csci 2951u topics in software security
play

CSCI 2951U: Topics in Software Security Introduction Vasileios - PowerPoint PPT Presentation

Oct 16, 2022 •518 likes •739 views

CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 2951U Spring 20 1 / 8 Course Overview (1/2)

  1. CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 2951U Spring ’20 1 / 8

  2. Course Overview (1/2) • CFI, CPI, ... Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) 3. Data-only attacks • ... • Signal-oriented prog. (SROP) • Blind ROP (BROP) • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection Software Exploitation • BPF_SECCOMP , FORTIFY_SRC • RELRO , BIND_NOW • Stack/Heap canaries • W^X , ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects Software Security Memory unsafe code (written in C / C++ , asm , ...) CSCI 1650 ++ State-of-the-art in software exploitation and defense 2 / 8 ▶ What is this course about?

  3. Course Overview (1/2) Software Exploitation Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) 3. Data-only attacks • ... • Signal-oriented prog. (SROP) • Blind ROP (BROP) • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection • CFI, CPI, ... • BPF_SECCOMP , FORTIFY_SRC • RELRO , BIND_NOW • Stack/Heap canaries • W^X , ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects Software Security Memory unsafe code (written in C / C++ , asm , ...) 2 / 8 ▶ What is this course about? ✔ State-of-the-art in software exploitation and defense ➜ CSCI 1650 ++

  4. Course Overview (1/2) 1. Code injection Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) 3. Data-only attacks • ... • Signal-oriented prog. (SROP) • Blind ROP (BROP) • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse • CFI, CPI, ... • BPF_SECCOMP , FORTIFY_SRC • RELRO , BIND_NOW • Stack/Heap canaries • W^X , ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects 2 / 8 ▶ What is this course about? ✔ State-of-the-art in software exploitation and defense ➜ CSCI 1650 ++ ✘ Memory unsafe code (written in C / C++ , asm , ...) ▶ Software Security ▶ Software Exploitation

  5. Course Overview (2/2) Why are these useful? Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) (c) why previous attempts failed (b) how exactly these attacks work (a) understand what sorts of attacks are possible mechanisms you need to: • To design efgective (and effjcient) software protection • Exploit “weaponization” defenses can be bypassed Learn how and why (certain) Ofgense mitigation techniques Familiarize with experimental argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 8 ▶ Why take this course?

  6. Course Overview (2/2) Why are these useful? Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) (c) why previous attempts failed (b) how exactly these attacks work (a) understand what sorts of attacks are possible mechanisms you need to: • To design efgective (and effjcient) software protection • Exploit “weaponization” defenses can be bypassed mitigation techniques Familiarize with experimental argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 8 ▶ Why take this course? � Ofgense ✔ Learn how and why (certain)

  7. Course Overview (2/2) Why are these useful? Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) (c) why previous attempts failed (b) how exactly these attacks work (a) understand what sorts of attacks are possible mechanisms you need to: • To design efgective (and effjcient) software protection • Exploit “weaponization” defenses can be bypassed mitigation techniques argue about their efgectiveness protection mechanisms and 3 / 8 ▶ Why take this course? � Defense � Ofgense ✔ Understand the boundaries of ✔ Learn how and why (certain) ✔ Familiarize with experimental

  8. Course Overview (2/2) • To design efgective (and effjcient) software protection Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) (c) why previous attempts failed (b) how exactly these attacks work (a) understand what sorts of attacks are possible mechanisms you need to: • Exploit “weaponization” defenses can be bypassed mitigation techniques argue about their efgectiveness protection mechanisms and 3 / 8 ▶ Why take this course? � Defense � Ofgense ✔ Understand the boundaries of ✔ Learn how and why (certain) ✔ Familiarize with experimental ▶ Why are these useful?

  9. Prerequisites Having taken the following courses is a plus, but not required: Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) We will review (most of) the important concepts • CSCI 2951E (Topics in Computer System Security) • CSCI 1660 (Computer Systems Security) • Virtual Memory • Linking and Loading • C/C++, x86 asm • Code Reuse (ROP) • Code Injection (Shellcode dev.) • Control-fmow Hijacking 4 / 8 ▶ CSCI 1650 (Software Security and Exploitation) ▶ CSCI 1670 (Operating Systems)

  10. Prerequisites • CSCI 1660 (Computer Systems Security) Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) We will review (most of) the important concepts • CSCI 2951E (Topics in Computer System Security) • Virtual Memory • Linking and Loading • C/C++, x86 asm • Code Reuse (ROP) • Code Injection (Shellcode dev.) • Control-fmow Hijacking 4 / 8 ▶ CSCI 1650 (Software Security and Exploitation) ▶ CSCI 1670 (Operating Systems) ✔ Having taken the following courses is a plus, but not required:

