COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course - - PowerPoint PPT Presentation

CSE484/CSE584 COURSE IN INTRODUCT CTION

• Dr. Benjamin Livshits

High-Level Course Logistics

2

https:/ ://courses.c .cs.washin ington.e .edu/courses/cse484/14au

Course Logistics

3

Office hours: Tuesday after class Office hours: Mon

• nday and Frid

Friday

Class Times

4

1:30 1:30-2:2 :20 and 2:30 2:30-3:20 Architecture Hall G070 Tu/Th 11 11—12:20 Savery 264

Prerequisites (C (CSE 484)

 Data Structures (CSE 326)

• r Data Abstractions (CSE

332)

 Hardware/Software

Interface (CSE 351) or Machine Org and Assembly Language (CSE 378)

 Assume: Working knowledge of

C and assembly

 One of the labs will involve writing

buffer overflow attacks in C

 You must have an understanding of

x86 architecture, stack layout, calling conventions, etc.

 Assume: Working knowledge of

software engineering tools for Unix environments (gdb, etc)

 Assume: Working knowledge of

Java and JavaScript

Cla lasses Practical kn knowle ledge

Prerequisites (C (CSE 484)

 Strongly recommended: Computer Networks;

Operating Systems

 Will help provide deeper understanding of security

mechanisms and where they fit in the big picture

 Recommended: Complexity Theory;

Discrete Math; Algorithms

 Will help with the more theoretical aspects of this course

 Finally, courses in Programming languages and

Compilers will help a lot, too

 These topics will come up in homework, labs, etc.

Fir irst-Day Surv rvey

7

Do NOT Be Scared

 Likely, nobody here has satisfied every

ry sin single le prerequis isit

• ite. This is not the point.

 Most important thing of all: Eagerness to learn!  This is a 400 level course.  We expect you to push yourself to learn as much as

possible.

 We expect you to be a strong, independent learner capable

• f learning new concepts from the lectures, the readings,

and on your own.

Role of Research

9

 This is a 400-level course  It is a goal to get you in

interested you in research in computer science

Your Grade

10 10

This class is

• interactive. Also,

summary vid videos No exam, but this can be pretty su substantial

Participation Matters!

 Harder in a large class, but worth it!

 I would like to learn everyone’s name!

 But 90 or so students may overflow my buffer, without some

form of assistance

 I’m toying with the idea of name cards or a seating chart -- and

will make a decision about that now that I’ve seen the classroom layout.

 Videos! More on that later.

 Projects – you are encouraged to do more, especially

because projects are done in groups

Late Submission Policy

 Late assignments will (generally) be dropped 20% per

calendar day.

 Late days will be rounded up  So an assignment turned in 26 hours late will be

downgraded 40%

 See website for exceptions -- some assignments must be

turned in on time

 Many assignments due on Friday  We will have office hours on Friday to meet the

demand

Course Reading: Text xtbook

 The book is easy to read  Not nearly as dry as an

average textbook

 Has read-world

illustrations and war stories

 Has lots of details not

covered in lecture

 Proposes a different

narrative focusing on the developer, which is good

13 13

Why Go To Class?

 Lectures will not

• t follow the

textbook

 Lectures will focus on “big-

picture” principles and ideas

 Lectures will cover some

material that is not

• t in the

textbook

 Lecture slides will be online  Details that are not

covered in lectures will be discussed in sections

 You will need this for

homeworks and labs

 This is a way to get to know

your classmaters better

 Two sections, both on

Thursday

14 14

Attend le lectures Attend sections

Reading Research Papers

15 15

Summary ry Videos

16 16

17 17

More Vid ideos

18 18

https://www.youtube.com/watch?v=HBwmX1ZITu4

Guest Speakers

 Another connection of

the class material

 This is a connection to

both to res esearch and to in industrial practice

 Tentative list of

participants from

 Facebook  Microsoft  Smaller penetration

testing companies

19 19

Other Helpful Books (o (online)

 Ross Anderson, “Security Engineering” (1st edition)  Focuses on design principles for secure systems  Wide range of entertaining examples: banking, nuclear

command and control, burglar alarms

 You should all at least look at the Table of Contents for this

book.

 (2nd edition available for purchase)  Menezes, van Oorschot, and Vanstone, “Handbook of

Applied Cryptography”

 Many many other useful books exist (not all online)

Mailing Lists

 The list is used for announcements  If you are enrolled into the class, you should

be on the list

 mult

lti_cse484a_au14@uw.edu

 We will send an email later on – expect to

receive one

 How to reach us?

 cse

cse484-tas@cs.washin ington.edu

Labs

 General plan (tentative):  3 labs (timeline TBD, most

likely due on Fridays)

 First lab out approximately

next Wednesday

 Submit to Catalyst system

(URL on course page)

 Do by yourself, unless

mentioned otherwise

 Details will be on the

web page

 First lab: Software

security

 Buffer overflow attacks,

double-free exploits, format string exploits, ...

