New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Information Security

by: Nick Rowe

Information Security CS 52600

Nick Rowe
GPA 3.68

Ninghui Li

Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Ninghui Li
Class Notes
25 ?




Popular in Course

Popular in ComputerScienence

This 49 page Class Notes was uploaded by Nick Rowe on Saturday September 19, 2015. The Class Notes belongs to CS 52600 at Purdue University taught by Ninghui Li in Fall. Since its upload, it has received 42 views. For similar materials see /class/208071/cs-52600-purdue-university in ComputerScienence at Purdue University.

Similar to CS 52600 at Purdue

Popular in ComputerScienence


Reviews for Information Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 09/19/15
Information Security CS 526 Lecture 19 Dealing With MaliciousBuggy Software C3526 Fall 2008Lecture 19 How does a computer get infected with malware or being intruded Executes malicious code email attachment download and execute trojan horses use infected floppythumb dnve Runs buggy daemon programs that receive traffic from the network eg ftpd httpd Runs buggy client programs eg web browser mail client that receive input data from network Read malicious files with buggy file reader program Configuration errors eg weak passwords guest accounts DEBUG options incorrect access control settings etc 08526 Fall 2008Lecture 19 Defense Strategies Remove bugs from software Make bugs not exploitable reactive many mechanisms none perfect Make system withstand exploitable buggy software and malicious software 08526 Fall 2008Lecture 19 Why Software Has So Many Bugs Software is complicated and created by human Each software is created once Software is exploitable in the cyber world Market failure for secure software Market failure a scenario in which individuals39 pursuit of selfinterest leads to bad results for society as a whole Vendor has no incentives to produce higher quality software Users cannot just vote for security with their money 08526 Fall 2008Lecture 19 Don t worry be crappy It39s okay to ship crap An innovator doesn39t worry about shipping an innovative product with elements of crappiness if it39s truly innovative The first permutation of a innovation is seldom perfectMacintosh for example didn39t have software thanks to me a hard disk it wouldn39t matter with no software anyway slots and color If a company waitsfor example the engineers convince management to add more featuresunti everything is perfect it will never ship and the market will pass it by 08526 Fall 2008Lecture 19 5 Why Vendors Lack Incentive to Produce More Secure Software Cash flows when product starts shipping Market dominance is key to success being first often means becoming de facto standard No liability means no need to worry about correctness and thorough testing Bugs can be patched with little cost No expensive recall Thorough testing is inefficient Let the users test it and fix only the bugs that affect users 08526 Fall 2008Lecture 19 The Pcrvcrsity of Patching Even if thoroughly testing software were possible venders ultimately have a perverse incentive not to make better software Releasing a patch costs little Buggy software can force users to upgrade Achieving market dominance means competing with previous versions Stop releasing patches for old versions can force users to upgrade Patching provide an opportunity of offering new licensing terms 08526 Fall 2008Lecture 19 Defense Remove bugs from software Make bugs not exploitable reactive many mechanisms none perfect Make system withstand exploitable buggy software and malicious software 08526 Fall 2008Lecture 19 What are some issues With UNIX access control Designed for local users sharing the same machine not with network attack and buggy software in mind Assumes benign and correct software Coarse granularity access control is by user id however the user may be executing many different programs some cannot be trusted they run with the same privilege but they shouldn t All powerful root 08526 Fall 2008Lecture 19 9 DAC S Weakness Existing DAC enforcement assumes a single principal is responsible for any request euid Thus unable to tell the true origins of a request If A executes a program written by B euid A assuming the program is benign not a Trojan If A executes a program which reads input controlled by B euid A assuming the program is correct cannot be exploited 08526 Fall 2008Lecture 19 Solutions Virtualization to achieve confinement compromising one