defense strategies
play

Defense Strategies Trent Jaeger Systems and Internet Infrastructure - PowerPoint PPT Presentation

Dec 13, 2022 •181 likes •457 views

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Defense Strategies Trent Jaeger Systems and Internet Infrastructure

  1. Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Defense Strategies Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University September 7, 2011 Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

  2. Outline • Problem – Strategies to prevent attacks • Programs: Prevent overflows • Systems: Confine process interactions (MAC) • Still may be some attacks – where? • Assurance Systems and Internet Infrastructure Security (SIIS) Laboratory Page 2

  3. Our Goal • In this course, we want to develop techniques to detect vulnerabilities and fix them automatically • What’s a vulnerability? • How to fix them? • We will examine the second question today Systems and Internet Infrastructure Security (SIIS) Laboratory Page 3

  4. Vulnerability • How do you define computer ‘vulnerability’? Flaw ‣ Accessible to adversary ‣ Adversary has ability to exploit ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 4

  5. Anatomy of Control Flow Attacks • Two steps • First, the attacker changes the control flow of the program In buffer overflow, overwrite the return ‣ address on the stack What are the ways that this can be done? ‣ • Second, the attacker uses this change to run code of their choice In buffer overflow, inject code on stack ‣ What are the ways that this can be done? ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 5

  6. Anatomy of Control Flow Attacks • Two steps • First, the attacker changes the control flow of the program In buffer overflow, overwrite the return ‣ address on the stack How can we prevent this? ‣ • Second, the attacker uses this change to run code of their choice In buffer overflow, inject code on stack ‣ How can we prevent this? ROP conclusions ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 6

  7. StackGuard Systems and Internet Infrastructure Security (SIIS) Laboratory Page 7

  8. StackGuard • How do you think that Stackguard is implemented? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 8

  9. More Smashing • Pincus and Baker, Beyond Stack Smashing, IEEE S&P, 2004 • Pointer modification Function pointers and exception handlers ‣ Data pointer – modify arbitrary memory location ‣ Virtual functions – overwrite pointers to these functions ‣ • Provide payload from earlier operation Environment variables ‣ Arc injection – provide exploit code on command line ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 9

  10. StackGuard • Related defenses Reorder local variables on stack ‣ Protect return address when set ‣ Canaries to protect pointers ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 10

  11. Other Overflows • Heap overflows Overwrite data or metadata ‣ Defend in manner similar to buffer overflows ‣ • Integer overflows No systematic defense ‣ • Input filtering No systematic defense ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 11

  12. Confining Processes • Mandatory Access Control SELinux ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 12

  13. Attack Surfaces • Attack Surfaces • http://www.cs.cmu.edu/afs/cs/usr/wing/www/ publications/Howard-Wing05.pdf Systems and Internet Infrastructure Security (SIIS) Laboratory Page 13

  14. Assurance • Problem: Prove to a third party that your system provides particular security protections • Challenges What security protections are provided? ‣ How do we prove that such protections are ‣ designed/implemented correctly? • Additionally How do we even know what security ‣ protections would be valuable to have? Systems and Internet Infrastructure Security (SIIS) Laboratory Page 14

  15. Orange Book • Part of Rainbow Series from NCSC Covers many facets of computer security ‣ • AKA Trusted Computer System Evaluation Criteria To evaluate, classify, and select among computer systems ‣ • Defines both Criteria for different categories of secure systems ‣ Evaluation requirements to satisfy those criteria ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 15

  16. Orange Book • Categories of Security Covered • Access control Mandatory and discretionary ‣ • Accountability Authentication and audit ‣ • Assurance Development and deployment ‣ • Documentation “Whoomp factor” ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 16

  17. Orange Book • Most important results were a set of security targets • D – Minimal protection • C – Discretionary protection • B – Mandatory protection • A – Verified Protection Systems and Internet Infrastructure Security (SIIS) Laboratory Page 17

  18. Orange Book • Most important result were a set of security targets • B – Mandatory protection B1 – Labeled Security: MAC covers some exported ‣ B2 – Structured Security: Comprehensive MAC and ‣ covert channels B3 – Security Domains: Satisfies Reference Monitor ‣ • A – Verified Protection A1 – Verified Design: B3 Function with formal assurance ‣ Beyond A1 ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 18