  11. Prerequisites • CSCI 1660 (Computer Systems Security) Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) • CSCI 2951E (Topics in Computer System Security) • Virtual Memory • Linking and Loading • C/C++, x86 asm • Code Reuse (ROP) • Code Injection (Shellcode dev.) • Control-fmow Hijacking 4 / 8 ▶ CSCI 1650 (Software Security and Exploitation) ▶ CSCI 1670 (Operating Systems) ✔ Having taken the following courses is a plus, but not required: ✪ We will review (most of) the important concepts

  12. Logistics (1/2) • https://cs.brown.edu/courses/csci2951-u/ Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) Assigned readings No required textbook Study material • Readings • Lecture slides • Announcements Check the website! spring.s01@lists.brown.edu • course.csci.2951u.2020- Communication Meetings 10% Project presentation 40% Project report 20% Discussion part. 20% Paper presentations 10% Paper reviews Grading • CIT 506 • Mondays, 3PM – 5:20PM (M hour) 5 / 8

  13. Logistics (1/2) • https://cs.brown.edu/courses/csci2951-u/ Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) Assigned readings No required textbook Study material • Readings • Lecture slides • Announcements Check the website! spring.s01@lists.brown.edu • course.csci.2951u.2020- Communication 10% Project presentation 40% Project report 20% Discussion part. 20% Paper presentations 10% Paper reviews Grading • CIT 506 • Mondays, 3PM – 5:20PM (M hour) 5 / 8 � Meetings

  14. Logistics (1/2) • https://cs.brown.edu/courses/csci2951-u/ Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) Assigned readings No required textbook Study material • Readings • Lecture slides • Announcements Check the website! spring.s01@lists.brown.edu • course.csci.2951u.2020- 5 / 8 10% Project presentation 40% Project report 20% Discussion part. 20% Paper presentations 10% Paper reviews Grading • CIT 506 • Mondays, 3PM – 5:20PM (M hour) � Meetings � Communication

  15. Logistics (1/2) • https://cs.brown.edu/courses/csci2951-u/ Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) Assigned readings No required textbook Study material • Readings • Lecture slides • Announcements spring.s01@lists.brown.edu • course.csci.2951u.2020- 5 / 8 10% Project presentation 40% Project report 20% Discussion part. 20% Paper presentations 10% Paper reviews Grading • CIT 506 • Mondays, 3PM – 5:20PM (M hour) � Meetings � Communication ✪ Check the website!

  16. Logistics (1/2) spring.s01@lists.brown.edu Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) Assigned readings No required textbook Study material • Readings • Lecture slides • Announcements • course.csci.2951u.2020- • CIT 506 • https://cs.brown.edu/courses/csci2951-u/ • Mondays, 3PM – 5:20PM (M hour) 5 / 8 � Meetings � Communication ▶ Grading ✔ Paper reviews ➜ 10% ✪ Check the website! ✔ Paper presentations ➜ 20% ✔ Discussion part. ➜ 20% ✔ Project report ➜ 40% ✔ Project presentation ➜ 10%

  17. Logistics (1/2) • https://cs.brown.edu/courses/csci2951-u/ Spring ’20 CSCI 2951U vpk@cs.brown.edu (Brown University) • Readings • Lecture slides • Announcements spring.s01@lists.brown.edu • course.csci.2951u.2020- • Mondays, 3PM – 5:20PM (M hour) • CIT 506 5 / 8 � Meetings � Communication ▶ Grading ✔ Paper reviews ➜ 10% ✪ Check the website! ✔ Paper presentations ➜ 20% ✔ Discussion part. ➜ 20% ✔ Project report ➜ 40% ✔ Project presentation ➜ 10% ▶ Study material ■ No required textbook ➜ Assigned readings

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis

CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis

CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis September 09, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 1650 Fall 20 1 / 6 Course Overview (1/2)

238 views • 19 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

608 views • 8 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

395 views • 7 slides
CMPSC 497 Special Topics: Software Security Trent Jaeger Systems and Internet

CMPSC 497 Special Topics: Software Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Special Topics: Software Security Trent Jaeger

745 views • 27 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack & GOT Overwrite Attack Dr. Si Chen (schen@wcupa.edu) Review Page 2 ret2libc Attack Page 3 libc C standard library Provides

662 views • 36 slides
CSCI 8260 S16 Computer Network Attacks and Defenses Overview of research topics in computer

CSCI 8260 S16 Computer Network Attacks and Defenses Overview of research topics in computer

CSCI 8260 S16 Computer Network Attacks and Defenses Overview of research topics in computer and network security Instructor: Prof. Roberto Perdisci Fundamental Components l Confidentiality l concealment/secrecy of information often

642 views • 37 slides
Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication Introduction to Computer Security Announcements intermission Day 9: OS security basics Stephen McCamant Basics of access control University of Minnesota,

269 views • 8 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
ss 2 Cl Class CSC 495/583 Topics of Software Security IA-32 Register & Byte Ordering &

ss 2 Cl Class CSC 495/583 Topics of Software Security IA-32 Register & Byte Ordering &

ss 2 Cl Class CSC 495/583 Topics of Software Security IA-32 Register & Byte Ordering & x86 ASM Dr. Si Chen (schen@wcupa.edu) Badger CTF Your Computer IP: roadrunner.cs.wcupa.edu Username: ss2020 Roadrunner Password:

565 views • 27 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering Web

522 views • 5 slides
CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 5-Oct-2018 (14) CSCI 2132 1 Previous Lecture (Fire Alarm) Integer and

621 views • 18 slides
ss 3 Cl Class CSC 495/583 Topics of Software Security X86 Assembly & Stack & Stack

ss 3 Cl Class CSC 495/583 Topics of Software Security X86 Assembly & Stack & Stack

ss 3 Cl Class CSC 495/583 Topics of Software Security X86 Assembly & Stack & Stack Frame Dr. Si Chen (schen@wcupa.edu) Review Page 2 General-purpose Registers The eight 32-bit general-purpose data registers are used to hold

772 views • 22 slides
A Domain-Specific Interpreter for Parallelising a Large Mixed-Language Visualisation Application

A Domain-Specific Interpreter for Parallelising a Large Mixed-Language Visualisation Application

A Domain-Specific Interpreter for Parallelising a Large Mixed-Language Visualisation Application Karen Osmond, Olav Beckmann, Anthony J. Field and Paul H. J. Kelly Department of Computing, Imperial College London, 180 Queens Gate, London SW7

636 views • 20 slides
Some ideas for DUNE DAQ Architecture, Triggering, Reduction (focus on single-phase) Brett Viren

Some ideas for DUNE DAQ Architecture, Triggering, Reduction (focus on single-phase) Brett Viren

Some ideas for DUNE DAQ Architecture, Triggering, Reduction (focus on single-phase) Brett Viren Physics Department DUNE FD DAQ Workshop Columbia, 30-31 OCT 2017 Outline Some Numbers Conceptual Design Collection Plane Triggering To Do

463 views • 22 slides
Introduction to Machine-Independent Optimizations - 2 Data-Flow Analysis Y.N. Srikant

Introduction to Machine-Independent Optimizations - 2 Data-Flow Analysis Y.N. Srikant

Introduction to Machine-Independent Optimizations - 2 Data-Flow Analysis Y.N. Srikant Department of Computer Science and Automation Indian Institute of Science Bangalore 560 012 NPTEL Course on Principles of Compiler Design Y.N. Srikant

537 views • 21 slides
Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all

Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all

Precise Exceptions and Out-of-Order Execution Samira Khan Multi-Cycle Execution Not all instructions take the same amount of time for execution Idea: Have multiple different functional units that take different number of cycles

749 views • 39 slides
Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to transplat open mHealth to NDN network. The goal is to design a physical activity data ecosystem. Following is the data conceptual block diagram of

466 views • 19 slides
Physics Computing at CERN Helge Meinhard CERN, IT Department OpenLab S tudent Lecture 21 July

Physics Computing at CERN Helge Meinhard CERN, IT Department OpenLab S tudent Lecture 21 July

Physics Computing at CERN Helge Meinhard CERN, IT Department OpenLab S tudent Lecture 21 July 2011 Location (1) Building 513 (opposite of restaurant no. 2) Building 513 (1) Large building with 2700 m 2 surface for computing equipment,

821 views • 45 slides
COMP 590-154: Computer Architecture Core Pipelining Generic Instruction Cycle Steps in

COMP 590-154: Computer Architecture Core Pipelining Generic Instruction Cycle Steps in

COMP 590-154: Computer Architecture Core Pipelining Generic Instruction Cycle Steps in processing an instruction: Instruction Fetch ( IF_STEP ) Instruction Decode ( ID_STEP ) Operand Fetch ( OF_STEP ) Execute ( EX_STEP )

600 views • 48 slides
Introduction to Data Flow Analysis GCC Resource Center (www.cse.iitb.ac.in/grc) Department of

Introduction to Data Flow Analysis GCC Resource Center (www.cse.iitb.ac.in/grc) Department of

Workshop on Essential Abstractions in GCC Introduction to Data Flow Analysis GCC Resource Center (www.cse.iitb.ac.in/grc) Department of Computer Science and Engineering, Indian Institute of Technology, Bombay 1 July 2012 1 July 2012

807 views • 43 slides

More recommend