csci 1650 software security and exploitation
play

CSCI 1650: Software Security and Exploitation Introduction - PowerPoint PPT Presentation

Jan 31, 2024 •48 likes •238 views

CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis September 09, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 1650 Fall 20 1 / 6 Course Overview (1/2)

  1. CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis September 09, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 1 / 6

  2. Course Overview (1/2) • BPF_SECCOMP, FORTIFY_SRC Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) • ... • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection Software Exploitation • ... • RELRO, BIND_NOW • Stack/Heap canaries • W^X, ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects Software Security Control-fmow hijacking Memory unsafe code (written in C / C++ , asm , ...) 2 / 6 ▶ What is this course about?

  3. Course Overview (1/2) • BPF_SECCOMP, FORTIFY_SRC Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) • ... • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection Software Exploitation • ... • RELRO, BIND_NOW • Stack/Heap canaries • W^X, ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects Control-fmow hijacking 2 / 6 ▶ What is this course about? ✘ Memory unsafe code (written in C / C++ , asm , ...) ▶ Software Security

  4. Course Overview (1/2) • BPF_SECCOMP, FORTIFY_SRC Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) • ... • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection • ... • RELRO, BIND_NOW • Stack/Heap canaries • W^X, ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects 2 / 6 ▶ What is this course about? ✘ Memory unsafe code (written in C / C++ , asm , ...) ✘ Control-fmow hijacking ▶ Software Security ▶ Software Exploitation

  5. (plus objdump , readelf , ..., etc.) Course Overview (2/2) Using only gdb ! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development Learn how to break software Ofgense argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 6 ▶ Why take this course?

  6. (plus objdump , readelf , ..., etc.) Course Overview (2/2) Using only gdb ! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 6 ▶ Why take this course? � Ofgense ✔ Learn how to break software

  7. Course Overview (2/2) (plus objdump , readelf , ..., etc.) Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 6 ▶ Why take this course? � Ofgense ✔ Learn how to break software ✪ Using only gdb !

  8. Course Overview (2/2) (plus objdump , readelf , ..., etc.) Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and 3 / 6 ▶ Why take this course? � Defense � Ofgense ✔ Understand the boundaries of ✔ Learn how to break software ✪ Using only gdb !

  9. Course Overview (2/2) (plus objdump , readelf , ..., etc.) Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and 3 / 6 ▶ Why take this course? � Defense � Ofgense ✔ Understand the boundaries of ✔ Learn how to break software ✪ Using only gdb ! ▶ Why are these useful?

  10. Prerequisites CSCI 0300 (Fundamentals of Computer Systems) • C/C++, x86 asm • Virtual memory • Linking and loading • Memory management Having taken the following courses is a plus, but not required: • CSCI 1660 (Computer Systems Security) • CSCI 2951E (Topics in Computer System Security) We will review (most of) the important concepts vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 4 / 6 ▶ CSCI 0330 (Introduction to Computer Systems) ▶ CSCI 1670 (Operating Systems)

  11. Prerequisites CSCI 0300 (Fundamentals of Computer Systems) • C/C++, x86 asm • Virtual memory • Linking and loading • Memory management • CSCI 1660 (Computer Systems Security) • CSCI 2951E (Topics in Computer System Security) We will review (most of) the important concepts vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 4 / 6 ▶ CSCI 0330 (Introduction to Computer Systems) ▶ CSCI 1670 (Operating Systems) ✔ Having taken the following courses is a plus, but not required:

  12. Prerequisites CSCI 0300 (Fundamentals of Computer Systems) • C/C++, x86 asm • Virtual memory • Linking and loading • Memory management • CSCI 1660 (Computer Systems Security) • CSCI 2951E (Topics in Computer System Security) vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 4 / 6 ▶ CSCI 0330 (Introduction to Computer Systems) ▶ CSCI 1670 (Operating Systems) ✔ Having taken the following courses is a plus, but not required: ✪ We will review (most of) the important concepts

  13. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics Check the website! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Announcements • Piazza | cs1650tas@lists.brown.edu Meetings • https://cs.brown.edu/courses/csci1650/ Communication 0% Final 0% Midterm • 4x CTF-like write-ups 90% Assignments 10% (Piazza) Participation Grading • Asynchronous • Online 5 / 6

  14. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics Check the website! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Announcements • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ Communication 0% Final 0% Midterm • 4x CTF-like write-ups 90% Assignments 10% (Piazza) Participation Grading • Asynchronous • Online 5 / 6 � Meetings

  15. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics Check the website! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Announcements • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ 0% Final 0% Midterm • 4x CTF-like write-ups 90% Assignments 10% (Piazza) Participation Grading • Asynchronous • Online 5 / 6 � Meetings � Communication

  16. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics • Announcements Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ 90% • Online • Asynchronous Grading Participation 10% (Piazza) Assignments • 4x CTF-like write-ups Midterm 0% Final 0% 5 / 6 � Meetings � Communication ✪ Check the website!