  19. Protection Requirements • B2 – Structured Security (3.2, Pg. 27) • Security policy (protections) Object reuse – clean before reuse ‣ Labels – TCB labels all subjects and objects ‣ Label Integrity – Labels match levels • Export – Single level and Multi-level • MAC – Enforce over all resources ‣ Accountability: Trusted Path and Audit ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 19

  20. Assurance Requirements • B2 – Structured Security (3.2, Pg. 27) • Assurance Operational ‣ TCB protected from tampering • Periodically validate integrity • Covert storage channels (detect and mitigate/eliminate) • Lifecycle ‣ Testing – to find if works as claimed • Formal model – of security policy (i.e., function) design and • configuration Documentation ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 20

  21. Common Criteria • Problem with Orange Book was the binding of function (security policy) and assurance • The Common Criteria separates these Security Targets ‣ Assurance Levels ‣ • Although these are at least partially bound by protection profiles Systems and Internet Infrastructure Security (SIIS) Laboratory Page 21

  22. Labeled Security Protection • Essentially the B2 Security Policy • Assurance Expected to EAL3 ‣ • Covering Configuration ‣ Delivery ‣ Development (High-level design) ‣ Guidance (Administration) ‣ Testing ‣ Vulnerability Assessment ‣ Systems and Internet Infrastructure Security (SIIS) Laboratory Page 22

  23. Current Approach to Assurance • Document from initial design Build system from formal models ‣ E.g., seL4 and VAX VMM ‣ • Document existing system Collect design, config, admin, etc. from existing system ‣ E.g., Windows, Linux, Solaris, etc. ‣ • Assurance level of existing systems are limited to EAL4 in practice Systems and Internet Infrastructure Security (SIIS) Laboratory Page 23

  24. Current Approach to Assurance • Document from initial design Build system from formal models ‣ E.g., seL4 and VAX VMM ‣ • Document existing system Collect design, config, admin, etc. from existing system ‣ E.g., Windows, Linux, Solaris, etc. ‣ • Assurance level of existing systems are limited to EAL4 in practice Systems and Internet Infrastructure Security (SIIS) Laboratory Page 24

  25. Limited Impact on Systems • Old Claim: Full assurance for existing systems is impractical • Old world Assurance is a design-time task ‣ All deployments are proven secure • Few components are trusted to make security decisions ‣ But trusted completely • Development is either done in a unified way or few ‣ guarantees are possible Composition of modules or independent tasks (config and • design) is non-trivial Systems and Internet Infrastructure Security (SIIS) Laboratory Page 25

  26. Goal: Defend Existing Systems • New Claim: Given a set of components, determine whether they defend themselves proactively • New world Can assurance be done at design and deployment? ‣ All deployments are consistent with defenses • Can we work with layers of TCBs? ‣ Trust monotonically decreased in a logical way • Can we compose a system from independent ‣ components? Analysis of what is built • Systems and Internet Infrastructure Security (SIIS) Laboratory Page 26

  27. Summary • We envision that program compromises are prevented in several ways Program integrity ‣ Mandatory access control ‣ Attack surfaces ‣ • However, the results of these defensive efforts must be unified Assurance ‣ • But, current assurance techniques do not match the practical challenges in software development Systems and Internet Infrastructure Security (SIIS) Laboratory Page 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges and

Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges and

Presenting a live 90-minute webinar with interactive Q&A CERCLA Bona Fide Prospective Purchaser Defense: Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges and Restrictions WEDNESDAY, MARCH 23,

1.02k views • 79 slides
Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges

Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges

Presenting a live 90-minute webinar with interactive Q&A CERCLA Bona Fide Prospective Purchaser Defense: Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges and Restrictions TUESDAY, MARCH 28, 2017

826 views • 56 slides
CSA Recordkeeping and Other Unique Issues Plaintiff and Defense Strategies for Approaching

CSA Recordkeeping and Other Unique Issues Plaintiff and Defense Strategies for Approaching

Presenting a live 90-minute webinar with interactive Q&A Litigating Trucking Accident Injury Claims: Theories of Liability, Impact of CSA Recordkeeping and Other Unique Issues Plaintiff and Defense Strategies for Approaching Discovery,

