cs 134 operating systems
play

CS 134: Operating Systems Security (continued) 1 / 23 Overview - PowerPoint PPT Presentation

Nov 27, 2023 •387 likes •684 views

CS34 2012-12-10 CS 134: Operating Systems Security (continued) CS 134: Operating Systems Security (continued) 1 / 23 Overview CS34 Overview 2012-12-10 Attacks Overview Defenses Attacks Defenses 2 / 23 Attacks Defense Rule #1

  1. CS34 2012-12-10 CS 134: Operating Systems Security (continued) CS 134: Operating Systems Security (continued) 1 / 23

  2. Overview CS34 Overview 2012-12-10 Attacks Overview Defenses Attacks Defenses 2 / 23

  3. Attacks Defense Rule #1 CS34 Defense Rule #1 2012-12-10 Attacks Rule #1 of defending against bad guys is the same regardless of whether you’re doing computer security, neighborhood crime patrols, or interstellar warfare: think like the enemy. Defense Rule #1 This means you need to develop a nasty attitude. When you walk out of here today, look for all the ways an off-campus thief could (try to) get rich. Could they succeed? HMC depends a lot on a combination of the honor code and the fact Rule #1 of defending against bad guys is the same regardless of that we have good mechanisms for keeping outsiders off campus. whether you’re doing computer security, neighborhood crime patrols, or interstellar warfare: think like the enemy. This means you need to develop a nasty attitude. When you walk out of here today, look for all the ways an off-campus thief could (try to) get rich. Could they succeed? 3 / 23

  4. Attacks Common Attacks CS34 Common Attacks 2012-12-10 We’ve already seen MITM. Other common attacks include: Attacks ◮ Logic bombs ◮ Trap doors ◮ Random probes ◮ Password guessing ◮ Privilege escalation We’ve already seen MITM. Other common attacks include: Common Attacks ◮ Buffer overflows (oh my!) ◮ Trojan horses ◮ Viruses ◮ Worms ◮ Social engineering ◮ Logic bombs But that’s not all. . . ◮ Trap doors The point here is that no list of attacks is comprehensive. ◮ Random probes ◮ Password guessing ◮ Privilege escalation ◮ Buffer overflows (oh my!) ◮ Trojan horses ◮ Viruses ◮ Worms ◮ Social engineering But that’s not all. . . 4 / 23

  5. Attacks The Rounding Attack CS34 The Rounding Attack 2012-12-10 Attacks This really happened: ◮ Banks have to round interest to nearest penny ◮ Programmer rewrote rounding code: 1. If < 0 . 5, round down normally 2. If ≥ 0 . 5, still round down . . . But that leaves bank out of balance, so credit leftover penny to The Rounding Attack own account and everything works out just fine! ◮ Every month, hits 50% of customers on average ◮ Even small bank has thousands of customers. . . big one has hundreds of thousands or millions This really happened: So. . . how did he get caught? (Yes, he got caught.) ◮ Banks have to round interest to nearest penny The point of talking about this attack is that it doesn’t fall into the neat categories from the previous slide. ◮ Programmer rewrote rounding code: The bad guy was caught because a “little old lady” checked her 1. If < 0 . 5, round down normally statement carefully, and when it didn’t make sense she went to the 2. If ≥ 0 . 5, still round down bank and asked for help. . . . But that leaves bank out of balance, so credit leftover penny to But there’s another enduring principle here: greed. The bad guy own account and everything works out just fine! could have fled before he was uncovered, but the money was rolling in every month and so he kept wanting more. ◮ Every month, hits 50% of customers on average ◮ Even small bank has thousands of customers. . . big one has hundreds of thousands or millions So. . . how did he get caught? (Yes, he got caught.) 5 / 23

  6. Attacks Logic Bombs CS34 Logic Bombs 2012-12-10 Attacks Insider adds code that will destroy system on condition x Typically, x becomes true when insider gets fired ◮ E.g., daily deadman switch Logic Bombs Variant: don’t destroy system, just encrypt it and use key for blackmail Insider adds code that will destroy system on condition x Typically, x becomes true when insider gets fired ◮ E.g., daily deadman switch Variant: don’t destroy system, just encrypt it and use key for blackmail 6 / 23