 Second lab: Web

security

 XSS attacks, ...  Third lab: TBD

Homework

 Currently, two are planned, but three or

four are likely

 They will require you to look at the

reading more carefully

 They will require you to investigate some

new ideas not mentioned in class, without necessarily writing code

Eth thic ics

 In this class you will learn about how to attack the

security and privacy of (computer) systems.

 Knowing how to attack systems is a cr

critical step toward knowing how to protect systems.

 But one must use this knowledge in an ethical manner.  In order to get a non-zero grade in this course, you must

electronically sign the “Security and Privacy Code of Ethics” form

https://catalyst.uw.edu/webq/survey/livshits/247877

Ethics in Security Research

25 25

Spamalitics Scandal

26 26

"Spamalytics: An Empirical Analysis of f Spam Marketing Conversion (CCS’2008)

27 27

• Infiltrated part of a botnet.
• Set up a fake online pharmacy.
• Redirected clicks for 469,9

469,906,992 spam messages.

• Converted 569

569 recipients!

Research Tactics Questioned After Public lication

 Run this on my inbox

and see how well it works.

 Post ideas to a mailing

list and get other people's experiences.

 I am experimenting on

people who send me mail.

 Most email is not a public

document.

 Senders did not give

consent to be involved in my research.

 Under 45 CFR 46, I need

IRB IRB approval for this experiment.

28 28

Protocol

Proble lems

What’s the Moral?

29 29

• 1. Be careful with what you learn
• 2. Sign the ethics form
• 3. When in doubt, ask
• 4. See #2
• 5. See #3
• 6. See #1

Break…

30 30

Alice and Bob: Adventures Continue

31 31

Ali lice and Bob

32 32

Sit ita and Rama (not A & B)

33 33

The statement Sita wants to send a message to Rama is inspired from the episode in Sundara Kanda (lit. beautiful book) of Ramayana, where Sita, who was kidnapped by Ravana, is isolated and kept confined to a forest. She is seated under an ashoka tree, when the monkey-God Hanuman, sent by Rama, reaches her. Desperate Sita wants to send a message to Rama through Hanuman (an honest man). We also have the usual man-in-the-middle Ravana (a rogue), who is waiting to sabotage any communication between Sita and

• Rama. In addition to the aptly chosen names, this entire episode has some

striking similarities to modern cryptography.

Alice and Bob. They Just Won’t Quit.

34 34

Technical Themes

 Vulnerabilities of computer systems  Software problems (buffer overflows); crypto problems;

network problems (DoS, worms); people problems (usability, phishing)

 Defensive technologies  Protection of information in transit: cryptography, security

protocols

 Protection of networked applications: firewalls and

intrusion detection

 Least privilege, “Defense in depth”

Key Themes of f This is Course

 How to thin

ink about security

 The Security Mindset - “new” way to think about systems  Threat models, security goals, assets, risks, adversaries  Connection between security, technology, politics, ethics, ...  Technic

ical l asp spects of security

 Attack techniques  Defenses

Special Focus on Software Security

37 37

 (In)security comes about as a result of bugs  Often – but not always – these are software bugs  We will focus on the software aspect of security  Often the term application security is used to

describe some of this

Software Security

 “First things first—make sure you

know how to

• cod
• de, and have

been doing so for years. It is better to be a developer (and architect) and then learn about security than to be a secu ecurity ty gu guy and try to learn to code”

38 38

What This Course is NOT About

 Not a comprehensive course on computer security  Computer security is a broad discipline!  Impossible to cover everything in one quarter  So be careful in industry or wherever you go!  Not about all of the latest and greatest attacks  Follow the news  Not a course on ethical, legal, or economic issues  We will touch on ethical issues, but the topic is huge  Not a course on how to “hack” or “crack” systems or do

computer forensics

 Yes, we will learn about attacks ... but the ultimate goal is to develop an

understanding of attacks so that you can build more secure systems

Course Structure

Basi asics Web se secu curit ity Top

• pics

Security Concepts

1.

Authentication

2.

Authorization

3.

Confidentiality

4.

Data / Message Integrity

5.

Accountability

6.

Availability

7.

Non-Repudiation

Authentication

 Identity Verification  How can Bob be sure that he is

communicating with Alice?

