d2 access control 2 access cess contr trol ol
play

D2: Access Control #2: Access cess Contr trol ol Similar to - PowerPoint PPT Presentation

Jul 23, 2023 •433 likes •547 views

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

  1. D2: Access Control

  2. #2: Access cess Contr trol ol  Similar to OWASP Top 10  Insufficient access control and authentication checks  Insecure access control methods  Private, internal functions and data are accessible through a contract's public/external functions  Results in unauthorized access  Loss : estimated at 150,000 ETH (~$30M USD at the time) Portland State University CS 410/510 Blockchain Development & Security

  3. Walkthr kthroug ough h sc scen enario ario  A smart contract designates the address which initializes it as the contract's owner in an initialization function  Grants special privileges such as the ability to withdraw the contract's funds.  Initialization function not protected and can be called by anyone — even after it has already been called  Allows anyone to become the owner of the contract and take its funds. Portland State University CS 410/510 Blockchain Development & Security

  4. Ex Example ple  Owning a wallet contract (7/19/2017)  https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7 It was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function. -- Parity  Could have been up to ~$180M, but white hat hackers "stole" the rest and returned it to rightful owners  https://medium.freecodecamp.org/a-hacker-stole-31m-of-ether-how-it- happened-and-what-it-means-for-ethereum-9e5dc29e33ce Portland State University CS 410/510 Blockchain Development & Security

  5. Code e vul ulnerability nerability exa xample ple #1  Contract's initialization function sets the caller of the function as its owner. function initContract () public { owner = msg.sender; }  Logic is detached from the contract's constructor and does not keep track of the fact that it has already been called.  Anyone can call initContract after contract creation to become owner Portland State University CS 410/510 Blockchain Development & Security

  6. Code e vul ulnerability nerability exa xample ple #2  Parity WalletLibrary in example  Library used to implement common wallet functions  Initializer allows one to specify withdraw limit and owners function initWallet(address[] _owners, uint _required, uint _daylimit) { initDaylimit(_daylimit); initMultiowned(_owners, _required); }  Library implemented as an external contract call to reduce costs  Rather than have each contract deploy a copy of the exact same library code, wallets do this…  Then, use delegatecall() to invoke its functions  DELEGATECALL instruction in EVM takes call and invokes the exact same one on the contract you're using it on Portland State University CS 410/510 Blockchain Development & Security

  7.  Issue within fallback function  Fallback receives payment if someone sends you $  Otherwise, msg.data has unknown function call that should be handled by library since no function in contract matches  delegatecall dispatches unknown calls to library function() payable { if (msg.value > 0) Deposit(msg.sender, msg.value); else if (msg.data.length > 0) _walletLibrary.delegatecall(msg.data); }  Issue: ALL public calls in library can now be called (including initWallet again!)  Leads to..  Rogue initWallet https://etherscan.io/tx/0x707aabc2f24d756480330b75fb4890ef6b8a26ce0554e c80e3d8ab105e63db07  Rogue transfer out of wallet https://etherscan.io/tx/0x9654a93939e98ce84f09038b9855b099da38863b3c2e 0e04fd59a540de1cb1e5 Portland State University CS 410/510 Blockchain Development & Security

  8. Code e vul ulnerability nerability exa xample ple #3  MetaCoin contract for purchasing and exchanging coins  sendCoin call to doTransfer from msg.sender to receiver  What errors are there?  doTransfer not set to internal (can be called externally)  No check on from being msg.sender in doTransfer  Bonus vulnerability: Underflow and overflow on balances update not checked Portland State University CS 410/510 Blockchain Development & Security

  9. Code e vul ulnerability nerability exa xample ple #4  Same contract  What is the error?  Contract's password set to "private", but appears in clear on blockchain  Find secretPassword and mint coins  Everything is public by design  Contract code & storage  Transaction contents  Private modifier does nothing for secrecy! Portland State University CS 410/510 Blockchain Development & Security

  10. Rem emed ediation iation  Remove all catch-all function dispatchers (specify exact calls allowed)  Ensure calls are internal , unless intended to be external  Validate identity before execution using modifiers and via require contract Unprotected{ address private owner; modifier onlyOwner { require(msg.sender==owner); _; } function constructor() public { owner = msg.sender; } // This function should be protected function changeOwner_broken(address _newOwner) public { owner = _newOwner; } function changeOwner_fixed(address _newOwner) public onlyOwner { owner = _newOwner; } } Portland State University CS 410/510 Blockchain Development & Security

  11. SI CTF Lab 3.4, 3.5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 INTRODUCING Dayton Access Dayton Access 2 Dayton Ac Dayton Acce cess ss Dayton Access is