  7. Attacks Trap Doors CS34 Trap Doors 2012-12-10 Attacks Rewrite login program to accept hardwired account and password Insider can now get root access even after being fired and having account deleted Trap Doors For insidiously nasty variant, read “Reflections on Trusting Trust,” Ken Thompson’s Turing Award lecture Scary thought: it can be done in hardware, and neither we nor Intel have a way to find out if it has been Rewrite login program to accept hardwired account and password Insider can now get root access even after being fired and having account deleted For insidiously nasty variant, read “Reflections on Trusting Trust,” Ken Thompson’s Turing Award lecture Scary thought: it can be done in hardware, and neither we nor Intel have a way to find out if it has been 7 / 23

  8. Attacks Random Probes CS34 Random Probes 2012-12-10 Attacks Myth: “Sure, they attack Google all the time. But nobody knows my machine even exists.” Reality: Bad guys don’t need to know your name or where you are. They just have to try all possible IP addresses. (Even in IPv6, Random Probes this can be done.) ⇒ Assume intruders will find you and probe you, unless a firewall (or possibly NAT box) protects you Myth: “Sure, they attack Google all the time. But nobody knows my machine even exists.” Reality: Bad guys don’t need to know your name or where you are. They just have to try all possible IP addresses. (Even in IPv6, this can be done.) ⇒ Assume intruders will find you and probe you, unless a firewall (or possibly NAT box) protects you 8 / 23

  9. Attacks Password Guessing CS34 Password Guessing 2012-12-10 Attacks Having probed, log into an account: ◮ User guest , password guest ◮ admin / admin ◮ root /<null> (really!) Password Guessing Bad guys have huge lists of common accounts (e.g., phpadmin , cisco , help ) and passwords Variation: acquire encrypted passwords and rather than decrypting, run common passwords through one-way encryption algorithm to search for hits (“dictionary attack”) Having probed, log into an account: ◮ User guest , password guest ◮ admin / admin ◮ root /<null> (really!) Bad guys have huge lists of common accounts (e.g., phpadmin , cisco , help ) and passwords Variation: acquire encrypted passwords and rather than decrypting, run common passwords through one-way encryption algorithm to search for hits (“dictionary attack”) 9 / 23

  10. Attacks Privilege Escalation CS34 Privilege Escalation 2012-12-10 Attacks Insiders can do bad things by getting unauthorized access Especially bad in military-ish settings Privilege Escalation Outsiders can first crack an inside account with a weak password, then use privilege escalation to get more sensitive access (outside → inside attack) Insiders can do bad things by getting unauthorized access Especially bad in military-ish settings Outsiders can first crack an inside account with a weak password, then use privilege escalation to get more sensitive access (outside → inside attack) 10 / 23

  11. Attacks Buffer Overflows CS34 Buffer Overflows 2012-12-10 Attacks You did this in CS 105 Typically allows execution of arbitrary code with privileges of attacked process One of the worst! Buffer Overflows All due to bad design decisions in C language (where “bad” == “couldn’t reliably predict the future”) New variant: return-oriented programming can overcome (almost?) all current defenses You did this in CS 105 ROP is a bit like level 0 of the buffer bomb, where you just called a Typically allows execution of arbitrary code with privileges of preexisting function. The only defense I can see is to arrange that every time a new stack frame is created, the VM tables are adjusted attacked process such that nothing above the local variables is writable. I don’t think that’s practical, for several reasons. One of the worst! All due to bad design decisions in C language (where “bad” == “couldn’t reliably predict the future”) New variant: return-oriented programming can overcome (almost?) all current defenses 11 / 23

  12. Attacks Command Injection CS34 Command Injection 2012-12-10 Attacks Many Web sites insert client input into a command SELECT id FROM employees WHERE name = ’ user input ’; Command Injection Many Web sites insert client input into a command SELECT id FROM employees WHERE name = ’ user input ’; 12 / 23

  13. Attacks Command Injection CS34 Command Injection 2012-12-10 Attacks Many Web sites insert client input into a command SELECT id FROM employees WHERE name = ’ user input ’; Command Injection Many Web sites insert client input into a command SELECT id FROM employees WHERE name = ’ user input ’; 12 / 23

