
Security Enhanced Linux Security Group Meeting 29 November 2002 Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/ Computer Laboratory, University of Cambridge Copyright c Steven. J. Murdoch p.1 Summary
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More information(the bubble footer is automatically inserted into this space)
CS 3501: ICS Exam 2, fall 2018 Page 1 of 6 UVa userid: CS 3501: ICS Exam 2, fall 2018 Name You MUST write your e-mail ID on EACH page and bubble in your userid at the bottom of this first page. And put
More information6.858 Lecture 4 OKWS. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS.
6.858 Lecture 4 OKWS Administrivia: Lab 1 due this Friday. Today's lecture: How to build a secure web server on Unix. The design of our lab web server, zookws, is inspired by OKWS. Privilege separation
More informationCSCE 548 Building Secure Software Dirty COW Race Condition Attack
CSCE 548 Building Secure Software Dirty COW Race Condition Attack Professor Lisa Luo Spring 2018 Outline Dirty COW vulnerability Memory Mapping using mmap() Map_shared, Map_Private Mapping Read-Only Files
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationHomework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08
Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08 For your solutions you should submit a hard copy; either hand written pages stapled together or a print out of a typeset document
More informationJump Over ASLR: Attacking Branch Predictors to Bypass ASLR
Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR Presentation by Eric Newberry and Youssef Tobah Paper by Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh 1 Motivation Buffer overflow
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationPROCESSES. Jo, Heeseung
PROCESSES Jo, Heeseung TODAY'S TOPICS What is the process? How to implement processes? Inter-Process Communication (IPC) 2 WHAT IS THE PROCESS? Program? vs. Process? vs. Processor? 3 PROCESS CONCEPT (1)
More informationProcesses. Jo, Heeseung
Processes Jo, Heeseung Today's Topics What is the process? How to implement processes? Inter-Process Communication (IPC) 2 What Is The Process? Program? vs. Process? vs. Processor? 3 Process Concept (1)
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationCMPSC 497 Buffer Overflow Vulnerabilities
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Buffer Overflow
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationFrequently Asked Questions WPA2 Vulnerability (KRACK)
Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key
More informationSecure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationComputer Systems II. First Two Major Computer System Evolution Steps
Computer Systems II Introduction to Processes 1 First Two Major Computer System Evolution Steps Led to the idea of multiprogramming (multiple concurrent processes) 2 1 At First (1945 1955) In the beginning,
More informationLast mile authentication problem
Last mile authentication problem Exploiting the missing link in end-to-end secure communication DEF CON 26 Our team Sid Rao Doctoral Candidate Aalto University Finland Thanh Bui Doctoral Candidate Aalto
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationShuffler: Fast and Deployable Continuous Code Re-Randomization
Shuffler: Fast and Deployable Continuous Code Re-Randomization David Williams-King, Graham Gobieski, Kent Williams-King, James P. Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P. Kemerlis,
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationCS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES
CS140 Operating Systems Final December 12, 2007 OPEN BOOK, OPEN NOTES Your name: SUNet ID: In accordance with both the letter and the spirit of the Stanford Honor Code, I did not cheat on this exam. Furthermore,
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationThe Functionality-based Application Confinement Model
International Journal of Information Security manuscript No. (will be inserted by the editor) The Functionality-based Confinement Model Z. Cliffe Schreuders Christian Payne Tanya McGill Received: date
More informationMicro-Architectural Attacks and Countermeasures
Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationSecure Hierarchy-Aware Cache Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks
: Defending Against Cache-Based Side Channel Attacks Mengjia Yan, Bhargava Gopireddy, Thomas Shull, Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu Presented by Mengjia
More informationEndpoint Security - what-if analysis 1
Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File
More informationThe security mechanisms of Java
The security mechanisms of Java Carlo U. Nicola, SGI FHNW With extracts from publications of : Sun developers' center documentation; David A. Wheeler, UC Berkeley; Klaus Ostermann, TH-Darmstadt. Topics
More informationLinux Operating System
Linux Operating System Dept. of Computer Science & Engineering 1 History Linux is a modern, free operating system based on UNIX standards. First developed as a small but self-contained kernel in 1991 by
More informationUnderstanding Cisco Cybersecurity Fundamentals
210-250 Understanding Cisco Cybersecurity Fundamentals NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 210-250 Exam on Understanding Cisco
More informationGlossary. The target of keyboard input in a
Glossary absolute search A search that begins at the root directory of the file system hierarchy and always descends the hierarchy. See also relative search. access modes A set of file permissions that
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationCOP 4610: Introduction to Operating Systems (Spring 2014) Chapter 3: Process. Zhi Wang Florida State University
COP 4610: Introduction to Operating Systems (Spring 2014) Chapter 3: Process Zhi Wang Florida State University Contents Process concept Process scheduling Operations on processes Inter-process communication
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationProgress Report Toward a Thread-Parallel Geant4
Progress Report Toward a Thread-Parallel Geant4 Gene Cooperman and Xin Dong High Performance Computing Lab College of Computer and Information Science Northeastern University Boston, Massachusetts 02115
More informationMultifactor authentication:
Multifactor authentication: Authenticating people can be based on 2 factors: Something the user KNOWS : e.g. a password or PIN Something the user HAS: e.g. An ATM card, smartcard or hardware token, or
More informationThe Final Nail in WEP s Coffin
1/19 The Final Nail in WEP s Coffin Andrea Bittau 1 Mark Handley 1 Joshua Lackey 2 May 24, 2006 1 University College London. 2 Microsoft. Wired Equivalent Privacy 2/19 WEP is the 802.11 standard for encryption.
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationUser Manual. Admin Report Kit for IIS 7 (ARKIIS)
User Manual Admin Report Kit for IIS 7 (ARKIIS) Table of Contents 1 Admin Report Kit for IIS 7... 1 1.1 About ARKIIS... 1 1.2 Who can Use ARKIIS?... 1 1.3 System requirements... 2 1.4 Technical Support...
More informationThe Most Dangerous Code in the Browser. Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Modern web experience Modern web experience Modern web experience Web apps Extensions NYTimes Chase AdBlock
More informationCS 3733 Operating Systems
What will be covered in MidtermI? CS 3733 Operating Systems Instructor: Dr. Tongping Liu Department Computer Science The University of Texas at San Antonio Basics of C programming language Processes, program
More informationOperating Systems Design Exam 3 Review: Spring Paul Krzyzanowski
Operating Systems Design Exam 3 Review: Spring 2012 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 An Ethernet device driver implements the: (a) Data Link layer. (b) Network layer. (c) Transport layer.
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More information