defenses principles
play

Defenses & Principles CS 161: Computer Security Prof. David - PowerPoint PPT Presentation

Sep 03, 2022 •178 likes •608 views

Software Security: Defenses & Principles CS 161: Computer Security Prof. David Wagner January 25, 2016 Announcements Discussion sections start this week Set up your class account, join Piazza Homework 1 out later today, due next

  1. Software Security: Defenses & Principles CS 161: Computer Security Prof. David Wagner January 25, 2016

  2. Announcements • Discussion sections start this week • Set up your class account, join Piazza • Homework 1 out later today, due next Monday

  3. Why does software have vulnerabilities? • Programmers are humans. And humans make mistakes. – Use tools • Programmers often aren’t security-aware. – Learn about common types of security flaws. • Programming languages aren’t designed well for security. – Use better languages (Java, Python, … ).

  4. Why does software have vulnerabilities? • Programmers are humans. And humans make mistakes. – Use tools • Programmers often aren’t security-aware. – Learn about common types of security flaws. • Programming languages aren’t designed well for security. – Use better languages (Java, Python, … ).

  5. Why does software have vulnerabilities? • Programmers are humans. And humans make mistakes. – Use tools. • Programmers often aren’t security-aware. – Learn about common types of security flaws. • Programming languages aren’t designed well for security. – Use better languages (Java, Python, … ).

  6. Testing for Software Security Issues • What makes testing a program for security problems difficult? – We need to test for the absence of something • Security is a negative property! – “ nothing bad happens, even in really unusual circumstances ” – Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? – Random inputs ( fuzz testing ) – Mutation – Spec-driven • How do we tell when we ’ ve found a problem? – Crash or other deviant behavior • How do we tell that we ’ ve tested enough? – Hard: but code-coverage tools can help

  7. Testing for Software Security Issues • What makes testing a program for security problems difficult? – We need to test for the absence of something • Security is a negative property! – “ nothing bad happens, even in really unusual circumstances ” – Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? – Random inputs ( fuzz testing ) – Mutation – Spec-driven • How do we tell when we ’ ve found a problem? – Crash or other deviant behavior • How do we tell that we ’ ve tested enough? – Hard: but code-coverage tools can help

  8. Testing for Software Security Issues • What makes testing a program for security problems difficult? – We need to test for the absence of something • Security is a negative property! – “ nothing bad happens, even in really unusual circumstances ” – Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? – Random inputs ( fuzz testing ) – Mutation – Spec-driven • How do we tell when we’ve found a problem? – Crash or other deviant behavior; now enable expensive checks

  9. Working Towards Secure Systems • Along with securing individual components, we need to keep them up to date … • What’s hard about patching ? – Can require restarting production systems – Can break crucial functionality – Management burden: • It never stops (the “ patch treadmill ” ) …

  11. Working Towards Secure Systems • Along with securing individual components, need to keep them up to date … • What’s hard about patching ? – Can require restarting production systems – Can break crucial functionality – Management burden: • It never stops (the “ patch treadmill ” ) … • … and can be difficult to track just what’s needed where • Other (complementary) approaches? – Vulnerability scanning: probe your systems/networks for known flaws – Penetration testing ( “ pen-testing ” ): pay someone to break into your systems … • … provided they take excellent notes about how they did it!

  13. Reasoning About Safety • How can we have confidence that our code executes in a safe (and correct, ideally) fashion? • Approach: build up confidence on a function-by-function / module-by-module basis • Modularity provides boundaries for our reasoning: – Preconditions: what must hold for function to operate correctly – Postconditions: what holds after function completes • These basically describe a contract for using the module • Notions also apply to individual statements (what must hold for correctness; what holds after execution) – Stmt #1’s postcondition should logically imply Stmt #2’s precondition – Invariants: conditions that always hold at a given point in a function

  14. int deref(int *p) { return *p; } Precondition ?

  15. /* requires: p != NULL (and p a valid pointer) */ int deref(int *p) { return *p; } Precondition : what needs to hold for function to operate correctly

  16. void *mymalloc(size_t n) { void *p = malloc(n); if (!p) { perror("malloc"); exit(1); } return p; } Postcondition ?

  17. /* ensures: retval != NULL (and a valid pointer) */ void *mymalloc(size_t n) { void *p = malloc(n); if (!p) { perror("malloc"); exit(1); } return p; } Postcondition : what the function promises will hold upon its return

  18. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } Precondition ?

  19. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  20. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access? (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  21. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  22. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* ?? */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires? (3) Propagate requirement up to beginning of function

  23. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  24. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  25. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 0 <= i && i < size(a) */ total += a[i]; return total; } Let’s simplify, given that a never changes.

  26. /* requires: a != NULL */ int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; }

  27. /* requires: a != NULL */ int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  28. /* requires: a != NULL */ int sum(int a[], size_t n) { ? int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  29. /* requires: a != NULL */ int sum(int a[], size_t n) { ✓ int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  30. /* requires: a != NULL */ int sum(int a[], size_t n) { ✓ int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } The 0 <= i part is clear, so let’s focus for now on the rest.

  31. /* requires: a != NULL */ int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: i < size(a) */ total += a[i]; return total; }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 29, 2013 Testing

964 views • 50 slides
Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Presenting a live 90 minute webinar with interactive Q&amp;A Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and Contemporaneous Exchange Managing the Audit Process, Mitigating Regulatory Sanctions, and

893 views • 52 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.23k views • 95 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.49k views • 117 slides
Principles Principles Principles Principles of a well of a well of a well of a well- - -

Principles Principles Principles Principles of a well of a well of a well of a well- - -

High quality independent research into competition policy and regulation Principles Principles Principles Principles of a well of a well of a well of a well- - - -functioning functioning functioning functioning retail energy retail

495 views • 7 slides
Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1 Lecture Overview 1. Advanced MATE attacks models tools &amp; techniques 2. Protected code comprehension processes 3. Advanced MATE defenses 4.