  14. Attacks Trojan Horses CS34 Trojan Horses 2012-12-10 Pretend to be what you’re not Attacks Canonical example: clear_screen(); printf("Login: "); gets(login_name); Trojan Horses printf("Password: "); Pretend to be what you’re not gets(password); /* record the stolen information */ printf("Login failed\n"); execv("/bin/login", NULL); User reveals password, thinks she just mistyped it Note that phishing is a variant on the Trojan horse Canonical example: clear_screen(); printf("Login: "); gets(login_name); printf("Password: "); gets(password); /* record the stolen information */ printf("Login failed\n"); execv("/bin/login", NULL); User reveals password, thinks she just mistyped it Note that phishing is a variant on the Trojan horse 13 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron Brightwell Scalable System Software Sandia National Laboratories Albuquerque, NM, USA International Workshop on Runtime and Operating Systems for

575 views • 32 slides
About Me Bhuvan Urgaonkar Operating Systems Assistant Professor, CSE Operating Systems

About Me Bhuvan Urgaonkar Operating Systems Assistant Professor, CSE Operating Systems

About Me Bhuvan Urgaonkar Operating Systems Assistant Professor, CSE Operating Systems Ph.D., Sept. 2005, Univ. of Mass. Amherst CSE 411 CSE 411 Research areas Operating systems, Distributed systems, Computer networks

500 views • 8 slides
CPS 210: Operating Systems CPS 210: Operating Systems Operating Systems: The Big Picture

CPS 210: Operating Systems CPS 210: Operating Systems Operating Systems: The Big Picture

CPS 210: Operating Systems CPS 210: Operating Systems Operating Systems: The Big Picture Operating Systems: The Big Picture The operating system (OS) is the interface between user applications and the hardware. User Applications virtual

245 views • 24 slides
Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Roadmap for Section 1.2. History of Operating Systems Tasks of an Operating System OS as

Unit OS1: Overview of Operating Systems 1.2. The Evolution of Operating Systems Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 1.2. History of Operating Systems Tasks of

556 views • 12 slides
History Where the idea for Operating systems came from Genealogy of Operating Systems

History Where the idea for Operating systems came from Genealogy of Operating Systems

BS1 WS19/20 topic-based slides History Where the idea for Operating systems came from Genealogy of Operating Systems Critical Innovations Hardware and Software Hardware Development Operating System Development Operating Systems

631 views • 23 slides
Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is

Operating Systems WT 2019/20 Abridged History of Operating Systems Something to Ponder What is an Operating System? try to come up with a defjnition of what the term operating system means. Discuss your fjndings amongst yourselves. Operating

607 views • 26 slides
Architectural Support for Operating Systems (Chapter 2) CS 4410 Operating Systems [R. Agarwal,

Architectural Support for Operating Systems (Chapter 2) CS 4410 Operating Systems [R. Agarwal,

Architectural Support for Operating Systems (Chapter 2) CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse] Lets start at the very beginning 2 A Short History of Operating Systems 3 History of

822 views • 34 slides
CSE 3320 Operating Systems Computer and Operating Systems Overview Jia Rao Department of

CSE 3320 Operating Systems Computer and Operating Systems Overview Jia Rao Department of

CSE 3320 Operating Systems Computer and Operating Systems Overview Jia Rao Department of Computer Science and Engineering http://ranger.uta.edu/~jrao Overview Recap of last class o What is an operating system ? o Functionalities of

530 views • 24 slides
Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware

Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware

Dependability aspects of Operating Systems and Middleware Non-functional properties in Operating Systems and Middleware Seminar topics 2016 Driver verification Exhaustive verification has become feasible for small software systems, such as

494 views • 7 slides
Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111

Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111

Hardware Issues for Operating Systems CS 111 Operating Systems Peter Reiher Lecture 3 CS 111 Page 1 Fall 2015 Outline Hardware and the operating system Processor issues Buses and devices Disk drives Well talk about

777 views • 64 slides
Real-Time Operating Systems Heechul Yun 1 What is an OS? 2 Operating Systems A program

Real-Time Operating Systems Heechul Yun 1 What is an OS? 2 Operating Systems A program

Real-Time Operating Systems Heechul Yun 1 What is an OS? 2 Operating Systems A program that acts as an intermediary between users and the computer hardware Applications Operating System Computer Hardware 3 Common OS Services Task

