Lab 6: OS Security for the Internet of Things

Similar documents
Lab 6: OS Security for the Internet of Things

Zephyr Kernel Installation & Setup Manual

Lab 2: Buffer Overflows

Lab 4: Metasploit Framework

ISA 564, Laboratory I: Buffer Overflows

CS155: Computer Security Spring Project #1

EE516: Embedded Software Project 1. Setting Up Environment for Projects

Embedded Linux. A Tour inside ARM's Kernel

CSC 4992 Cyber Security Practice

Formatting 1. Commands starting with $ are Linux console commands on the host PC:

Building Tizen Development Environment

Zephyr on Beetle. Vincenzo Frascino Senior Engineer. OpenIoT, Portland, Oregon 22/02/2017 ARM 2017

Using echo command in shell script

SPPEXA TEACHLET: GETTING STARTED WITH L4RE CARSTEN WEINHOLD

1. Install a Virtual Machine Download Ubuntu Create a New Virtual Machine Seamless Operation between Windows an Linux...

CSC 591 Systems Attacks and Defenses Stack Canaries & ASLR

Stack Overflow. Faculty Workshop on Cyber Security May 23, 2012

CSE 351. Introduction & Course Tools

Introduction. Overview and Getting Started. CS 161 Computer Security Lab 1 Buffer Overflows v.01 Due Date: September 17, 2012 by 11:59pm

Operating Systems Linux 1-2 Measurements Background material

Homework 1 CS 642: Information Security

Race Condition Vulnerability Lab

MAGPIE Installation Guide (version 1.0)

CS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!

WES 237A Project Part 1 Guide

CSC 5991 Cyber Security Prac1ce

Introduction of Linux

CS Programming Languages Fall Homework #2

PathFinder-XD for MIPS Powered Devices. Simulator

Is stack overflow still a problem?

Exercise 1: Basic Tools

Linux Fundamentals & Practice

Introduction to Pintos. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

10/02/2015 PetaLinux Image with Custom Application

Virtualization Device Emulator Testing Technology. Speaker: Qinghao Tang Title 360 Marvel Team Leader

Tutorial on Basic Android Setup

Binary Exploitation Lab

CNIT 127: Exploit Development. Ch 3: Shellcode. Updated

October 11, 2018 DE5-Net OpenCL

[S9I ] gtmsecshr vulnerability Security Advisory Page 1 of 6

Project 1 Setup. Some relevant details are the output of: 1. uname -a 2. cat /etc/*release 3. whereis java 4. java -version 5.

Course Wiki. Today s Topics. Web Resources. Amazon EC2. Linux. Apache PHP. Workflow and Tools. Extensible Networking Platform 1

Due: October 8, 2013: 7.30 PM

Android InsecureBankv2 Usage Guide. InsecureBankv2

CS 361S - Network Security and Privacy Spring Project #2

Android System Development Training 4-day session

The Python Mini-Degree Development Environment Guide

CS155: Computer Security Spring Project #1. Due: Part 1: Thursday, April pm, Part 2: Monday, April pm.

CIS 76 Ethical Hacking Building an open source Pentest Sandbox, carrying out a Remote Code Execution exploit, and Remediating the RCE vulnerability.

ECE 471 Embedded Systems Lecture 22

BUFFER OVERFLOW DEFENSES & COUNTERMEASURES

CDX REPORT TEAM #8 JACOB CHAPMAN SNEHESH THALAPANENI DEVISHA SRIVASTAVA

Lab 2: Buffer Overflows

Android SDK under Linux

Introduction to Linux. Woo-Yeong Jeong Computer Systems Laboratory Sungkyunkwan University

10/02/2015 PetaLinux Linux Image Network Connection

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

Applied Informatics POCO PRO C++ Frameworks

Hackveda Training - Ethical Hacking, Networking & Security

Buffer overflow is still one of the most common vulnerabilities being discovered and exploited in commodity software.

