goals for today
play

Goals for Today Learning Objective: Explore how operating systems - PowerPoint PPT Presentation

Oct 11, 2023 •194 likes •387 views

Goals for Today Learning Objective: Explore how operating systems fail. Announcements, etc: MP3 is out! Due April 18th . Monday Spectre & Meltdown presentation w/ Chris Fletcher!! Wednesday MP4 Walkthrough w/

  1. Goals for Today • Learning Objective: • Explore how operating systems fail. • Announcements, etc: • MP3 is out! Due April 18th . • Monday — Spectre & Meltdown presentation w/ Chris Fletcher!! • Wednesday — MP4 Walkthrough w/ Mohammad!! Reminder : Please put away devices at the start of class 1 CS 423: Operating Systems Design

  2. CS 423 
 Operating System Design: Epic Security Fails in Operating System History Professor Adam Bates Spring 2018 CS 423: Operating Systems Design

  3. Security Practice • In practice, systems are not that secure • hackers can go after weakest link • any system with bugs is vulnerable • vulnerability often not anticipated • usually not a brute force attack against encryption system • often can’t tell if system is compromised • hackers can hide their tracks • can be hard to resecure systems after a breakin • hackers can leave unknown backdoors CS 423: Operating Systems Design 3

  4. Ex1: Tenex Password Vuln • Early system supporting virtual memory • Kernel login check: for (i = 0; i < password length; i++) { if (password[i] != userpwd[i]) return error; } return ok CS 423: Operating Systems Design 4

  5. Ex1: Tenex Password Vuln • Early system supporting virtual memory • Kernel login check: for (i = 0; i < password length; i++) { if (password[i] != userpwd[i]) return error; } return ok ANY PROBLEMS HERE? CS 423: Operating Systems Design 5

  6. Ex1: Tenex Password Vuln • Observation: Programs have *a lot* of control over how their virtual memory works. • Attack #1: Trap-To-User Bit Exploit Trap-To-User: Alert me if this 2nd page is accessed! • Attack #2: Exploit timing side-channel Processing time for password check was proportional to the number of correct characters at the front of the attacker’s guess. CS 423: Operating Systems Design 6

  7. Ex2: Morris Worm • Used the Internet to infect a large number of machines in 1988 • sendmail bug • default configuration allowed debug access • well known for several years, but not fixed • fingerd: finger adam@cs • fingerd allocated fixed size buffer on stack • copied string into buffer without checking length • encode virus into string! • password dictionary • Used infected machines to find/infect others CS 423: Operating Systems Design 7

  8. Ex3: Ping of Death • IP packets can be fragmented, reordered in flight • Reassembly at host • can get fragments out of order, so host allocates buffer to hold fragments • Malformed IP fragment possible • offset + length > max packet size • Kernel implementation didn’t check • Was used for denial of service, but could have been used for virus propagation CS 423: Operating Systems Design 8

  9. Ex4: UNIX Talk • UNIX talk was an early version of Internet chat • For users logged onto same machine • App was setuid root • Needed to write to everyone’s terminal • But it had a bug… • Signal handler for ctrl-C • Arbitrary code execution CS 423: Operating Systems Design 9

  10. Ex5: Netscape • How do you pick a session key? • Early Netscape browser used time of day as seed to the random number generator • Made it easy to predict/break • How do you download a patch? • Netscape offered patch to the random seed problem for download over Web, and from mirror sites • four byte change to executable to make it use attacker’s key CS 423: Operating Systems Design 10

  11. Ex6: Code Red Worm • Code Red: Exploited buffer overflow in IIS for which patch was available but largely unapplied: GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNN %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801 %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 • Behaviors: Worked on a monthly schedule. Spread itself, defaced hosted websites, DoS’d IPs including whitehouse.gov. • Developer of defense was invited to White House CS 423: Operating Systems Design 11

  12. Ex7: Nimda Worm • Utilized multiple attack vectors, ’Metasploit’-style. • Email phising, network shares, compromised web sites, IIS Server vulns, and leftover Code Red backdoor • Left open backdoor on infected machines for any use. Infected ~ 400K machines. CS 423: Operating Systems Design 12

