Computer Security CSE 543
Popular in Course
Popular in Computer Science and Engineering
This 0 page Class Notes was uploaded by Libby Kuhlman on Sunday November 1, 2015. The Class Notes belongs to CSE 543 at Pennsylvania State University taught by Staff in Fall. Since its upload, it has received 22 views. For similar materials see /class/233115/cse-543-pennsylvania-state-university in Computer Science and Engineering at Pennsylvania State University.
Reviews for Computer Security
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/01/15
CSE 543 Computer Security Fall 2006 Lecture 22 Languagebased security November 16 2006 URL httpwwwcseIosuedutiaeqercse543f06 The Morris Worm 0 Robert Morris a 23 doctoral student from Cornell 0 Wrote a small 99 line program 0 November 3rd 1988 0 Simply disabled the Internet 0 How itdid it 0 Reads etcpassword they tries the obvious choices and dictionary lusrdict words Used local etchostsequiv rhosts forward to identify hosts that are related 0 Tries cracked passwords at related hosts if necessary 0 Uses whatever services are available to compromise other hosts Scanned local interfaces for network information Covered its tracks set is own process name to sh prevented accurate cores reforked itself I l PENNSTATE Engineering Disaster 0 Millions of Bots 0 Compromised applications 0 Programming errors 0 Enable code insertion o What can we do to fix them 0 Just starting to get serious Buffer Overflows 0 One means by which the bad guys take over a host 0 install root kits 0 use as SPAM bots 0 use as zombies 0 launch other attacks 0 There are many attacks but this is most prevalent o It all starts with some programmer mistake 0 eg bad software I l Buffer Overflows continued o Stack frame 0 how local variables and program state is stored in most modern programming languages 0 The Attack 0 overwrite buffer on stack with new return pointer pointing to adversary code 0 Return from function lands program counter into bad guys downloaded code 0 Game over they now control that host PENNSTATE Buffer Overflow Prevention 0 StackGuard 0 Push a Canary on the stack between the local vars and the return pointer o Overwrite of canary indicates a buffer overflow 0 Requires changes to the compiler 0 Q Would this solve the problem 0 Thorough summary 0 wwwblackhatcomgresentationsbh usaO4bhusO4silbermanbhusO4 silbermanpaperpdf PENNSTATE Other Input Problems 0 Function Pointers 0 OvenNrite a local function pointer variable 0 Q What can be done 0 Heap overflow 0 Overflow a buffer on the heap o Integer Overflow 0 For signed 8bit integers o 1271 o Malformed Character Input 0 What does URL ltipaddrgtscriptscOafwinnt system32 decode to I l PENNSTATE Java World 0 Type Safe Language o No bufferheapptr overflows 0 No unsafe casts 0 Still have integer overflows 0 Java Virtual Machine 0 Interpret bytecodes or compile Authorized to 99th 6 r Java Center 0 Security Manager reference monitor for JVM 0 Q What is the trust model of a Java application I l s Ccu red NE From C to Memorysafe C Translator Find the minimum number of runtime checks to ensure memory safety Classify Pointers Safe Wild Need runtime checks for wild pointers 39 Runilme Checks H I I MAKE SAFE Similar to declaSSIerrs In DLM Written by hand in general AND SANE LEFT TURNS C Analysis Assume Type Safety in Analysis On what basis Trust that the programmer does not subvert Is this a reasonable assumption Unsound analysis False negatives are possible Sound analysis If no unsafe behavior relative to analysis can be assumed Actually lots of work in this area Used in production code Microsoft Source Code Analysis PENNSTATE Shallow tools for bug finding Prefix Prefast Microsoft Companies that will check your code Coverity based on MC Deep tools for verifying correctness SLAM for device drivers Add security to legacy code Generate LSM Generate reference monitor for X Server Lots of other topics Privilege separation Domain transition Error reporting I l Enforcing security policy PENNSTATE DAC MAC certificates Security Policy trust management 9 m amp SELinux antivirus E IDS firewalls None of these provide encryption endtoend con dentiality legal measures PENNSTATE Informationflow control Access to all compartments o What is it 0 Simple security amp property 0 Why a o Leandro Aragoncillo eg 32221 0 Problem Information release 0 Solution Information Flow Control 0 Stronger enforcement than reference monitors PENNSTATE Label and monitor 0 Key 0 tag data 0 monitorflows o RMs tag actual data 0 all dataprocesses have label 0 central security monitor checks op erations data access against policy 0 Securitytyped languages use virtual tags 0 data types are labeled 0 type checker validates flows MOHitOF flOWS PENNSTATE Build on type safety 39 AtypeSafe Example 1 language Object obj maintains the int i semantics of obj obj X1 types Eg can t add int s Example 2 to Object s String pr ocobj0bject o o Typesafety is r39m39 no compositional Qrgurgicstleosnto ObjeCt Obj St 39 b39 b39 maintain type rmg S proc o 30 3 safety PENNSTATE Labeling types Example 1 Example 2 inthigh h1h2 Stringlow int10w 1 procCObjecthigh o 1 5 h2 1 main hl hZ 10 1h2 1 0bjecthigh obj Stringlow s b39 b 0 Key insight S Pr oco 30 J 39abel types with security levels 0 Security typing is Compositional L Implicit flows Static Virtual tagging myda ta contains information int m data 0 LOW y about test so it can no longer intLOW mydata2 0 be Low if testHigh butrnydata2 is outsrde the conditional so it is untainted by mydata 1 test else Causes type error m data 2 y at compiletime mydata2 0 printLOWmy 2 printLOW data Declassification PENNSTATE 0 Noninterference is too restrictive 0 Examples 0 Encryption 0 Distributed auction 0 Password check 0 Solutions 0 DLM and selective declassification 0 Robust declassification 0 Quantitative security PENNSTATE Open challenges Systemwide security Certifying compilation Abstractionviolating attacks Dynamic policies Practical issues Variations of static analysis A controversial Supreme Court decision has inventors and Lheir lawyers buzzing But patents are still the best Way In t CSE543 Computer and Network Security Fall 2006 Professor ae er PENNSTATE Take away The inability to express or enforce endtoend security policies is a serious problem with our current computing infrastructure and languagebased techniques appear to be essential to any solution to this problem quot f