process doesn t affect others three kinds of Virtualization technologies exist Breaking up the power of root Finergrained process access control based on Mandatory Access Control aiming at better achieving least privilege a program does only what it is supposed to do but not others Fix the singleprincipal enforcement CS526 Fall 2008Lecture 19 11 Virtualization Technologies 1 Operating system level virtualization runs a single kernel virtualizes servers on one operating system eg chroot FreeBSD jail used by service providers who want to provide low cost hosting services to customers Pros best performance easy to set upadminister Cons all servers are same 08 some confinement can be broken CS526 Fall 2008Lecture 19 12 chroot The chroot system call changes the root directory of the current and all child processes to the given path and this is nearly always some restricted subdirectory below the real root of the filesystem chroot exists in almost all versions of UNIX creates a temporary root directory for a running process takes a limited hierarchy of a filesystem say chrootnamed and making this the top of the directory tree as seen by the application A network daemon program can call chroot itself or a script can call chroot and then start the daemon CS526 Fall 2008Lecture 19 13 Using chroot What are the security benefits under the new root many system utilities and resources do not exist even if the attacker compromises the process damage can be limited consider the Morris worm how would using chroot for fingerd affect its propagation Examples of using chroot ftp for anonymous user How to set up chroot need to set up the necessary library files system utilities etc in the new environment CS526 Fall 2008Lecture 19 14 Limitations of chroot Only the root user can perform a chroot intended to prevent users from putting a setuid program inside a speciallycrafted chrootjail for example with a fake etcpasswd file that would fool it into giving out privileges chroot is not entirely secure on all systems V th root privilege inside chroot environment it is sometimes possible to break out process inside chroot environment can still seeaffect all other processes and networking spaces chroot does not restrict the use of resources like lO bandwidth disk space or CPU time CS526 Fall 2008Lecture 19 15 Virtualization Techniques 2 Virtual machines emulate hardware in a user space process the emulation software runs on a host 08 guest OSes run in the emulation software needs to do binary analysischange on the fly eg VMWare Microsoft Virtual PC Pros can run other guest OS without modification to the OS Cons worst performance CS526 Fall 2008Lecture 19 16 Virtualization Techniques 3 Paravirtualization No host OS a small Virtual Machine Monitor runs on hardware guest OSes need to be modified to run Requires operating systems to be ported to run eg Xen Pros better performance compared with 2 supports more OSes compared with 1 Cons each guest OS must be modified to run on it each new version of the OS needs to be patched CS526 Fall 2008Lecture 19 17 Breaking up the allpowerful root The Linux kernel breaks up the power of root into multiple capabm es 31 different capabilities defined in capabilityh in Linux kernel 2611 Allows binding to TCPUDP sockets below 1024 Allows binding to ATM VCls below 32 define lO Allow broadcasting listen to multioast define 11 08526 Fall 2008Lecture 19 18 Some Capabilities and Their Meanings Capability Name Meaning CAPCHOWN Allow for the changing of le ownership CAPCHOWN Override all DAC access restrictions CAPDACREADSEARCH Override all DAC restrictions regarding read and search CAPKILL Allow the sending of signals to processes belonging to others CAPSETGID Allow changing of the GID CAPSETUID Allow changing of the UID CAPSETPCAP Allow the transfering and removal of current set to any PID CAPLINUX1VIMUTABLE Allow the modi cation of immutable and appendonly les CAPSYSMODULE Allow the loading of kernel modules CAPNETBINDSERVICE Allow binding to ports below 1024 CS526 Fall 2008Lecture 19 19 How the capabilitity system work Each process has three sets of bitmaps effective capabilities the process is using permitted capabilities the process can use inheritable capabilities that can be inherited when loading a new program CS526 Fall 2008Lecture 19 20 How the capabilitity system work Each executable file has three sets of bitmaps allowed can inherit these capabilities forced get these capabilities transfer these capabilities are