cs 527 software security
play

CS-527 Software Security Basic Security Principles Asst. Prof. - PowerPoint PPT Presentation

Sep 05, 2022 •521 likes •794 views

CS-527 Software Security Basic Security Principles Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Security goals Table of Contents

  1. CS-527 Software Security Basic Security Principles Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017

  2. Security goals Table of Contents Security goals 1 Fundamental security mechanisms 2 Hardware and software abstractions 3 Security mechanisms 4 Summary and Conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 2 / 26

  3. Security goals Software Security Definition Allow intended use of software, prevent unintended use that may cause harm. Mathias Payer (Purdue University) CS-527 Software Security 2017 3 / 26

  4. Security goals Security principles Confidentiality: an attacker cannot recover protected data. Integrity: an attacker cannot modify protected data. Availability: an attacker cannot stop/hinder computation. These fundamental CIA properties are used in different contexts of software security policies and mechanisms. Accountability/non-repudiation is sometimes mentioned as fourth fundamental concept. It prevents denial of message transmission or receipt. Non-repudiation is, at its core, a legal concept. Mathias Payer (Purdue University) CS-527 Software Security 2017 4 / 26

  5. Security goals Security analysis Given a software system, is the system secure? ... it depends What is the interface? (What is the attack surface?) What are the assets? (How profitable is an attack?) What are the goals? (What drives an attacker?) Mathias Payer (Purdue University) CS-527 Software Security 2017 5 / 26

  6. Security goals Threat model Definition: Threat model Threat model defines an attacker’s abilities and resources. Assume you want to protect an asset (your valuables) by locking them in a safe. In cloud cuckoo land you don’t need to lock your safe. An attacker might pick your lock. An attacker might use a torch to open the safe. An attacker may have some advanced safe opening technology (e.g., an X-ray). An attacker may know you and get access to (or copy) your key. Mathias Payer (Purdue University) CS-527 Software Security 2017 6 / 26

  7. Security goals Cost of security There’s no free lunch, security will incur overhead. Security is... expensive to develop, may have performance overhead, may be inconvenient to users. Mathias Payer (Purdue University) CS-527 Software Security 2017 7 / 26

  8. Fundamental security mechanisms Table of Contents Security goals 1 Fundamental security mechanisms 2 Hardware and software abstractions 3 Security mechanisms 4 Summary and Conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 8 / 26

  9. Fundamental security mechanisms Security principles Least privilege The principle of least privilege ensures that a component has the least privileges needed to function. Any privilege that is further removed from the component removes some functionality. Any additional privilege is not needed to run the component according to the specification. Note that this property constrains an attacker in the privileges that can be obtained. Mathias Payer (Purdue University) CS-527 Software Security 2017 9 / 26

  10. Fundamental security mechanisms Security goals Separation Separate individual components into smallest functional entity possible. General idea: contain faults to individual components. Allows abstraction and permission checks at boundaries. Note that this property builds on least privilege. Both properties are most effective in combination: many small components that are running and interacting with least privileges. Mathias Payer (Purdue University) CS-527 Software Security 2017 10 / 26

  11. Fundamental security mechanisms Security goals Trust and correctness Specific components are assumed to be trusted or correct according to a specification. Formal verification ensures that a component correctly implements a given specification and can therefore be trusted. Note that this property is an ideal property that cannot generally be achieved. Mathias Payer (Purdue University) CS-527 Software Security 2017 11 / 26

  12. Fundamental security mechanisms Security scope (Parts of a water-tight compartment, Seaman’s Pocket Book, 1943) Mathias Payer (Purdue University) CS-527 Software Security 2017 12 / 26

  13. Fundamental security mechanisms Security scope (Parts of a water-tight compartment, Seaman’s Pocket Book, 1943) Mathias Payer (Purdue University) CS-527 Software Security 2017 13 / 26

  14. Fundamental security mechanisms Security scope (USS South Dakota (BB-57) at the New York Shipbuilding Corporation shipyard, Camden, New Jersey, 1 April 1940.) Mathias Payer (Purdue University) CS-527 Software Security 2017 14 / 26

  15. Fundamental security mechanisms Security scope (Side plan of the RMS Titanic, 1911, annotated) Mathias Payer (Purdue University) CS-527 Software Security 2017 15 / 26

  16. Hardware and software abstractions Table of Contents Security goals 1 Fundamental security mechanisms 2 Hardware and software abstractions 3 Security mechanisms 4 Summary and Conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 16 / 26

  17. Hardware and software abstractions Operating System (OS) abstraction Allows individual processes exclusive access to resources. Provides well-defined API to access hardware resources. Enforces mutual exclusion to resources. Enforces access permissions for resources. Restricts attacker to specific user privileges. ... is a trusted component. All process can be attacked through vulnerabilities in the OS kernel. ... trusts the hardware. Mathias Payer (Purdue University) CS-527 Software Security 2017 17 / 26