604 views • 15 slides
Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real

Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real

Chapter 10: Case Studies So what happens in a real operating system? Operating systems in the real world Studied mechanisms used by operating systems Processes &amp; scheduling Memory management File systems Security How are

408 views • 22 slides
CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time, this patch was made to Linuxs wait4() system call: + if ((options == (__WCLONE|__WALL)) &amp;&amp; (current-&gt;uid = 0)) +

550 views • 33 slides
CS5460: Operating Systems Lecture 1: Course Overview (Chapter 1) CS 5460: Operating Systems

CS5460: Operating Systems Lecture 1: Course Overview (Chapter 1) CS 5460: Operating Systems

CS5460: Operating Systems Lecture 1: Course Overview (Chapter 1) CS 5460: Operating Systems Lecture 1 What is an Operating System? Interface between user and hardware Exports simpler virtual machine interface Hides ugly

368 views • 22 slides
CSE 513 I ntroduction to Operating Systems Class 9 - Distributed and Multiprocessor Operating

CSE 513 I ntroduction to Operating Systems Class 9 - Distributed and Multiprocessor Operating

CSE 513 I ntroduction to Operating Systems Class 9 - Distributed and Multiprocessor Operating Systems J onat han Walpole Dept . of Comp. Sci. and Eng. Oregon Healt h and Science Universit y 1 Why use parallel or distributed systems?

1.08k views • 92 slides
Performance in Operating Systems and Middleware Frank Feinbube Operating Systems and Middleware

Performance in Operating Systems and Middleware Frank Feinbube Operating Systems and Middleware

Performance in Operating Systems and Middleware Frank Feinbube Operating Systems and Middleware Performance To the limit of computation! What is possible, what is not? Law-abiding hardware and operating system trends (Moore, Dennard,

287 views • 9 slides
Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

770 views • 28 slides
SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2

SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2

SHOP SLIDE Photo 1. Looking northwest at cracking across the footpath at the end of the Hwy 2 EB to Hwy 684 SB off ramp at the 99 Ave. intersection. Drop in asphalt trail (background) has worsened since 2013 and is now at 300 mm. Photo

894 views • 17 slides
Cracking Drupal Security concepts and pitfalls Klaus Purer Peter Wolanin Security strategies

Cracking Drupal Security concepts and pitfalls Klaus Purer Peter Wolanin Security strategies

Cracking Drupal Security concepts and pitfalls Klaus Purer Peter Wolanin Security strategies Trust - who can do what Principle of least privilege - each site user should have only the permissions necessary to do their job Defense

623 views • 36 slides
Reverse-Engineering DisplayLink devices Florian floe Echtler, Chris platon Hodges

Reverse-Engineering DisplayLink devices Florian floe Echtler, Chris platon Hodges

Introduction Cracking the Encryption The Graphics Protocol Finale Reverse-Engineering DisplayLink devices Florian floe Echtler, Chris platon Hodges December 28, 2009 Florian floe Echtler, Chris platon Hodges USB to

644 views • 31 slides
Policy Exploration of JITDs (C) Team Twinkle What we have available: Current implementation

Policy Exploration of JITDs (C) Team Twinkle What we have available: Current implementation

Policy Exploration of JITDs (C) Team Twinkle What we have available: Current implementation of cracking policy crack crack_one pushdown_concats crack_scan Current implementation of adaptive merge policy

418 views • 22 slides
Legacy Crypto Never Dies (Why won't DES just die???) David Hulton &lt;david@toorcon.org&gt;

Legacy Crypto Never Dies (Why won't DES just die???) David Hulton &lt;david@toorcon.org&gt;

Legacy Crypto Never Dies (Why won't DES just die???) David Hulton &lt;david@toorcon.org&gt; crack.sh is a service of the ToorCon Information Security RECON BRUSSELS 2017 Conference and is provided for research purposes only. DefCon 2012 Recap

578 views • 36 slides
Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix

Privilege Escala-on Manual privilege escala/on techniques on Unix and Windows Michal Knapkiewicz, May 2016 whoami Senior Consultant at Advanced Security

884 views • 51 slides
Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch

Principles for Secure Software Following these doesnt guarantee security But they touch on the most commonly seen security problems Thinking about them is likely to lead to more secure code Lecture 13 Page 1 CS 236 Online 1.

439 views • 22 slides

More recommend