CMPSC 497 Special Topics: Software Security Trent Jaeger Systems - - PowerPoint PPT Presentation

cmpsc 497 special topics software security
SMART_READER_LITE
LIVE PREVIEW

CMPSC 497 Special Topics: Software Security Trent Jaeger Systems - - PowerPoint PPT Presentation

Jul 03, 2023 461 likes •750 views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Special Topics: Software Security Trent Jaeger

slide-1
SLIDE 1

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Systems and Internet Infrastructure Security

Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA

1

CMPSC 497 Special Topics: Software Security

Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University

slide-2
SLIDE 2

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

About Me

2

  • Trent Jaeger (PhD, University of Michigan)
  • Professor since 2005, CSE -- after 9 years at IBM Research
  • Research: Systems and Software Security
  • Example Systems
  • L4 Microkernel – Minimal, high performance OS
  • Linux – Open source, UNIX variant
  • Xen hypervisor – Open source, virtual machine platform
  • OpenStack – Open source, IaaS cloud platform
  • Server and middleware – Web servers, browsers, window mgrs,

system software…

  • Office: W359 Westgate Bldg; Hours: M 1-2 and W 2-3
  • Email: tjaeger@cse.psu.edu
slide-3
SLIDE 3

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

This course….

  • Is a programming course that teaches techniques

to avoid creating vulnerabilities and to add security mechanisms to protect your programs

  • Caveat: We are still trying to figure out both
  • Topics: What are … Program flaws and how to

they become vulnerabilities? … Safe programming techniques to avoid vulnerabilities? … Tools and techniques to detect vulnerabilities? … Security mechanisms and how to add them to your programs?

slide-4
SLIDE 4

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

Background

  • Required:
  • CMPSC 473, CMPSC 443
  • Expected:
  • Program in C
  • Additional background:
  • Programming Languages
  • We will learn some program analysis techniques to detect

vulnerabilities and write secure code

slide-5
SLIDE 5

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

Course Materials

  • Website
  • http://www.cse.psu.edu/~trj1/cmpsc497-s18/
  • Course assignments, slides, etc. will be placed here
  • Check back often -- I may change some of the assignments
  • Course Readings
  • Papers available on the website
slide-6
SLIDE 6

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

Course Calendar

  • The course calendar

has all the details

  • Links to online

papers for readings

  • Links to projects
  • Please check the

calendar frequently

  • it’s the real-time

state of the course

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web-page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage). Date Topic Assignments Due Readings for Discussion (do readings before class) 01/09/18 Introduction (Slides) Course syllabus link 01/11/18 Security Basics (Slides) Reflections on Trusting Trust. K. Thompson, Turing Award Lecture, 1983. link 01/16/18 Passwords (Slides) Linux Password and Shadow File Formatlink 01/18/18 Programming Mistakes (Info Flow) (Slides) Base Object Serverlink SQL Injection Cheat Sheet and Tutoriallink The Risks Digest link 01/23/18 Programming Flaws (Buffer Overflows) (Slides) Smashing the Stack for Fun and Profit, Aleph One. Phrack 7(49), 1996link Common Vulnerabilities and Exposures link 01/25/18 Programming Flaws (Memory Errors) (Slides) Hacker's Hut: Exploiting the Heap (11-11.2)link Security Focus: BugTraq link 01/30/18 Programming Flaws (Memory Errors) (Slides) 02/01/18 Confused Deputy (Slides) The Confused Deputy (or why capabilities might have been invented). Norm
  • Hardy. Operating Systems Review, pp. 36-38, Oct. 1988. link
02/06/18 Defensive Programming (Slides) Secure Programming HOWTO (Chapter 6)link 02/08/18 Defensive Programming (Slides) Secure Programming HOWTO (Chapter 5)link 02/13/18 Penetration Testing (Slides) Penetration Testing Tutoriallink 02/15/18 Fuzz Testing (Slides) American Fuzzy Loplink 02/20/18 Static Analysis (Slides) TBD - Static Analysis Tutoriallink 02/22/18 Static Analysis (Slides) TBD - Static Analysis Tutoriallink 02/27/18 Symbolic Execution (Slides) KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex
  • Systems. Cristian Cadar, Daniel Dunbar, Dawson Engler, in Proceedings of the 8th
USENIX Conference on Operating Systems Design and Implementation, 2008. link 03/01/18 Midterm 03/06/18 Spring Break - No class 03/08/18 Spring Break - No class 03/13/18 Security Mechanisms (Slides) 03/15/18 Privilege Separation (Slides) PtrSplit: Supporting General Pointers in Automatic Program Partitioning. S. Liu,
  • G. Tan, and T
. Jaeger. In 24th ACM Conference on Computer and Communications Security (CCS), 2017.link 03/20/18 Execution Integrity (Slides) Control-Flow Integrity: Precision, Security, and Performance (Section 2.1)link 03/22/18 Execution Integrity (Slides) Securing Software by Enforcing Data-Flow Integrity (Section 2.1)link 03/27/18 Comparing Java to C (Slides)

course calendar

Home Schedule
slide-7
SLIDE 7

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Course Mailing List

  • Via Canvas
  • Use with care
  • I will send a test email
  • Please reply if you do not receive by Fr
  • May need to forward to your CSE account
  • Can use to email me
  • Please use “CMPSC 497” in the subject

7

slide-8
SLIDE 8

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

Grading

  • Exams (60%)
  • Midterm (25%)
  • In class
  • Final (35%)
  • Projects (30%)
  • Programming Projects
  • Homeworks
  • Participation (10%)
  • Be prepared with readings – possible quizzes
slide-9
SLIDE 9

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

Lateness Policy

  • Assignments and project milestones are

assessed a 20% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don’t give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

  • You decide what you turn in
slide-10
SLIDE 10

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

Academic Integrity

  • See Computer Science and Engineering

Department’s Policy on Academic Integrity Standards

  • http://www.eecs.psu.edu/students/resources/EECS-

CSE-Academic-Integrity.aspx

slide-11
SLIDE 11

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

Ethics Statement

  • This course considers topics involving personal and public

privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of

  • thers. As an instructor, I rely on the ethical use of these
  • technologies. Unethical use may include circumvention of

existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities

  • f these services. Exceptions to these guidelines may occur

in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit

  • f these guidelines will be reported to the proper authorities

and may result in dismissal from the class.