transferred from permitted to effective ie capabilityaware or not When the file is loaded by exec new permitted forced allowed amp inheritable new effective new permitted amp transfer new inheritable inheritable CS526 Fall 2008Lecture 19 21 Why would capabilities be useful A program that needs some but not all privileges of root does not need to be setuid root itjust needs the corresponding capability bits in forced Remove some capabilities during system boot will make the system very difficult to penetrate Protect integrity of system utilities and log files make system log files appendonly and core system utilities immutable and remove CAPLNUXIMMUTABLE this makes it virtually impossible for intruders to erase their tracks or install compromised utilities CS526 Fall 2008Lecture 19 22 FrccBSD securelevel A security mechanism implemented in the kernel when the securelevel is positive the kernel restricts certain tasks not even the superuser ie root is allowed to do them one cannot lower the securelevel of a running system Why to lower the securelevel need to change the securelevel setting in etcrcconf and reboot When need to change the secure level CS526 Fall 2008Lecture 19 23 Warning about securelevel from FreeBSD FAQ Securelevel is not a silver bullet it has many known defICIenCIes More often than not It prOVIdes a false sense of security One of its biggest problems is that in order for it to be at all effective all files used in the boot process up until the securelevel is set must be protected If an attacker can get the system to execute their code prior to the securelevel being set which happens quite late in the boot process since some things the system must do at startup cannot be done at an elevated securelevel its protections are invalidated While this task of protecting all files used in the boot process is not technically impossible if it is achieved system maintenance will become a nightmare since one would have to take the system down at least to singleuser mode to modify a configuration file CS526 Fall 2008Lecture 19 24 Main Idea of Finergrained Access Control For each process there is an additional policy limiting what it can do in addition to the DAC restriction based on the user ids typically specify the capabilities and the files that can be accessed The policy can be based on the binary that was loaded the source of data that the process has received The key challenge how to specify the policy CS526 Fall 2008Lecture 19 25 Example systems of nergrained access control Systrace The Linux Intrusion Detection System LIDS Security Enhanced Linux SELinux initially developed by people in NSA shipped with Fedora Linux distributions AppArmor shipped with SUSE Linux distributions LOMAC Low WaterMark Mandatory Access Control The Usable Mandatory Integrity Protection Model UMIP developed by Purdue We will discuss these after presenting the theory of DAC and MAC CS526 Fall 2008Lecture 19 26 Readings for this lecture Additional readings Best Practices for UNIX chroot Operations The Linux kernel capabilities FAQ wikipedia topics Introduction to virtualization Operating systemlevel virtualization CS526 Fall 2008Lecture 19 27 Coming Attractions October 17 Midterm exam 08526 Fall 2008Lecture 19 28 Information Security CS 526 Lecture 4 Classical Ciphers 08526 Spring 2009Lecture 4 1 Goals of Cryptography The most fundamental problem cryptography addresses ensure security of communication over insecure medium What does secure communication mean confidentiality privacy secrecy only the intended recipient can see the communication integrity authenticity the communication is generated by the alleged sender What does insecure medium mean the adversary can eavesdrop the adversary has full control over the communications 08526 Spring 2009Lecture 4 2 Approaches to Secure Communication Steganography covered writing hides the existence of a message Cryptography hidden writing hide the meaning of a message 08526 Spring 2009Lecture 4 History of Cryptography 2500 years An ongoing battle between codemakers and codebreakers Driven by communication amp computation technology paper and ink cryptographic engine amp telegram radio modern cryptography computers amp digital communication 08526 Spring 2009Lecture 4 Basic Terminology Plaintext original message Ciphertext transformed message Key secret used in transformation Encryption Decryption Cipher algorithm for encryptiondecryption Cryptoanalysis the study of how to creak ciphers 08526 Spring 2009Lecture 