1.7k views • 150 slides
Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies: Prevention Detection Reaction Ideally, youd like to prevent problems, but typically you cannot, so you have to make it

419 views • 17 slides
Defense and Litigation Strategies Navigating Notice, Standing and Jurisdiction; Interpleading

Defense and Litigation Strategies Navigating Notice, Standing and Jurisdiction; Interpleading

Presenting a live 90-minute webinar with interactive Q&A Clean Water Act Citizen Suits: Defense and Litigation Strategies Navigating Notice, Standing and Jurisdiction; Interpleading Third Parties Under the CWA TUESDAY, MARCH 14, 2017 1pm

500 views • 33 slides
Recordkeeping and Other Unique Issues Plaintiff and Defense Strategies for Approaching Discovery,

Recordkeeping and Other Unique Issues Plaintiff and Defense Strategies for Approaching Discovery,

Presenting a live 90-minute webinar with interactive Q&A Litigating Trucking Accident Injury Claims: Theories of Liability, Impact of CSA Recordkeeping and Other Unique Issues Plaintiff and Defense Strategies for Approaching Discovery,

1.74k views • 150 slides
Certification: Latest Litigation Trends Strategies for Plaintiff and Defense Counsel to Pursue or

Certification: Latest Litigation Trends Strategies for Plaintiff and Defense Counsel to Pursue or

Presenting a live 90-minute webinar with interactive Q&A Article III Standing and Rule 23(b)(3) Certification: Latest Litigation Trends Strategies for Plaintiff and Defense Counsel to Pursue or Challenge Certification THURSDAY, APRIL 9, 2015

728 views • 45 slides
Summary Judgment in Class Action Litigation: Plaintiff and Defense Strategies for Filing Motions

Summary Judgment in Class Action Litigation: Plaintiff and Defense Strategies for Filing Motions

Presenting a live 90-minute webinar with interactive Q&A Summary Judgment in Class Action Litigation: Plaintiff and Defense Strategies for Filing Motions Leveraging Motions to Dispose of Claims, Establish Liability, or Improve Settlement

957 views • 84 slides
Privileged Attack Vectors: Building Effective Defense Strategies Morey J. Haber Chief

Privileged Attack Vectors: Building Effective Defense Strategies Morey J. Haber Chief

Privileged Attack Vectors: Building Effective Defense Strategies Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Threat Landscape Sample Cases What is Privileged Access Management? Twelve

751 views • 31 slides
Climate Change Nuisance Litigation Emerging Trends and Defense Strategies for Global Warming

Climate Change Nuisance Litigation Emerging Trends and Defense Strategies for Global Warming

presents presents Climate Change Nuisance Litigation Emerging Trends and Defense Strategies for Global Warming Claims E i T d d D f St t i f Gl b l W i Cl i A Live 90-Minute Teleconference/Webinar with Interactive Q&A Today's

1.11k views • 75 slides
CERCLA Bona Fide Prospective Purchaser Defense: Securing and Maintaining Liability Protection

CERCLA Bona Fide Prospective Purchaser Defense: Securing and Maintaining Liability Protection

Presenting a live 90-minute webinar with interactive Q&A CERCLA Bona Fide Prospective Purchaser Defense: Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges and Restrictions TUESDAY, SEPTEMBER 23,

963 views • 77 slides
Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant

Challenges of Implementing Fair Defense Act Requirements & Indigent Defense Grant Opportunities Effective Post-Arrest and Indigent Defense Practices Longview, TX August 10, 2018 Scott Ehlers, Special Counsel T exas Indigent Defense

676 views • 30 slides
Is It Time To Play Offense or Defense with Defense Stocks? September 16, 2006 American

Is It Time To Play Offense or Defense with Defense Stocks? September 16, 2006 American

Is It Time To Play Offense or Defense with Defense Stocks? September 16, 2006 American Association of Individual Investors (DC Chapter) Kevin P. DeSanto, Vice President Houlihan Lokey Investment Banking Services Aerospace Defense

1.43k views • 79 slides
Article III Standing and Class Certification After Spokeo: Implications and Strategies for

Article III Standing and Class Certification After Spokeo: Implications and Strategies for