  18. Hardware and software abstractions Hardware abstraction Virtual memory is a hardware-enforced separation of memory pages to individual processes. Only operating system has access to physical memory (or at least believes so). DMA allows trusted devices direct access to memory. ISA implements different privilege level (ring 0 to ring 3 on x86). Hardware abstractions are fundamental for performance. Mathias Payer (Purdue University) CS-527 Software Security 2017 18 / 26

  19. Security mechanisms Table of Contents Security goals 1 Fundamental security mechanisms 2 Hardware and software abstractions 3 Security mechanisms 4 Summary and Conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 19 / 26

  20. Security mechanisms Access control Access control specifies how entities interact with resources. Authentication: Who are you (something you know, have, or are)? Authorization: Who has access to object? (Follows authentication) Audit: I’ll check what you did. Mathias Payer (Purdue University) CS-527 Software Security 2017 20 / 26

  21. Security mechanisms Types of access control Discretionary Access Control (DAC): Object owners specify policy. Mandatory Access Control (MAC): Rule and lattice-based policy. Role-Based Access Control (RBAC): Policy defined in terms of roles (sets of permissions), individuals are assigned roles, roles are authorized for tasks. Mathias Payer (Purdue University) CS-527 Software Security 2017 21 / 26

  22. Security mechanisms Different security models Access control lists Capabilities Bell - LaPadula Information flow Mathias Payer (Purdue University) CS-527 Software Security 2017 22 / 26

  23. Security mechanisms Access control matrix Goal: provide access rights for subjects to corresponding objects 1 . foo bar baz user rwx rw rw group rx r r other rx r Used, e.g., in the Unix/Linux security model for file accesses or the Android, iOS, or Java security model for privileged APIs. 1 Introduced by Butler Lampson in 1971, http://research.microsoft. com/en-us/um/people/blampson/08-Protection/Acrobat.pdf . Mathias Payer (Purdue University) CS-527 Software Security 2017 23 / 26

  24. Summary and Conclusion Table of Contents Security goals 1 Fundamental security mechanisms 2 Hardware and software abstractions 3 Security mechanisms 4 Summary and Conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 24 / 26

  25. Summary and Conclusion Summary Software security goal: allow intended use of software, prevent unintended use that may cause harm. Three principles: Confidentiality, Integrity, Availability. Security of a system depends on its threat model. Least privilege, separation, and trust as concepts. Security relies on abstractions to reduce complexity. Reading assignment: Butler Lampson, Protection, http://doi.acm.org/10.1145/775265.775268 . Mathias Payer (Purdue University) CS-527 Software Security 2017 25 / 26

  26. Summary and Conclusion Questions? ? Mathias Payer (Purdue University) CS-527 Software Security 2017 26 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a course on software security? Software plays a major role in the modern society But is a major source of security problems. Software is the

659 views • 30 slides
Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Agenda Securing the software

1.91k views • 65 slides
Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the program enforces expected C onfidentiality I ntegrity A vailability How can we look at software component and assess its

837 views • 49 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Some recent attacks 2 A game changer The Internet

1.17k views • 87 slides
Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2014 jan (sect) Software Security SoSe 2014 1 / 13 Recap: Overflow Bugs Ingredients: fixed-size buffer on the

429 views • 13 slides
CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information Security Group Royal Holloway, University of London ESORICS 2011 Traditional Access Control ? SECRET Time-Storage

707 views • 45 slides
Why We Should Take a Second What do we learn from Look at Access Control in Unix this?

Why We Should Take a Second What do we learn from Look at Access Control in Unix this?

Introduction A model for Unix Why We Should Take a Second What do we learn from Look at Access Control in Unix this? Concluding remarks Jason Crampton Information Security Group Royal Holloway, University of London NordSec 2008

590 views • 27 slides
PeopleSoft Security Reports November 2011 1 1 Learning Objectives Discuss the main

PeopleSoft Security Reports November 2011 1 1 Learning Objectives Discuss the main

PeopleSoft Security Reports November 2011 1 1 Learning Objectives Discuss the main objectives of the security review Explain the purpose of the PeopleSoft Security reports Demonstrate ways to manage the information in the reports

491 views • 35 slides
Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
CSE543 - Introduction to Computer and Network Security Module: Access Control Professor Trent

CSE543 - Introduction to Computer and Network Security Module: Access Control Professor Trent

806 views • 33 slides
Security (2) Summer 2016 Cornell University 1 Today Access control DAC MAC 2

Security (2) Summer 2016 Cornell University 1 Today Access control DAC MAC 2

CS 4410 Operating Systems Security (2) Summer 2016 Cornell University 1 Today Access control DAC MAC 2 Access control Confidentiality and integrity are often enforced using access control. Predefined operations are the

649 views • 17 slides
Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage

Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage

CSE 127: Computer Security Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage Incentives and Deterrents Attackers equation: (expected gain) > (cost of attack) Defenders equation:

301 views • 28 slides
Access Control CS461/ECE422 Spring 2012 Reading Material

Access Control CS461/ECE422 Spring 2012 Reading Material

Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4 through sec=on 4.5 Chapters 25 and 26 For the access control aspects of

967 views • 40 slides

More recommend