Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
AIT 681 Secure Software Engineering
Topic #1 Introduction
Instructor: Dr. Kun Sun
About Instructor
• Dr. Kun Sun, Associate Professor, Department of Information Science and Technology– http://csis.gmu.edu/ksun/– http://sunlab.gmu.edu– Phone: (703) 993-1715– Email: [email protected]– Office: Research Hall, #421– Office hours
10:00am-noon, Wednesday, or by appointment
2
About TAs
• Name: Shaik Sai Saahil• Email: [email protected]• Office hour: Tuesday 3-5pm, Engineering Building 5503
3
This Course
• What is it NOT about?– Not a software engineering course– Not a security software course
• What is it about?– Understand basic software security concepts and their
impacts– Introduce systematic software security design and
development along project management– Practical skills for writing and testing secure software– Program analysis for identifying security vulnerabilities
and defending security attacks
4
Prerequisites
• Programming experience in C is required to understand the secure coding topics.
• Installing and using Ubuntu virtual machines (VMs) on VirtualBox to do lab exercises.
5
Course Outline
• General Topic 1: Secure Software Concept– Recommended textbook
• [McGraw] Software Security: Building Security In, by Gary McGraw, Publisher: Addison-Wesley Professional, February 2, 2006, ISBN-10: 0321356705 ISBN-13: 978-0321356703
• General Topic 2: Secure Coding– Recommended textbook
• [Du] Computer Security: A Hands-on Approach, by Wenliang Du, ISBN-13: 978-1548367947, ISBN-10: 154836794X
• [Seacord] Secure Coding in C and C++ (2nd Edition) (SEI Series in Software Engineering), by Robert C. Seacord , ISBN-13: 978-0321822130ISBN-10: 0321822137
• General Topic 3: Program Analysis– No recommended textbook– All materials covered in the slides
6
Secure Software Concept
• Basic Security Problems• Software Security Fundamentals• Risk Management• 7 touchpoints
1. Code Review2. Architectural Risk Analysis3. Penetration Testing4. Risk-Based Security Testing5. Abuse Cases6. Security requirements7. Security Operations
7
Secure Coding
• String management• Point subterfuge• Dynamic memory management• Integer security• Formatted output• Race condition• Web security
8
Program Analysis for Secure Vulnerability
• Fundamentals• Program representation• Dynamic Analysis• Static Analysis • Symbolic Execution
9
On-line Resources
• Course website:– https://csis.gmu.edu/ksun/AIT681-s20/index.html
• Lab website:– https://csis.gmu.edu/ksun/AIT681-s20/lab.html
• Check course website frequently.– Course materials, e.g., lecture slides, lab
material, homework, tools, etc., will be updated frequently.
10
Grading
• 2 Homework: 20%• Midterm exam: 20%• Lab exercises: 60%
Note:1. Must use text editor (e.g. MS Word, latex) to complete your homework
and project proposal/report. Handwritten submissions are not accepted.2. Must submit an e-copy through blackboard.3. Exams are closed book, closed note. No laptop/tablet/smartphone, etc.
11
Transferring to letter grades:– 95-100: A+– 90-95: A– 85-90: A-– 80-85: B+– 75-80: B– 70-75: B-– 65-70: C+– 60-65: C– < 60: F
Lab Exercises
• We use SEED labs, hands-on labs for security education, developed by Dr. Kevin Du at Syracuse University.
• Single Student Lab• 6 lab exercises (report + demo)
12
Lab Exercise Report Due Date Demo Due DateLab 1: Buffer Overflow Vulnerability 2/26/2020 n/aLab 2: Format String Vulnerability 3/11/2020 3/18/2020Lab 3: Race Condition Vulnerability 4/01/2020 4/08/2020Lab 4: XSS attacks 4/08/2020 4/15/2020Lab 5: Return-to-Libc Attack 4/15/2020 4/22/2020Lab 6: Dirty COW Attack 4/22/2020 4/29/2020
Demo of Lab Exercises
• For each lab exercise, 6-8 students will be randomly chosen to demo the exercise steps to GTA. – All report due dates are on Wednesday.– Demo notification will be sent by GTA on that Friday .– You are responsible for scheduling a demo time slot and
showing your demo to GTA before the next Wednesday.
• If no demo is given, you will receive 0 point on that lab exercise. Moreover, you will be chosen by default for the next round of demo.
• If the demo results do not match the report, you will receive 0 point on that lab. If it happens twice, you will be reported as a violation of honor code.
13
Policies on Late Assignments
• Homework and lab exercise deadlines will be hard.
• Late homework submissions will be accepted with a 10% reduction in grade for each day they are late by.
14
Policies on Exam Absences and Makeup
• You may be excused from an exam only with a university approved condition, with proof. For example, if you cannot take an exam because of a sickness, we will need a doctor's note.
• Events such as going on a business trip or attending a brother's wedding are not an acceptable excuse for not taking an exam at its scheduled time and place.
• You will have one chance to take a makeup exam if your absence is excused. There will be no makeup for homework assignments.
15
Academic Integrity
• The university, college, and department policies against academic dishonesty will be strictly enforced.