 Three General Ways: Something you know (i.e

i.e., ., Passwords)

Something you have (i.e

(i.e., ., Tokens)

Something you are (i.e

(i.e., Bio Biometric ics)

Something You Know

 Example: Passwords  Pros:  Simple to implement  Simple for users to understand  Cons:  Easy to crack (unless users choose strong ones)  Passwords are reused many times  One-time Passwords (OTP): different password used

each time, but it is difficult for user to remember all

• f them

We All See Plenty Of f It It

44 44

Something You Have

 OTP Cards (e.g. SecurID): generates new

password each time user logs in

 Smart Card: tamper-resistant, stores secret

information, entered into a card-reader

 Token / Key (i.e., iButton)  ATM Card  Strength of authentication depends on

difficulty of forging

Or Maybe I I Have a Browser Cookie

46 46

Cookie is part of subsequent requests

Bio iometrics

 Pros: “raises the bar”  Cons: false

negatives/positives, social acceptance, key management

 False positive: authentic

user rejected

 False negative: impostor

accepted

47 47

Technique Effectiveness Acceptance Palm Scan 1 6 Iris Scan 2 1 Retinal Scan 3 7 Fingerprint 4 5 Voice Id 5 3 Facial Recognition 6 4 Signature Dynamics 7 2

Fin inal Notes

 Two-factor Authentication: Methods can be combined

(i.e. ATM card & PIN)

 Who is authenticating who?  Person-to-computer?  Computer-to-computer?  Three types (e.g. SSL):  Client Authentication: server verifies client’s id  Server Authentication: client verifies server’s id  Mutual Authentication (Client & Server)  Authenticated user is a “Principal”

Authorization

 Checking whether a user has permission to

conduct some action

 Identity vs. Authority  Is a “subject” (Alice) allowed to access an “object”

(open a file)?

 Access Control List: mechanism used by many

• perating systems to determine whether users

are authorized to conduct different actions

Configuring Mailing List Permissions

50 50

Access Control Lis ists (A

(ACLs)

 Set of three-tuples  <User, Resource,

Privilege>

 Specifies which users

are allowed to access which resources with which privileges

 Privileges can be

assigned based on roles (e.g. admin in)

User Resource Privilege

Alice /home/Alice/* Read, write, execute Bob /home/Bob /* Read, write, execute Table 1-1. A Simple ACL

Access Control Models

 ACLs used to implement these models  Mandatory: computer system decides exactly who has

access to which resources

 Dis

iscretionary (e.g. UNIX): users are authorized to determine which other users can access files or other resources that they create, use, or own

 Role

le-Based (Non-Discretionary): user’s access & privileges determined by role

Confidentiality

 Goal: Keep the contents of communication or data

• n storage secret

 Example: Alice and Bob want their communications

to be secret from Eve

 Key – a secret shared between Alice & Bob  Sometimes accomplished with  Cryptography, Steganography, Access Controls, Database

Views

Message/Data In Integrity

 Data Integrity = No Corruption  Man in the middle attack: Has Mallory tampered with the message

that Alice sends to Bob?

 Integrity Check: Add redundancy to data/messages

 Techniques:  Hashing (MD5, SHA-1, …), Checksums (CRC…)  Message Authentication Codes (MACs)  Different From Confidentiality:  A -> B: “The value of x is 1” (not secret)  A -> M -> B: “The value of x is 10000” (BAD)  A -> M -> B: “The value of y is 1” (BAD)

Accountability

 Able to determine the attacker or principal  Logging & Audit Trails  Requirements:  Secure Timestamping (OS vs. Network)  Data integrity in logs & audit trails, must not be able to

change trails, or be able to detect changes to logs

 Otherwise attacker can cover their tracks

Avail ilability

 Uptime, Free Storage  Ex. Dial tone availability, System downtime limit, Web

server response time

 Solutions:  Add redundancy to remove single point of failure  Impose “limits” that legitimate users can use  Goal of DoS (Denial of Service) attacks are to reduce

availability

 Malware used to send excessive traffic to victim site  Overwhelmed servers can’t process legitimate traffic

Non-Repudiation

 Undeniability of a transaction  Alice wants to prove to Trent that she did

communicate with Bob

 Generate evidence / receipts (digitally signed

statements)

 Often not implemented in practice, credit-card

companies become de facto third-party verifiers

Sli lides

58 58

Slides will be posted online Thanks to Dan Boneh, John Mitchell,

Vitaly Shmatikov, Christoph Kern , Anita Kesavan , Neil Daswani, Yoshi Kohno, and many others for sample slides and materials ...

Things to Do Now

59 59

1.

Visit the course homepage:

 https://courses.cs.washin

ington.edu/courses/cse484/14au/

2.

Take the first-day survey:

 http

tps: s://catalyst. t.uw.edu/webq/survey/livsh shits/247298

3.

Find a summary video partner and email us about your preferences