Presenting a live 90-minute webinar with interactive Q&A Article III Standing and Class Certification After Spokeo: Implications and Strategies for Plaintiff and Defense Counsel THURSDAY, JULY 28, 2016 1pm Eastern | 12pm Central |

679 views • 51 slides
NATO DEFENSE COLLEGE FOUNDATION Charting Ahead About us The NATO Defense College Foundation

NATO DEFENSE COLLEGE FOUNDATION Charting Ahead About us The NATO Defense College Foundation

NATO DEFENSE COLLEGE FOUNDATION Charting Ahead About us The NATO Defense College Foundation was established in Rome in 2011. It grew out from a common intuition of the President Alessandro Minuto-Rizzo and the NATO Defense College top decision

476 views • 14 slides
Global Threat Reduction Initiative Defense Nuclear Nonproliferation Defense Nuclear

Global Threat Reduction Initiative Defense Nuclear Nonproliferation Defense Nuclear

U.S. DEPARTMENT OF ENERGY Global Threat Reduction Initiative Defense Nuclear Nonproliferation Defense Nuclear Nonproliferation Defense Nuclear Nonproliferation Defense Nuclear Nonproliferation DOE/NNSA Efforts to Support the Domestic

344 views • 7 slides
Good and Bad Neighborhood Approximations for Outlier Detection Ensembles Evelyn Kirner, Erich

Good and Bad Neighborhood Approximations for Outlier Detection Ensembles Evelyn Kirner, Erich

Good and Bad Neighborhood Approximations for Outlier Detection Ensembles Evelyn Kirner, Erich Schubert, Arthur Zimek October 4, 2017, Munich, Germany LMU Munich; Heidelberg University; University of Southern Denmark Outlier Detection The

248 views • 21 slides
Parameter handling Parameter handling and the HADES Oracle database and the HADES Oracle

Parameter handling Parameter handling and the HADES Oracle database and the HADES Oracle

Parameter handling Parameter handling and the HADES Oracle database and the HADES Oracle database Ilse Koenig, GSI HADES Analysis workshop, May 2017 Outline: Initialization concept Runtime database Parameter containers Example macros

494 views • 23 slides
Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di

Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di

Mobile Network Sharing Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di Francesco et al. Outline Paolo Di Francesco, Francesco Malandrino, Luiz DaSilva Introduction Data Available Data Trinity

396 views • 14 slides
Two Roads to Parallelism: Compilers and Libraries Lawrence Rauchwerger Parallel Computing

Two Roads to Parallelism: Compilers and Libraries Lawrence Rauchwerger Parallel Computing

Two Roads to Parallelism: Compilers and Libraries Lawrence Rauchwerger Parallel Computing Its back (again) and ubiquitous We have the hardware (multicore . petascale) Parallel software + Productivity: not yet And

615 views • 29 slides
Last Class Recursive Descent Parsing and CYK ANLP: Lecture 13 Chomsky normal form grammars

Last Class Recursive Descent Parsing and CYK ANLP: Lecture 13 Chomsky normal form grammars

Last Class Recursive Descent Parsing and CYK ANLP: Lecture 13 Chomsky normal form grammars English syntax Shay Cohen Agreement phenomena and the way to model them with CFGs 14 October 2019 1 / 71 2 / 71 Recap: Syntax Parsing algorithms

407 views • 18 slides
Session October 8, 2012 Source: Office of Budget & Resource Planning CSU Budget Cycle

Session October 8, 2012 Source: Office of Budget & Resource Planning CSU Budget Cycle

Budget Information Session October 8, 2012 Source: Office of Budget & Resource Planning CSU Budget Cycle Review Governors Hearings BOT Adopt Legislative Enrollment, Support May Revise Preliminary Analyst Cost Increases,

761 views • 45 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Presentation for Classic Papers track at ACSAC 2007, Miami Beach, December 1114, 2007

Presentation for Classic Papers track at ACSAC 2007, Miami Beach, December 1114, 2007

Presentation for Classic Papers track at ACSAC 2007, Miami Beach, December 1114, 2007 Distributed Secure Systems: Then and Now John Rushby a Brian Randell School of Computing Science Computer Science Laboratory Newcastle University

784 views • 35 slides

More recommend