1 INTRODUCING Dayton Access Dayton Access 2 Dayton Ac Dayton Acce cess ss Dayton Access is

1 INTRODUCING Dayton Access Dayton Access 2 Dayton Ac Dayton Acce cess ss Dayton Access is a web portal accessible through the world wide web that allows real-time interface with Daytons ERP system 3 Dayton Ac Dayton Acce cess

568 views • 22 slides
ACCESS CESS-A-RIDE IDE SER ERVICES ICES IN NE NEW W YOR ORK CITY What t is A s Access

ACCESS CESS-A-RIDE IDE SER ERVICES ICES IN NE NEW W YOR ORK CITY What t is A s Access

ACCESS CESS-A-RIDE IDE SER ERVICES ICES IN NE NEW W YOR ORK CITY What t is A s Access cess-A-Ride? ide? New York Citys parat atransit ransit service ice providing shared-ride transportation for people with disabilities.

631 views • 33 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Company Presentation Con Condo dor r Pr Pressu essure Con e Contr trol ol Parent Company

Company Presentation Con Condo dor r Pr Pressu essure Con e Contr trol ol Parent Company

Con Condo dor r Pr Pressu essure Con e Contr trol ol Controls & Solutions the inventor of the pressure switch! Since 1893 Company Presentation Con Condo dor r Pr Pressu essure Con e Contr trol ol Parent Company Controls

503 views • 12 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Air r Polluti ution C on Contr trol ol P Progr gram am Fee S Stakehol eholder er M

Air r Polluti ution C on Contr trol ol P Progr gram am Fee S Stakehol eholder er M

Air r Polluti ution C on Contr trol ol P Progr gram am Fee S Stakehol eholder er M Meeti eting ng January 29, 2015 Missouri Air Conservation Commission Missouri Department Natural Resources Division of Environmental Quality Air

613 views • 37 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
Proactive Quality Guidance for Model Evolution in Model Libraries Andreas Ganser, Horst Lichter,

Proactive Quality Guidance for Model Evolution in Model Libraries Andreas Ganser, Horst Lichter,

Proactive Quality Guidance for Model Evolution in Model Libraries Andreas Ganser, Horst Lichter, Alexander Roth, and Bernhard Rumpe Setting the Scene If You Take One Thing The Details Some References Setting the Scene ... Model Recommenders

514 views • 10 slides
Development of AI has been driven by benchmarks and datasets. Computer Vision: (Russakovsky et

Development of AI has been driven by benchmarks and datasets. Computer Vision: (Russakovsky et

Adversarial NLI: A New Benchmark for Natural Language Understanding Yixin Nie, Adina Williams, Emily Dinan, Mohit Bansal, Jason Weston, Douwe Kiela UNC Chapel Hill & Facebook AI Research 1 Development of AI has been driven by benchmarks and

851 views • 45 slides
A brief introduction to economics Part IV Tyler Moore Computer Science & Engineering

A brief introduction to economics Part IV Tyler Moore Computer Science & Engineering

Notes A brief introduction to economics Part IV Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX September 13, 2012 Reading Exercises Market failures Notes Outline 1 Reading Exercises 2 Exercise 1: antivirus

446 views • 6 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-02-18 1 Outline Logistics Overview Introduction Definition Security Security experiments Formal security definition Relations among

743 views • 58 slides
Active Logic Erik Grampp May 22, 2017 Erik Grampp 1(10) EDAN70 Active logic Integer labelled

Active Logic Erik Grampp May 22, 2017 Erik Grampp 1(10) EDAN70 Active logic Integer labelled

EDAN70 Active Logic Erik Grampp May 22, 2017 Erik Grampp 1(10) EDAN70 Active logic Integer labelled logic Introduced by Elgot-Drapkin and Perlis Erik Grampp 2(10) EDAN70 Short recap of logics Propositional logic:

357 views • 22 slides
Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for

Software Assurance Session 13 INFM 603 Bugs, process, assurance Software assurance: quality assurance for software Particularly assurance of security Bad (buggy, insecure software) comes not from discrete, unpredictable,

561 views • 18 slides
Bring your governance model to Aragon Jorge Izquierdo Aragon One, CTO M-1 Feb 8th, 2019

Bring your governance model to Aragon Jorge Izquierdo Aragon One, CTO M-1 Feb 8th, 2019

Bring your governance model to Aragon Jorge Izquierdo Aragon One, CTO M-1 Feb 8th, 2019 Aragon DApp to create and manage decentralized organizations Built on the Ethereum VM Available on the web, desktop and mobile

476 views • 29 slides
Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability

Quantitative Security Colorado State University Yashwant K Malaiya CS 559 Vulnerability Discovery Models CSU Cybersecurity Center Computer Science Dept 1 1 Modeling Vulnerability Discovery Quantitative Vulnerability Assessment Alhazmi

983 views • 59 slides

More recommend