cs527 software security
play

CS527 Software Security Basic Principles Mathias Payer Purdue - PowerPoint PPT Presentation

Nov 22, 2022 •211 likes •470 views

CS527 Software Security Basic Principles Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software Security Allow inteded use of software, prevent unintended use that may cause harm. Mathias Payer CS527

  1. CS527 Software Security Basic Principles Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security

  2. Software Security Allow inteded use of software, prevent unintended use that may cause harm. Mathias Payer CS527 Software Security

  3. Security principles Confidentiality: an attacker cannot recover protected data Integrity: an attacker cannot modify protected data Availability: an attacker cannot stop/hinder computation Accountability/non-repudiation may be used as fourth fundamental concept. It prevents denial of message transmission or receipt. Mathias Payer CS527 Software Security

  4. Security analysis Given a software system, is it secure? . . . it depends What is the attack surface? What are the assets? (How profitable is an attack?) What are the goals? (What drives an attacker?) Mathias Payer CS527 Software Security

  5. Attacks and Defenses Attack (threat) models A class of attacks that you want to stop What is the attacker’s capability? What is impact of an attack? What attacks are out-of-scope? Defenses address a certain attack/threat model. General: e.g., stop memory corruptions Very specific: e.g., stop overwriting a return address Mathias Payer CS527 Software Security

  6. Threat model A threat model defines an attacker’s abilities and resources. Awareness of entry points (and associated threats) Look at systems from an attacker’s perspective Decompose application: identify structure Determine and rank threats Determine counter measures and mitigation Reading material: https://www.owasp.org/index.php/ Application_Threat_Modeling Mathias Payer CS527 Software Security

  7. Threat model: example Assume you want to protecy your valuables by locking them in a safe. In trust land, you don’t need to lock your safe. An attacker may pick your lock. An attacker may use a torch to open your safe. An attacker may use advanced technology (x-ray) to open the safe. An attacker may get access (or copy) your key. Mathias Payer CS527 Software Security

  8. Cost of security There is no free lunch, security incurs overhead. Security is. . . expensive to develop, may have performance overhead, may be inconvenient to users. Mathias Payer CS527 Software Security

  9. Fundamental security mechanisms Isolation Least privilege Fault compartments Trust and correctness Figure 1 Mathias Payer CS527 Software Security

  10. Isolation Isolate two components from each other. One component cannot access data/code of the other component except through a well-defined API. Mathias Payer CS527 Software Security

  11. Least privilege The principle of least privilege ensures that a component has the least privileges needed to function. Any privilege that is further removed from the component removes some functionality. Any additional privilege is not needed to run the component according to the specification. Note that this property constrains an attacker in the privileges that can be obtained. Mathias Payer CS527 Software Security

  12. Fault compartments Separate individual components into smallest functional entity possible. General idea: contain faults to individual components. Allows abstraction and permission checks at boundaries. Note that this property builds on least privilege and isolation. Both properties are most effective in combination: many small components that are running and interacting with least privileges. Mathias Payer CS527 Software Security

  13. Fault compartments Figure 2 Mathias Payer CS527 Software Security

  14. Trust and correctness Specific components are assumed to be trusted or correct according to a specification. Formal verification ensures that a component correctly implements a given specification and can therefore be trusted. Note that this property is an ideal property that cannot generally be achieved. Mathias Payer CS527 Software Security

  15. Hardware and software abstractions Operating System (OS) abstractions Hardware abstractions Mathias Payer CS527 Software Security

  16. Operating System (OS) abstraction Provides process abstraction Well-defined API to access hardware resources Enforces mutual exclusion to resources Enforces access permissions for resources Restrictions based on user/group/ACL Restricts attacker Mathias Payer CS527 Software Security

  17. Hardware abstraction Virtual memory through MMU/OS Only OS has access to raw physical memory DMA for trusted devices ISA enforces privilege abstraction (ring 0/3 on x86) Hardware abstractions are fundamental for performance Mathias Payer CS527 Software Security

  18. Access control Authentication: Who are you (something you know, have, or are)? Authorization: Who has access to object? Audit/Provenance: I’ll check what you did. Mathias Payer CS527 Software Security

  19. Types of access control Discretionary Access Control (DAC): Object owners specify policy Mandatory Access Control (MAC): Rule and lattice-based policy Role-Based Access Control (RBAC): Policy defined in terms of roles (sets of permissions), individuals are assigned roles, roles are authorized for tasks. Mathias Payer CS527 Software Security

  20. DAC User has authority over resources she owns User determines permissions for her data if other users want to access it Mathias Payer CS527 Software Security

  21. MAC Centrally controlled One entity controls what permissions are given Users cannot change policy themselves Mathias Payer CS527 Software Security

  22. RBAC Access permission is broken into sets of roles. Users get assigned specific roles Administration privileges may be a role. Mathias Payer CS527 Software Security

  23. Different security models Access control lists (static) Capabilities (static) Bell-LaPadula (state machine) Information flow (flow dependent) Mathias Payer CS527 Software Security

  24. Access control matrix Provide access rights for subjects to objects. foo bar baz user rwx rw rw group rx r r other rx r Used, e.g., for Unix/Linux filesystems or Android/iOS/Java security model for privileged APIs. Introduced by Butler Lampson in 1971 http://research.microsoft.com/en-us/um/people/ blampson/08-Protection/Acrobat.pdf . Mathias Payer CS527 Software Security