Embedded Linux development made easier. User s manual. Version:

CHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

Dirty COW Attack Lab

OpenStack Havana All-in-One lab on VMware Workstation

Presented By: Gregory M. Kurtzer HPC Systems Architect Lawrence Berkeley National Laboratory CONTAINERS IN HPC WITH SINGULARITY

Project 4: Application Security

CSE 127: Computer Security. Memory Integrity. Kirill Levchenko

Your Own Virtual Playground. CS 1585 :: Doug McGeehan

MV V310 Android 4.0 Compilation

SDK. About the Cisco SDK. Installing the SDK. Procedure. This chapter contains the following sections:

Chapter Summaries and Reading

Assignment 4 Buffer Overflows

Labs instructions for Enabling BeagleBone with TI SDK 5.x

Pengwyn Documentation

VIRTUALBOX UBUNTU EBOOK

Manual Of Virtualbox Additions Ubuntu Server 12.04

CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud

Deby - Reproducible and Maintainable Embedded Linux Environment with Poky

Intermediate Programming, Spring Misha Kazhdan

Jackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

Installation of the DigitalSystemsVM virtual machine

March 29, 2017 DE5a-Net OpenCL

Parallel Programming

Introduction to Linux

CS3210: Operating Systems

Itron Riva Kernel Module Building

Embedded Linux development made easier. User s manual. Version: 3.0

Lab4 Embedded Linux. Introduction

Automatic Creation of a Virtual Network with VBoxManage [1]

TEMPO INSTALLATION I O A. Platform Independent Notes 1. Installing Tempo 3. Installing Tools for the Plugins 5. v0.2.

Developing Android applications in Windows

CSE 451: Operating Systems. Sec$on 2 Interrupts, system calls, and project 1

Tizen TCT User Guide


Building graphic-rich and better performing native applications. Pro. Android C++ with the NDK. Onur Cinar

Module 52 (Smartphone Pentest Framework)

Red Suite 4 Getting Started. Applies to Red Suite 4.22 or greater

Faculty of Computer Science Institute for System Architecture, Operating Systems Group. Complex Lab Operating Systems 2016 Winter Term.

1 Recommended Readings

CSE 127: Computer Security Control Flow Hijacking. Kirill Levchenko

Transcription:

Department of Computer Science: Cyber Security Practice Lab 6: OS Security for the Internet of Things Introduction The Internet of Things (IoT) is an emerging technology that will affect our daily life. It is reported that there would be 100 billion connected IoT devices by 2025, so the impact of IoT on will be impressive and security is an important part. For the purpose of this lab, we will focus on the operating system security for the IoT devices. There are a number of newly developed operating systems for the IoT. For instance, Contiki is an open source operating system for the Internet of Things. Contiki connects tiny low-cost, low-power microcontrollers to the Internet. In May 2015, Google announced Brillo, an operating system for the IoT. Brillo is a solution from Google for building connected devices, and it is developed based on the Android system. Zephyr is another real time operating system that is designed for IoT devices. Zephyr open source project is announced by Linux foundation in February 2016. In this lab, we use Zehpyr as a study example to explore the OS security of IoT devices. Specifically, we will exploit buffer overflow vulnerabilities in an application and understand the security features of Zephyr OS. After you finish the lab assignment, you will be expected to answer following questions: What security features does Zephyr have? Do applications share the same address space with the OS kernel? Does Zephyr have defense mechanisms such as non-executable stack or Address Space Layout Randomization (ASLR)? Do textbook attacks (e.g., buffer overflow or heap spray) work on Zephyr? Software Requirements All required files are packed and configured in the provided virtual machine image. - The VMWare Software http://apps.eng.wayne.edu/mpstudents/dreamspark.aspx - The Ubuntu 14.04 Long Term Support (LTS) Version http://www.ubuntu.com/download/desktop - Zephyr: Real Time OS for IoT A Linux Foundation Collaborative Project https://www.zephyrproject.org/downloads Fengwei Zhang - CSC Course: Cyber Security Practice 1

Starting the Lab 6 Virtual Machine In this lab, we use Ubuntu as our VM image. Select the VM named Lab6. Login the Ubuntu image with username student, and password [TBA in the class]. Below is the screen snapshot after login. Fengwei Zhang - CSC Course: Cyber Security Practice 2