• Honor code– Students are required to follow Mason’s Honor
System.– Don’t copy the lab exercise reports from other
students.
16
Check the website for details!
17
Topic #1. Basic Security Concepts
18
What is Computer Security?
• Most developers and operators are concerned with correctness: achieving desired behavior– A working banking web site, word processor, blog,
…• Security is concerned with preventing
undesired behavior – Considers an enemy/opponent/hacker/adversary
who is actively and maliciously trying to circumvent any protective measures you put in place
19
Significant security breaches
• Marriott International, November 2018– Stole 500 million customers data, including contact info,
passport number, travel information, and credit card numbers of more than 100 million customers.
• Equifax, July 2017– Personal information (including Social Security Numbers,
birth dates, addresses, and in some cases drivers' license numbers) of 143 million consumers; 209,000 consumers also had their credit card data exposed.
• Yahoo, September 2016– 3 billion user accounts are compromised, including
names, dates of birth, email addresses, passwords, security questions and answers.
20
Contributing Factors
• Lack of awareness of threats and risks of information systems– Security measures are often not considered until an
Enterprise has been penetrated by malicious users– The situation is getting better, but …
• (Historical) Reluctance to invest in security mechanisms– The situation is improving
• Example: Windows 95 à Windows 2000 à Windows XP àWindows Vista àWindows 7 àWindows 8 àWindows 10
– But there exists legacy software– Supply chain security
• Wide-open network policies – Many Internet sites allow wide-open Internet access
21
Contributing Factors (Cont’d)
• Lack of security in TCP/IP protocol suite– Most TCP/IP protocols not built with security in mind– Work is actively progressing within the Internet Engineering
Task Force (IETF)• Complexity of security management and administration
– Security is not just encryption and authentication• Software vulnerabilities
– Example: buffer overflow vulnerabilities– We need techniques and tools to better software security
• Hacker skills keep improving– Cyber warfare
22
Compusec + Comsec = Infosec
Compsec Comsec
Infosec
Security
Computers Communications
23
Security Objectives
Confidentiality(Secrecy)
Integrity Availability(Denial of Service)
24
Security Objectives (CIA)
• Confidentiality — Prevent/detect/deter improper disclosure of information
• Integrity — Prevent/detect/deter improper modification of information
• Availability — Prevent/detect/deter improper denial of access to services provided by the system
• These objectives have different specific interpretations in different contexts
25
Commercial Example
• Confidentiality — An employee should not come to know the salary of his manager
• Integrity — An employee should not be able to modify the employee's own salary
• Availability — Paychecks should be printed on time as stipulated by law
26
Military Example
• Confidentiality — The target coordinates of a missile should not be improperly disclosed
• Integrity — The target coordinates of a missile should not be improperly modified
• Availability — When the proper command is issued the missile should fire
27
Achieving Security
• Security policy — What?• Security mechanism — How?• Security assurance — How well?
28
Security Policy
Organizational Policy
AutomatedInformation System
Policy
29
Security Mechanisms
• In general three types– Prevention • Example: Access control
– Detection• Example: Auditing and intrusion detection
– Tolerance• Example: Byzantine agreement
Good prevention and detection both require good authentication as a foundation
30
Security Mechanisms (Cont’d)
• Prevention is more fundamental– Detection seeks to prevent by threat of punitive action– Detection requires that the audit trail be protected from
alteration• Sometime detection is the only option, e.g.,– Accountability in proper use of authorized privileges– Modification of messages in a network
• Security functions are typically made available to users as a set of security services
• Cryptography underlies (almost) all security mechanisms
31
Security Services
• Security functions are typically made available to users as a set of security services through APIs or integrated interfaces
• Confidentiality: protection of any information from being exposed to unintended entities.– Information content.– Parties involved.– Where they are, how they communicate, how often, etc.
• Authentication: assurance that an entity of concern or the origin of a communication is authentic - it’s what it claims to be or from
• Integrity: assurance the information has not been tampered with
32
Security Services (Cont’d)
• Non-repudiation: offer of evidence that a party is indeed the sender or a receiver of certain information
• Access control: facilities to determine and enforce who is allowed access to what resources, hosts, software, network connections
• Monitor & response: facilities for monitoring security attacks, generating indications, surviving (tolerating) and recovering from attacks
33
Security Assurance
• How well your security mechanisms guarantee your security policy
• Everyone wants high assurance• High assurance implies high cost– May not be possible
• Trade-off is needed• How to provide insurance on company IT
networks?
34
Security by Obscurity
• Security by obscurity– If we hide the inner workings of a system it will be
secure– E.g., steganography
• Less and less applicable in the emerging world of vendor-independent open standards
• Less and less applicable in a world of widespread computer knowledge and expertise
35
Security by Legislation
• Security by legislation says that if we instruct our users on how to behave we can secure our systems
• For example– Users should not share passwords– Users should not write down passwords– Users should not type in their password when someone
is looking over their shoulder
• User awareness and cooperation is important, but cannot be the principal focus for achieving security
36
Security Tradeoffs
Security Functionality
Ease of Use
COST
37