  • When in doubt, please contact the instructor for advice. Do not

undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.

slide-12
SLIDE 12

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

Road Map

  • Introduction
  • 1. Today
  • Software Vulnerabilities
  • 1. Information Flow
  • 2. Memory Errors
  • Defensive Programming
  • 1. Safe Syscalls
  • 2. Attack Surfaces
  • 3. Design
  • Finding Program Flaws
  • 1. Dynamic Testing
  • 2. Static Analysis
  • 3. Symbolic Execution
  • Security Mechanisms
  • 1. Authorization
  • 2. Privilege Separation
  • 3. Execution Integrity
  • Safe Programming Environments
  • 1. Memory Safe
  • 2. Information Flow-Safe
  • Retrofitting Software for Security
  • 1. Authorization
  • 2. Privilege Separation
slide-13
SLIDE 13

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

What Kind of Threats?

  • Lead to security problems…
slide-14
SLIDE 14

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

Bad Code

  • Adversary may control the code that you run
  • Examples
  • Classical: Viruses, Worms, Trojan horses, …
  • Modern: Client-side scripts, Macro-viruses, Email,

Ransomware, …

  • Easier to update/add software (malware) than ever
  • What are the problems with adversary code on

your machine?

slide-15
SLIDE 15

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

Bad Code - Example

  • You use an adversary-controlled library
  • What can an adversary do?
slide-16
SLIDE 16

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

Bad Code - Example

  • You use an adversary-controlled library
  • What can an adversary do?
  • Anything you can do
  • Do you have anything you would want to protect?
  • Secret data on your computer
  • Communications you make with your computer
  • Well, at least these are only “user” processes
  • But, they may compromise the host
  • Beware “local exploits”
slide-17
SLIDE 17

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

Bad Code - Defenses

  • What can you do to avoid executing adversary-

controlled code?

slide-18
SLIDE 18

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18

Bad Code - Defenses

  • What can you do to avoid executing adversary-

controlled code?

  • Defenses
  • Only run “approved” code
  • How do you know?
  • “Sandbox” code you are uncertain of
  • How do you do that?
  • Use automated installers or predefined images
  • Let someone else manage it
slide-19
SLIDE 19

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 19

Good Code

  • You aim to write programs that does what you

want

  • What is the problem with running code from

benign sources?

slide-20
SLIDE 20

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 20

Good Code

  • You aim to write programs that does what you

want

  • What is the problem with running code from

benign sources?

  • Not really designed to defend itself from a determined,

active adversary

  • Functions performed by benign code may be

exploited

slide-21
SLIDE 21

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Vulnerabilities

  • A program vulnerability consists of three

elements:

  • A flaw
  • Accessible to an adversary
  • Adversary has the capability to exploit the flaw
  • Often focus on a subset of these elements
  • But all conditions must be present for a true

vulnerability

21

slide-22
SLIDE 22

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22

Good Code – Goes Bad

  • Classic flaw: Buffer overflow
  • If adversary can access, exploits consist of two

steps usually

  • (1) Gain control of execution – IP or stack pointer
  • (2) Choose code for performing exploitation
  • Classic attack:
  • (1) Overwrite return address
  • (2) Write code onto stack and execute that
slide-23
SLIDE 23

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Good Code – Defenses

  • Preventing either of these two steps prevents a

vulnerability from being exploited

  • How to prevent overwriting the return address?
  • ???
  • How to prevent code injection onto the stack?
  • ???
  • Are we done?
  • End the semester early…

23

slide-24
SLIDE 24

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Good Code – Evading Defenses

  • Unfortunately, no
  • (1) Adversaries gain access to the control flow

in multiple ways

  • Function pointers, other variables, heap variables, etc.
  • Or evade defenses – e.g., disclosure attacks
  • (2) Adversaries may perform desired operations

without injecting code

  • Return-to-libc
  • Return-oriented attacks

24

slide-25
SLIDE 25

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Good Code – Confused Deputy

  • And an adversary may accomplish her goals

without any memory errors

  • Trick the program into performing the desired, malicious
  • perations
  • Example “confused deputy” attacks
  • SQL injection
  • Resource access attacks
  • Bypass attacks
  • Race condition attacks (TOCTTOU)

25

slide-26
SLIDE 26

Systems and Internet Infrastructure Security (SIIS) Laboratory Page

Result

  • Pressure is on programmers to eliminate flaws that

may lead to vulnerabilities (accessible and exploitable)

  • Hard to identify program flaws
  • Some program flaws are complex or expensive to prevent
  • Programmers typically do not know where adversary access

is possible

  • Exploit methods are becoming more powerful
  • On the positive side, a number of defenses are now

known and some are practical

  • How do programmers use them?

26

slide-27
SLIDE 27

Systems and Internet Infrastructure Security (SIIS) Laboratory Page 27

Take Away

  • In this class, we will focus on the methods to write

programs that make the adversaries’ task more difficult

  • Harder to turn good code bad
  • Harder to leverage code for malicious purposes
  • We will look at several techniques
  • How to write safe code
  • How to detect flaws in code
  • How to apply security mechanisms to code
  • How should we add security to our programs