Setting up the Zephyr Development Environment You can find detailed documents from Zephry Project website: https://www.zephyrproject.org/doc Download the Zephyr Source Code The code is hosted at the Linux Foundation with a Gerrit backend that supports anonymous cloning via git. You can just open a terminal and run the following command: $ git clone https://gerrit.zephyrproject.org/r/zephyr zephyr-project The screenshot above shows checking out the Zephyr source code using git command. You can see that the zephyr-project folder is under the home directory. Note that you need to install git if you want to try it on your own machine. Update Your Operating System Before proceeding with the build, ensure your OS is up to date. On our Ubuntu image, execute the following command: $ sudo apt-get update Fengwei Zhang - CSC Course: Cyber Security Practice 3

Installing Requirements and Dependencies If you use your own laptop or desktop to do the lab, you need to install the dependencies by executing the following command. On our Ubuntu image, I have installed them for you. $ sudo apt-get install git make gcc gcc-multilib g++ g++-multilib Setting the Project s Environment Variables $ cd zephyr-project $ source zephyr-env.sh Installing the Zephyr Software Development Kit Zephyr s SDK contains all necessary tools and cross-compilers needed to build the kernel on all supported architectures. Additionally, it includes host tools such as a custom QEMU and a host compiler for building host tools if necessary. The SDK supports the following architectures: IA-32, ARM, and ARC. Next, you need to follow these steps to install the SDK on your Ubuntu Linux VM. Step 1. Download the SDK self-executable script from zephyr website. $ wget URL https://nexus.zephyrproject.org/content/repositories/releases/org/zephyrproject/zephyrsdk/0.8.2-i686/zephyr-sdk-0.8.2-i686-setup.run Fengwei Zhang - CSC Course: Cyber Security Practice 4

Step 2. Run the installation script $ chmod a+x zephyr-sdk-0.8.2-i686-setup.run $ sudo./zephyr-sdk-0.8.2-i686-setup.run The screenshot below shows the executions of step 1 and 2. We can see that the default directory of Zephyr SDK is installed at /opt/zephyr-sdk directory. Since I have installed the SDK in the image before, you will see a message that ask if you want to remove the existing directory /opt/zephyr. Just select yes. Step 3. To use the Zephyr SDK, export the following environment variables and use the target location where SDK was installed. You can just add following lines into the ~/.bashrc file. $ vim ~/.bashrc Fengwei Zhang - CSC Course: Cyber Security Practice 5

Add these two lines into the file export ZEPHYR_GCC_VARIANT=zephyr export ZEPHYR_SDK_INSTALL_DIR=/opt/zephyr-sdk $ source ~/.bashrc The screenshot below shows the step 3. Building and Running an Application with Zephyr You have successfully setup the development environment for Zephyr. This section provides all the steps to build a Zephyr kernel containing your application and run it. We use the Hello World sample application as an example. You can also create your own application and run it. Sample Hello World Application First, let s take a look at what a sample application of Zephyr look like. Go the source directory of the Hello World sample. $ cd ~/zephyr-project/samples/hello_world/src $ vim main.c The screenshot below shows the source code of the Hello World application. Fengwei Zhang - CSC Course: Cyber Security Practice 6

Building a Sample Application To build the Hello World sample application, you can just by executing following commands: $ cd ~/zephyr-project/samples/hello_world/ $ make The above screenshot of make will build the hello_world sample application using the default settings defined in the application s Makefile. You can build for a different platform by defining the variable BOARD with one of the supported platforms, for example: Fengwei Zhang - CSC Course: Cyber Security Practice 7