  25. Summary and conclusion Software security goal: allow intended use of software, prevent unintended use that may cause harm. Three principles: Confidentiality, Integrity, Availability. Security of a system depends on its threat model. Isolation, least privilege, fault compartments, and trust as concepts. Security relies on abstractions to reduce complexity. Reading assignment: Butler Lampson, Protection http://doi.acm.org/10.1145/775265.775268 Mathias Payer CS527 Software Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security About me Instructor: Mathias Payer Research area: system/software security Memory/type safety Mitigating control-flow

460 views • 25 slides
CS527 Software Security Advanced Mitigations Mathias Payer Purdue University, Spring 2018

CS527 Software Security Advanced Mitigations Mathias Payer Purdue University, Spring 2018

CS527 Software Security Advanced Mitigations Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Model for Control-Flow Hijack Attacks Figure 1: Mathias Payer CS527 Software Security Advanced mitigations

504 views • 26 slides
CS527 Software Security Reverse Engineering Mathias Payer Purdue University, Spring 2018

CS527 Software Security Reverse Engineering Mathias Payer Purdue University, Spring 2018

CS527 Software Security Reverse Engineering Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Basics: encodings Code is data is code is data Learn to read hex numbers: 0x38 == 0011'1000 Python:

710 views • 49 slides
CS527 Software Security Mobile Security Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Mobile Security Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Mobile Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Android statistics 1.4 billion users (1) Android generates $31 billion revenue (2) 4,000+ different devices (1)

157 views • 11 slides
CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Exploitation: Disclaimer This section focuses software exploitation We will discuss both basic and advanced

860 views • 49 slides
CS527 Software Security Program Testing Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Program Testing Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Program Testing Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Why testing? Testing is the process of executing a program to find errors. An error is a deviation between observed

391 views • 38 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
Efficient Dynamic Isolation of Congestion in Lossless DataCenter Networks Luis Gonzalez-Naharro

Efficient Dynamic Isolation of Congestion in Lossless DataCenter Networks Luis Gonzalez-Naharro

Efficient Dynamic Isolation of Congestion in Lossless DataCenter Networks Luis Gonzalez-Naharro * , Jesus Escudero-Sahuquillo * , Pedro J. Garcia * , Francisco J. Quiles * , Jose Duato , Wenhao Sun , Li Shen , Xiang Yu , and Hewen

602 views • 21 slides
Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford

Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford

Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford University Joint work

650 views • 46 slides
Sandboxing and isolation Deian Stefan Today Lecture objectives: Understand basic principles

Sandboxing and isolation Deian Stefan Today Lecture objectives: Understand basic principles

CSE 127: Computer Security Sandboxing and isolation Deian Stefan Today Lecture objectives: Understand basic principles for building secure systems Understand mechanisms used to build secure systems Principles of secure design

1.1k views • 64 slides
Stanford CS193p Developing Applications for iOS Fall 2011 Stanford CS193p Fall 2011 Today

Stanford CS193p Developing Applications for iOS Fall 2011 Stanford CS193p Fall 2011 Today

Stanford CS193p Developing Applications for iOS Fall 2011 Stanford CS193p Fall 2011 Today NSTimer and perform after delay Two delayed-action alternatives. More View Animation Continuation of Kitchen Sink demo Alerts and Action Sheets

581 views • 32 slides
Accountability and Freedom Butler Lampson Microsoft September 26, 2005 1 Real-World Security

Accountability and Freedom Butler Lampson Microsoft September 26, 2005 1 Real-World Security

Accountability and Freedom Butler Lampson Microsoft September 26, 2005 1 Real-World Security It s about risk, locks, and deterrence . Risk management: cost of security < expected loss Perfect security costs way too much

707 views • 26 slides
Wei Liu 1 , Yifan Gong 1 , Hao Wu 1 , Jidong Zhai 2 , Jiangming Jin 1 1. TuSimple Inc. 2.

Wei Liu 1 , Yifan Gong 1 , Hao Wu 1 , Jidong Zhai 2 , Jiangming Jin 1 1. TuSimple Inc. 2.

Memory-Centric Communication Mechanism for Real- time Autonomous Navigation Applications Wei Liu 1 , Yifan Gong 1 , Hao Wu 1 , Jidong Zhai 2 , Jiangming Jin 1 1. TuSimple Inc. 2. Tsinghua University, BNRist Agenda 1. Background &

674 views • 21 slides
Welcome to Fern Green Primary School Student Development Team 2020 Advisors (Mrs Tang and Mr

Welcome to Fern Green Primary School Student Development Team 2020 Advisors (Mrs Tang and Mr

Student Development Team Welcome to Fern Green Primary School Student Development Team 2020 Advisors (Mrs Tang and Mr See) HOD SM YH 1 YH 3 YH 2 HOD CCE Values DMs All teaching staff of Fern Green Primary School. Working towards

406 views • 13 slides
Y outh Resettlement and the Law Care into Practice Applying Children Act 1989 Guidance and

Y outh Resettlement and the Law Care into Practice Applying Children Act 1989 Guidance and

NAYJ Y outh Justice T raining Seminar - Monday 2nd April 2012 - John Moores University Y outh Resettlement and the Law Care into Practice Applying Children Act 1989 Guidance and Regulations to the Y oung Peoples Estat e Principles Policy

673 views • 18 slides

More recommend