4 5 Shift Cipher The Key Space 1 25 Encryption given a key K each letter in the plaintext P is replaced with the K th letter following corresponding number shift right Decryption given K shift left History K 3 Caesar s cipher 08526 Spring 2009Lecture 4 Shift Cipher Cryptanalysis Can an attacker find K YES by a bruteorce attack through exhaustive key search key space is small lt 26 possible keys Once K is found very easy to decrypt 08526 Spring 2009Lecture 4 General Monoalphabetic Substitution Cipher The key space all permutations dz A B C Z Encryption given a key 7t each letter X in the plaintext P is replaced with 7tX Decryption given a key 7t each letter Y in the cipherext P is replaced with n1Y Example ABCDEFGHIJKLMNOPQRSTUVWXYZ TCBADCZHWYGOQXSVTRNMSKJIPFEU BECAUSE a AZDBJSZ 08526 Spring 2009Lecture 4 8 Strength of the General Substitution Cipher Exhaustive search is difficult key space size is 26 z 4X1026 Dominates the art of secret writing throughout the first millennium AD Thought to be unbreakable by many back then 08526 Spring 2009Lecture 4 Cryptanalysis of Substitution Ciphers Frequency Analysis Basic ideas Each language has certain features frequency of letters or of groups of two or more letters Substitution ciphers preserve the language features Substitution ciphers are vulnerable to frequency analysis attacks 08526 Spring 2009Lecture 4 1O Frequency of Letters in English abodefghijklmnopqrstuvwxyz 08526 Spring 2009Lecture 4 11 Towards the Polyalphabetic Substitution Ciphers Main weaknesses of monoalphabetic substitution ciphers each letter in the ciphertext corresponds to only one letter in the plaintext letter Idea for a stronger cipher 1460 s by Alberti use more than one cipher alphabet and switch between them when encrypting different letters Developed into a practical cipher by Vigenere published in 1586 08526 Spring 2009Lecture 4 12 The Vigen re Cipher Definition Given m a positive integer P C 226 and K k1 k2 km a key we define Encryption ekp1 p2 pm p1k1 p2k2quotpmkm mOd 26 Decryption dkc1 c2 cm c1k1 c2k2 cm km mod 26 Example Plaintext CRYPTOGRAPHY Key LUCKLUCKLUCK Ciphertext NLAZEI IBLJ J 08526 Spring 2009Lecture 4 13 Security of Vigenere Cipher Vigenere masks the frequency with which a character appears in a language one letter in the ciphertext corresponds to multiple letters in the plaintext Makes the use of frequency analysis more difficult Any message encrypted by a Vigenere cipher is a collection of as many shift ciphers as there are letters in the key 08526 Spring 2009Lecture 4 14 Vigenere Cipher Cryptanalysis Find the length of the key Divide the message into that many shift cipher encryptions Use frequency analysis to solve the resulting shift ciphers how 08526 Spring 2009Lecture 4 Kasisky Test for Finding Key Length Note two identical segments of plaintext will be encrypted to the same ciphertext if the they occur in the text at the distance A A20 mod m m is the key length Algorithm Search for pairs of identical segments of length at least 3 Record distances between the two segments A1 A2 m divides gcdA1 A2 08526 Spring 2009Lecture 4 16 Example of the Kasisky Test Key KINGKINGKINGKINGKINGKING PT thesunandthemaninthemoon CT DPRYEVNTNBUKWIAOXBUKWWBT 08526 Spring 2009Lecture 4 17 Adversarial Models for Symmetric Ciphers The language of the plaintext and the nature of the cipher are assumed to be known to the adversary Ciphertextonly attack The adversary knows a number of ciphertexts Knownplaintext attack The adversary knows some pairs of ciphertext and correspondin plaintext 08526 Spring 2009Lecture 4 18 Adversarial Models for Symmetric Ciphers Chosenplaintext attack The adversary can choose a number of messages and obtain the ciphertexts for them Chosenciphertext attack The adversary can choose a number of ciphertexts and obtain the plaintexts all 08526 Spring 2009Lecture 4 19 Readings for This Lecture Wikipedia topic on Cryptography httpenwikipediaorgwikiC ryptography Reference The Code Book The Secret History of Codes and Code Breaking Simon Singh 1999 08526 Spring 2009Leoture 4 20 Coming Attractions One time pad pseudorandom generators stream ciphers and WEP insecurity 08526 Spring 2009Lecture 4 21


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Kyle Maynard Purdue

"When you're taking detailed notes and trying to help everyone else out in the class, it really helps you learn and understand the I made $280 on my first study guide!"

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.