1.79k views • 114 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Last time We continued By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow attacks &amp; other vulnerabilities Overflow defenses Everything youve always wanted to know about

2.41k views • 197 slides
Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses

Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses

Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses Stefan Savage Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Collaborative Center for Internet Epidemiology and Defenses

760 views • 58 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Last time We finished up By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow defenses (and workarounds) Format string vulnerabilities Integer overflow vulnerabilities This time

1.29k views • 80 slides
ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner Nicholas Carlini Return Oriented Programming Basic ROP Mo(va(ons DEP Data

712 views • 11 slides
Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography. Security. Falko Strenzke 2020 For evaluation purposes only Please do not distribute August 4, 2020 Dr. Falko Strenzke Attacks and Defenses For

531 views • 30 slides
Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure

605 views • 38 slides
Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies: Prevention Detection Reaction Ideally, youd like to prevent problems, but typically you cannot, so you have to make it

419 views • 17 slides
When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1 , 2 , John

When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1 , 2 , John

When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1 , 2 , John Heidemann 3 , Moritz Mller 1 , 4 , Ricardo de O. Schmidt 5 , Marco Davids 1 RIPE 77, Amsterdam, The Netherlands 2018-10-15 1 SIDN Labs, 2 TU Delft, 3

648 views • 38 slides
Common visualization Issues &amp; how to fix them Duen Horng (Polo) Chau Assistant

Common visualization Issues &amp; how to fix them Duen Horng (Polo) Chau Assistant

http://poloclub.gatech.edu/cse6242 CSE6242 / CX4242: Data &amp; Visual Analytics Common visualization Issues &amp; how to fix them Duen Horng (Polo) Chau Assistant Professor Associate Director, MS Analytics Georgia Tech

841 views • 67 slides
Pilot run production: yield outcome after 2nd metal 19 th International Workshop on DEPFET

Pilot run production: yield outcome after 2nd metal 19 th International Workshop on DEPFET

Pilot run production: yield outcome after 2nd metal 19 th International Workshop on DEPFET Detectors and Applications Paola Avella, Daniel Klose, Rainer H. Richter for the MPP/HLL team MPG Outline HLL Yield info from preliminary tests on

311 views • 19 slides
CS 528 Mobile and Ubiquitous Computing Lecture 5: Widget Catalog, SQLite Databases and Sensors

CS 528 Mobile and Ubiquitous Computing Lecture 5: Widget Catalog, SQLite Databases and Sensors

CS 528 Mobile and Ubiquitous Computing Lecture 5: Widget Catalog, SQLite Databases and Sensors Emmanuel Agu Paper sign up Students present papers in weeks 7 8, 10 13 Previously 1 student per paper Too many students (42) So,

1.23k views • 77 slides
Development and Evaluation of a Virtual Reality Patient Simulation (VRPS) Simon Nestler, Manuel

Development and Evaluation of a Virtual Reality Patient Simulation (VRPS) Simon Nestler, Manuel

Development and Evaluation of a Virtual Reality Patient Simulation (VRPS) Simon Nestler, Manuel Huber, Florian Echtler, Andreas Dollinger, Gudrun Klinker Introduction During disasters, paramedics cope with numerous tasks - Establishing

392 views • 15 slides
Follow Up of a subject with Hemiparetic stroke using Interval Computations Jorge

Follow Up of a subject with Hemiparetic stroke using Interval Computations Jorge

Follow Up of a subject with Hemiparetic stroke using Interval Computations Jorge Garza-Ulloa Electrical &amp; Computer Engineering Doctoral Program The University of Texas at El Paso jgarzaulloa@miners.utep.edu uno@computecworld.com

522 views • 16 slides
New Techniques for Usability Evaluation of Mobile Systems Jesper Kjeldskov &amp; Jan Stage

New Techniques for Usability Evaluation of Mobile Systems Jesper Kjeldskov &amp; Jan Stage

New Techniques for Usability Evaluation of Mobile Systems Jesper Kjeldskov &amp; Jan Stage Department of Computer Science Aalborg University Denmark Background Mobile technologies and systems PDAs, wearables, mobile phones, tablet

537 views • 17 slides
Migrate early, migrate often! JDK release cadence strategies Dan Heidinga Theresa Mammarella

Migrate early, migrate often! JDK release cadence strategies Dan Heidinga Theresa Mammarella

Migrate early, migrate often! JDK release cadence strategies Dan Heidinga Theresa Mammarella Eclipse OpenJ9 Project Lead Eclipse OpenJ9 Software Developer Interpreter Lead, IBM Runtimes @t_mammarella @danheidinga theresa-m DanHeidinga Who

540 views • 33 slides
1 yyyy-mm-dd &lt;the title of the document&gt; &lt;security class&gt; Senior Software Engineer

1 yyyy-mm-dd &lt;the title of the document&gt; &lt;security class&gt; Senior Software Engineer

1 yyyy-mm-dd &lt;the title of the document&gt; &lt;security class&gt; Senior Software Engineer at Sony Mobile Communications Architecture Group Chair of the CE Workgroup at the Linux Foundation Former CTO of Lineo, an early embedded Linux

740 views • 57 slides

More recommend