  17. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics • Lecture slides/code Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Announcements • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ • 4x CTF-like write-ups • Asynchronous • Online 5 / 6 � Meetings � Communication ✪ Check the website! ▶ Grading ✔ Participation ➜ 10% (Piazza) ✔ Assignments ➜ 90% ✔ Midterm ➜ 0% ✔ Final ➜ 0%

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
CS-527 Software Security Exploitation Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Exploitation Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Exploitation Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Exploitation: Context/Disclaimer In this module

411 views • 37 slides
CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Exploitation: Disclaimer This section introduces software exploitation We will discuss both basic and advanced exploitation

831 views • 48 slides
CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Exploitation: Disclaimer This section focuses software exploitation We will discuss both basic and advanced

860 views • 49 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz

them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz

One font vulnerability to rule them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz j00ru Jurczyk REcon 2015, Montreal PS> whoami Project Zero @ Google Low-level security researcher

2.33k views • 187 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

608 views • 8 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

395 views • 7 slides
Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in

Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in

Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in GSM software Ralf-Philipp Weinmann Laboratory for Algorithmics, Cryptology & Computer Security University of Luxembourg

901 views • 46 slides
CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27,

CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27,

CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 2951U Spring 20 1 / 8 Course Overview (1/2)

739 views • 20 slides
Modern Game Console Exploitation Eric DeBusschere, Mike McCambridge March 26, 2012 Console

Modern Game Console Exploitation Eric DeBusschere, Mike McCambridge March 26, 2012 Console

Modern Game Console Exploitation Eric DeBusschere, Mike McCambridge March 26, 2012 Console Security Overview Most modern consoles acheive complete software security by only running signed code, encrypting memory, and utilizing firmware updates

588 views • 37 slides
Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication Introduction to Computer Security Announcements intermission Day 9: OS security basics Stephen McCamant Basics of access control University of Minnesota,

269 views • 8 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering Web

522 views • 5 slides
CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 5-Oct-2018 (14) CSCI 2132 1 Previous Lecture (Fire Alarm) Integer and

621 views • 18 slides
Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc

Website Fingerprinting Defenses at the Application Layer Giovanni Cherubin 1 Jamie Hayes 2 Marc Juarez 3 1 Royal Holloway University of London 2 University College London 3 imec-COSIC KU Leuven 19th July 2017, PETS17, Minneapolis, MN, USA

735 views • 17 slides
CSCI 8260 Spring 2016 Computer Network Attacks and Defenses Syllabus Prof. Roberto Perdisci

CSCI 8260 Spring 2016 Computer Network Attacks and Defenses Syllabus Prof. Roberto Perdisci

CSCI 8260 Spring 2016 Computer Network Attacks and Defenses Syllabus Prof. Roberto Perdisci perdisci@cs.uga.edu Who is this course for? l Open to graduate students only l Students who complete this course successfully will receive

492 views • 20 slides
ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner Nicholas Carlini Return Oriented Programming Basic ROP Mo(va(ons DEP Data

712 views • 11 slides
Network #5: Denial of Service and Firewalls (Most Slides stolen from Dave Wagner) 1

Network #5: Denial of Service and Firewalls (Most Slides stolen from Dave Wagner) 1

Computer Science 161 Fall 2016 Popa and Weaver Network #5: Denial of Service and Firewalls (Most Slides stolen from Dave Wagner) 1 Theme of This Lecture: Why Twitter & Reddit Sucked Last Week Computer Science 161 Fall 2016

597 views • 46 slides
READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you

READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you

READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you have 5 intelligent great multi-dimensional players Most offenses are predicated on a certain type of player. Its also not an offense set

1.2k views • 87 slides
Identifying an accurate metric for football efficiency Tim Chou Football Coach Introduction:

Identifying an accurate metric for football efficiency Tim Chou Football Coach Introduction:

Identifying an accurate metric for football efficiency Tim Chou Football Coach Introduction: Whats the problem? Defense industry Stuck doing business the same way we did in the 80s Coaching football Running the same drills

526 views • 20 slides
Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor

Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor

Towards Robust LiDAR-based Perception in Autonomous Driving: General Black-box Adversarial Sensor Attack and Countermeasures Jiachen Sun 1 Yulong Cao 1 , Qi Alfred Chen 2 , and Z. Morley Mao 1 1 2 Autonomous Vehicle (AV) Perception

525 views • 38 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides

More recommend