$ make BOARD=arduino_101 The screenshot below shows the result after executing $ make BOARD=arduino_101 The screenshot below shows the supported board by Zephyr project including Intel Galileo Gen1 and Gen2. For the purpose of this lab, we will test the application on x86 QEMU. You can also type: $ make help This gets a full list of supported boards and other useful commands. The sample projects for the microkernel and the nanokernel are found at ~/zephyrproject/samples with each sample having a microkernel and nanokernel specific build. After building an application successfully, the results can be found in the outdir subdirectory under the application root directory. The ELF binaries generated by the build Fengwei Zhang - CSC Course: Cyber Security Practice 8

system are named by default zephyr.elf. The screenshot below shows listing the files in the outdir directory. Running a Sample Application To perform a rapid testing of the hello world application, we can use QEMU and the x86 emulation board configuration (qemu_x86) by executing the following command: $ cd ~/zephyr-project/samples/hello_world $ make BOARD=qemu_x86 qemu The screenshot above shows the execution of the hello world application using QEMU. We can see the Hello World! is printed out in the terminal. To exit QEMU, we can type Ctrl+a, x. Fengwei Zhang - CSC Course: Cyber Security Practice 9

Exploiting Buffer Overflows in Zephyr Applications First, let us write a Zephyr application that contains a buffer overflow vulnerability. Change the hello world main.c program to the following code as shown in the screenshot. $ gedit main.c From the source code we can see that there is a buffer overflow vulnerability embedded in the overflow() function. Then, we pass a long string to the overflow() function, the string will overwrite the return address on the stack and the program would crash because of the invalid return address. Next, let s compile the application and run it to see what happens. Fengwei Zhang - CSC Course: Cyber Security Practice 10

As mentioned, to build the application, you can just by executing following commands: $ cd ~/zephyr-project/samples/hello_world $ make To run the application using QEMU and the x86 emulation board configuration (qemu_x86) by executing the following command: $ cd ~/zephyr-project/samples/hello_world $ make BOARD=qemu_x86 qemu As we expected, the application crashes due to an invalid return address. Fengwei Zhang - CSC Course: Cyber Security Practice 11

Furthermore, QEMU also crashes and you will see a pop-up window as the screenshot below. We can see that the EIP register has the value 0x7420676e. In order to execute something meaningful after exploiting a buffer overflow vulnerability, we need to control the EIP register. Next, adjust the input string in the main.c to change the EIP register to 0x41414141. Note that 0x41 is the ASCII value of character A. We can just simply edit the main() function as the screenshot below To re-compile the application, you need to re-run the zephyr environment script zephyrevn.sh. $ cd ~/zephyr-project $ source./zephyr-env.sh Then you can re-compile the application and run it. You will see the EIP register will be 0x41414141 as the screenshot below. Fengwei Zhang - CSC Course: Cyber Security Practice 12

To re-compile the application, you need to re-run the zephyr environment script zephyrevn.sh. $ cd ~/zephyr-project $ source./zephyr-env.sh Fengwei Zhang - CSC Course: Cyber Security Practice 13

Application Stack Frame on Zephyr To do more meaningful things such as executing shell code on the stack, we need to understand the application s stack frame. We have done the similar tasks in the Lab 2. As mentioned, for each Zephyr application, the compilation binaries are stored in a directory called outdir. We can just go to that directory and use objdump tool to disassembly the application binary and understand its stack frame. $ cd ~/zephyr-project/samples/hello_world/outdir/qemu_x86/src $ objdump d main.o The screenshot below shows the disassembly result of main.o binary. Fengwei Zhang - CSC Course: Cyber Security Practice 14

Assignments for Lab 6 1. Read the lab instructions above and finish all the tasks. 2. Answer the questions in the Introduction section, and justify your answers. Simple yes or no answer will not get any credits. a. What security features does Zephyr have? b. Do applications share the same address space with the OS kernel? c. Does Zephyr have defense mechanisms such as non-executable stack or Address Space Layout Randomization (ASLR)? d. Do textbook attacks (e.g., buffer overflow or heap spray) work on Zephyr? 3. Change the EIP register to the value 0xdeadbeef, and show me the screenshot of the EIP value when the application crashes. Extra Credit (10pt): Execute shell code on the stack. The shell code could be launching a shell or print a hello string. Happy Hacking! Fengwei Zhang - CSC Course: Cyber Security Practice 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback