csci ua 9480 introduction to computer security
play

CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems - PowerPoint PPT Presentation

Jan 18, 2023 •169 likes •417 views

CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof. Nadim Kobeissi Operating 3.3a System Security Basics 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Operating systems:

  1. CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof. Nadim Kobeissi

  2. Operating 3.3a System Security Basics 2 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  3. Operating systems: protection rings . Kernel runs in Ring 0. ● Device drivers run in Ring 1. ● Standard libraries run in Ring 2. ● User programs run in Ring 3. ● 3 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  4. Examples. Kernel Device Driver Standard Library libc User Programs 4 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  5. What’s managed by an operating system? Subjects : Users and processes. ● Objects and resources : Files (system ● integrity), hardware I/O (devices, private data), scheduling, network access… In Linux: ● /dev: Devices. ○ /etc: Configuration files ○ /usr: Libraries, etc. ○ 5 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  6. Principle of least-privilege. Services may need root access: ● OpenSSH. ○ Apache, NGINX, Lighttpd… ○ Crond ○ Sendmail, Postfix ○ Minesweeper does not. ● 6 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  7. POSIX permissions model. First letter: special mode operator. ● d: Directory. ○ l: Symbolic link. ○ s: setuid/setguid. ○ t: sticky bit. ○ 7 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  8. POSIX permissions model. First three letters: owner permissions. ● Second three letters: group permissions. ● Third three letters: public permissions. ● Also represented using numbers: ● 4: read. ○ 2: write. ○ 1: execute. ○ -rwxrw-r-- = 764. ○ 8 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  9. Test your knowledge! What does the permission code 600 represent? 9 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  10. Test your knowledge! What does the permission code 600 represent? Only the owner may read or write, but not execute. Group and public can do nothing. (-rw-------). 10 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  11. Isolation in operating systems. Chroot: Limits file system view. ● FreeBSD jails, Linux containers: ● Limit network access. ○ Limit file system, device access… ○ Virtualization. ● 11 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  12. Intel Trusted Platform Module (TPM). 12 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  13. Intel Trusted Execution. 13 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  14. Intel Software Guard Extensions (SGX). 14 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  15. 3.3b Case Study: Apple T2 Chip 15 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  16. Apple T2 Chip: Secure Enclave Component . Secure enclave: Self-contained, independent computer with ● its own ”jurisdiction”. Encrypted memory. ● Hardware-based true random number ● generator. Even of system kernel/CPU is compromised, ● Secure Enclave maintains integrity. Resistant to reverse engineering/forensic ● analysis. 16 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  17. Apple T2 Chip: Secure Enclave Component . Design benefits: ● Hardware lock dependent on user ● events/password entry. Secure key wiping. ● Brute force attack protection. ● Fingerprint data stored inside Secure ● Enclave, not visible to actual device. Can hardware-disconnect microphone. ● Encryption keys never exposed to CPU! ● 17 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  18. Apple T2 Chip: Core Concepts . File encryption engine built into the DMA ● path between flash storage and main system memory. DMA: Direct Memory Access (access RAM ○ without going through CPU.) Each Mac has a unique UID and AES keys ● baked in at the factory. Secure enclave design prohibits key ○ extraction. Keys generated within secure enclave. ○ 18 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  19. AES-XTS: Used only for disk encryption . Goal: prevent targeted malleability (easier in other modes such as CBC, CTR.) 19 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  20. Apple Secure Boot. 20 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  21. Test your knowledge! Can you think of any daily use applications with keys that macOS would benefit from storing inside T2/Secure Enclave? 21 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  22. Test your knowledge! Can you think of any daily use applications with keys that macOS would benefit from storing inside T2/Secure Enclave? 22 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  23. Test your knowledge! Can you think of any daily use applications with keys that macOS would benefit from storing inside T2/Secure Enclave? File encryption with APFS Long-term keys Long-term keys Code signing keys for encrypted calls For secure messaging 23 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

  24. 3.4 Next time: Mobile Security 24 CSCI-UA.9480: Introduction to Computer Security – Nadim Kobeissi

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSCI-UA.9480 Introduction to Computer Security Session 4.1 Browser Security Model Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 4.1 Browser Security Model Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 4.1 Browser Security Model Prof. Nadim Kobeissi Defining 4.1a Browser Security Goals Also before we start: Practical Assignment 2 is now online . 2 CSCI-UA.9480: Introduction to

520 views • 28 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.3 Public Key Cryptography and

CSCI-UA.9480 Introduction to Computer Security Session 1.3 Public Key Cryptography and

CSCI-UA.9480 Introduction to Computer Security Session 1.3 Public Key Cryptography and Randomness Prof. Nadim Kobeissi 1.3a Hard Problems 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Evaluating computational

719 views • 49 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.1 One-Way Functions and Hash Functions

CSCI-UA.9480 Introduction to Computer Security Session 1.1 One-Way Functions and Hash Functions

CSCI-UA.9480 Introduction to Computer Security Session 1.1 One-Way Functions and Hash Functions Prof. Nadim Kobeissi 1.1a Why Hash Functions? Describing the importance of the cryptographers Swiss Army knife. 2 CSCI-UA.9480:

569 views • 34 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of Cryptography Prof. Nadim Kobeissi 1.8a Electronic Voting 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Properties of an

879 views • 20 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.4 Transport Layer Security Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.4 Transport Layer Security Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.4 Transport Layer Security Prof. Nadim Kobeissi 1.4a HTTPS and TLS 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi What is TLS? The S in HTTP S . Most likely

852 views • 35 slides
CSCI-UA.9480 Introduction to Computer Security Session 3.5 Meltdown and Spectre Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 3.5 Meltdown and Spectre Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 3.5 Meltdown and Spectre Prof. Nadim Kobeissi But Nadim, why are we covering this? 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Fixed confidentially across whole

365 views • 24 slides
Introduction to Computer Security Session 1.2 Symmetric Key Encryption Prof. Nadim Kobeissi

Introduction to Computer Security Session 1.2 Symmetric Key Encryption Prof. Nadim Kobeissi

CSCI-UA.9480 Introduction to Computer Security Session 1.2 Symmetric Key Encryption Prof. Nadim Kobeissi 1.2a Cryptographic Security Information Theoretical Foundation for Security. 2 CSCI-UA.9480: Introduction to Computer Security

709 views • 53 slides
Introduction to Computer Security Session 0 Introduction and Threat Modeling Prof. Nadim

Introduction to Computer Security Session 0 Introduction and Threat Modeling Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 0 Introduction and Threat Modeling Prof. Nadim Kobeissi 0a Introduction Welcome! 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Welcome to your new course! Open

642 views • 35 slides
Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 1.5 Usable Security and Secure Messaging Prof. Nadim Kobeissi 1.5a Usable Security: Then and Now 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Humans are

1.24k views • 67 slides
Introduction to Computer Security Session 4.4 Web Privacy Prof. Nadim Kobeissi 4.4a Web

Introduction to Computer Security Session 4.4 Web Privacy Prof. Nadim Kobeissi 4.4a Web

CSCI-UA.9480 Introduction to Computer Security Session 4.4 Web Privacy Prof. Nadim Kobeissi 4.4a Web Privacy Goals 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Web privacy goals. Preventing websites from learning:

337 views • 14 slides
Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a

Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a

CSCI-UA.9480 Introduction to Computer Security Session 2.2 Denial of Service Prof. Nadim Kobeissi 2.2a Defining Denial of Service 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi What is a Denial of Service attack? An

920 views • 23 slides
Introduction to Computer Security Session 2.1 Networking Basics, TCP, IP and DNS Prof. Nadim

Introduction to Computer Security Session 2.1 Networking Basics, TCP, IP and DNS Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 2.1 Networking Basics, TCP, IP and DNS Prof. Nadim Kobeissi Welcome to Part 2 of the course! Part 2 discusses how computer networks work and security threats their face. Networking

713 views • 33 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering Web

522 views • 5 slides
Introduction to Computer Security Session 2.3 Designing Secure Network Systems Prof. Nadim

Introduction to Computer Security Session 2.3 Designing Secure Network Systems Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 2.3 Designing Secure Network Systems Prof. Nadim Kobeissi Goals of todays class. A look into some secure network systems: WireGuard: a modern VPN. A critical look at ProtonMail,

1.15k views • 71 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

419 views • 4 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

219 views • 5 slides
!"#$%&'(&)**+ !"#$%&'(&)**+ ,+-.&/01$&+2+)&-3

!"#$%&'(&)**+ !"#$%&'(&)**+ ,+-.&/01$&+2+)&-3

!"#$%$"&'()*#'"+# ,-.."&'(!"#"/.01(/&2(3-'-."(4$."0'$5&# !")6)7 85.9#15:;(!5+" <0'5=".(>?;(@AAB !"#$%&'(&)**+ !"#$%&'(&)**+

221 views • 11 slides
Web Mapping? Why? How? Isn't Google enough? Jo Cook Senior IT Support and Development Oxford

Web Mapping? Why? How? Isn't Google enough? Jo Cook Senior IT Support and Development Oxford

Web Mapping? Why? How? Isn't Google enough? Jo Cook Senior IT Support and Development Oxford Archaeology/OADigital j.cook@thehumanjourney.net +44 (0)1524 880212 The Geospatial Stack (Diagram from Hell) The Real Geospatial Stack Your Data

342 views • 33 slides
mimR a (small) contribution to gR Sren Hjsgaard Biometry Research Unit Danish Institute

mimR a (small) contribution to gR Sren Hjsgaard Biometry Research Unit Danish Institute

mimR a (small) contribution to gR Sren Hjsgaard Biometry Research Unit Danish Institute of Agricultural Sciences March 26, 2003 DSC conference, Vienna, 2003 1 mimR graphical models in R MIM ( www.hypergraph.dk ) is a general

243 views • 12 slides
On the Power of Power Analyses Sylvain GUILLEY, Laurent SAUVAGE, Florent FLAMENT, Maxime NASSAR,

On the Power of Power Analyses Sylvain GUILLEY, Laurent SAUVAGE, Florent FLAMENT, Maxime NASSAR,

Introduction Attacks Counter-Measures New Applications of DPA Conclusions & Perspectives On the Power of Power Analyses Sylvain GUILLEY, Laurent SAUVAGE, Florent FLAMENT, Maxime NASSAR, Nidhal SELMANE, Jean-Luc DANGER, Philippe

1.23k views • 53 slides
What magnitude of HTE is sufficiently large to merit attention? Thomas A. Louis, PhD Department

What magnitude of HTE is sufficiently large to merit attention? Thomas A. Louis, PhD Department

What magnitude of HTE is sufficiently large to merit attention? Thomas A. Louis, PhD Department of Biostatistics Johns Hopkins Bloomberg School of Public Health tlouis@jhu.edu; www.biostat.jhsph.edu/tlouis/ Expert Statistical Consultant, FDA

301 views • 4 slides
Bayesian Statistics at the Division of Biostatistics CDRH, FDA Pablo Bonangelino, Ph.D.

Bayesian Statistics at the Division of Biostatistics CDRH, FDA Pablo Bonangelino, Ph.D.

Bayesian Statistics at the Division of Biostatistics CDRH, FDA Pablo Bonangelino, Ph.D. Biostatistician FDA/CDRH/OSB February 16, 2007 1 Talk Outline I. Introduction II. CDRH Draft Guidance Document on the use of Bayesian Statistics for

573 views • 31 slides
for RHDs Nargess Saiepour Biostatistician School of Public Health n.Saiepour@uq.edu.au what is

for RHDs Nargess Saiepour Biostatistician School of Public Health n.Saiepour@uq.edu.au what is

Statistics services for RHDs Nargess Saiepour Biostatistician School of Public Health n.Saiepour@uq.edu.au what is statistics & why do we need it? Both a science and a part of the methodology for all sciences Science of collecting,

2.04k views • 19 slides
Introduction to CBioPortal Augustin Luna 20 January, 2016 Research Fellow Department of

Introduction to CBioPortal Augustin Luna 20 January, 2016 Research Fellow Department of

Introduction to CBioPortal Augustin Luna 20 January, 2016 Research Fellow Department of Biostatistics and Computational Biology Dana-Farber Cancer Institute Topics to be Covered CBioPortal overview Data retrieval from CBioPortal using cgdsr

507 views • 26 slides

More recommend