  13. Ex8: SQL Slammer Worm • Slammer: Single UDP packet on MySQL port. Infected 75K vulnerable machines in under 10 minutes • Today: Million node botnets now common!! CS 423: Operating Systems Design 13

  14. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Attempt 1: Add a malicious change to Unix’s login.c if (name == “ken”) { don’t check password; (A) login ken as root; } • … but this modification is too obvious. How do we hide it? CS 423: Operating Systems Design 14

  15. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Attempt 2: Add a malicious change to the C compiler • Insert into compiler: if see trigger { (B) insert (A) into the input stream } • Add trigger to login.c /* gobbledygook */ • Now we don’t need to include the code for the backdoor in login.c, just the trigger • … but still too obvious; how do we hide the modification to the C compiler? CS 423: Operating Systems Design 15

  16. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Attempt 3: Hide the modification to the compiler if see trigger2 { (C) insert (B) and (C) into the input stream } • Compile the compiler with C present • Change is now in the object code for compiler • Replace (C) in the compiler source with /*trigger2*/ CS 423: Operating Systems Design 16

  17. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Now we have an invisible trojan horse in Version 1 of the C compiler… … but the compiler compiles the compiler on successive versions!!! • As long as trigger2 is not removed, code for (B) and (C) will be present • in future versions. Making a compiler for a new machines? You’re going to cross-compile • first on the old machine using the old compiler! • Result: Every new version of login.c has code for (A) included. Invisible: No source code for the backdoor exists. Anywhere. • CS 423: Operating Systems Design 17

  18. Reflections on Trusting Trust • Thompson’s Takeaway: You can’t fully trust code that you didn’t write yourself! • Presented as a thought experiment during Thompson’s Turing Award Lecture. Didn’t really happen… we think?? • Hard to re-secure a machine after penetration. How do you know you’ve removed all the backdoors? • It’s hard to detect that a machine has been penetrated • Any system with bugs is vulnerable • and all systems have bugs CS 423: Operating Systems Design 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

Wilder Research One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will understand The purpose of the One-on-Ones The One-on-One process The tools The ways to protect the privacy of

363 views • 19 slides
Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the mission and goals - June 2013 Mission &amp; goals development included a wide array of stakeholders In addition to the CSCU Mission , each

314 views • 15 slides
Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4 Announcements, etc: MP4 is out! Due May 6th (UTC-11) Final Exam MAY 9TH @ 7PM, SIEBEL 1404 Its fine to use electronics today CS 423: Operating

922 views • 34 slides
Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures Announcements, etc: Informal Early Feedback at end of class today Midterm debrief forthcoming on Friday MP2 extension: now due on

726 views • 21 slides
Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in storage!! Announcements, etc: MP3 is out! Due April 18th . MP3 Walkthrough on Monday, slides up later today Reminder : Please put away devices

909 views • 47 slides
Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

2015 Annual Countywide Escheatment Kick-off Meeting Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment Overview 2014 Recap Policy and Procedure Summary 2015 Timeline Q&amp;A 3 Goals

661 views • 17 slides
Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content Announcements, etc: MP3 Soft Extension: Submit by TODAY for -10pts MP4 due May 7th Deadline provides more time than necessary; wanted to give you

648 views • 49 slides
Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals for Today 2 Agenda and Goals for today &gt; Big Picture: Launch of 3-year Phase-in of Modified RCM Budget Model &gt; Goals: Review Process to

502 views • 31 slides
Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some disk performance exercises Announcements, etc: C4: I removed 2 papers from your reading list No longer need to read Multics Security Eval

421 views • 27 slides
E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled, Please Take a Minute to Think about Examples You Can Share with the Group. Feel Free to Talk Amongst Yourselves... How to Write a Great Very

269 views • 13 slides
2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements: Thank you for your Early Informal Feedback Composite, Visitor, HW3 Phase 2, peer reviews due this Thu at Template Method, Faade, 5pm

104 views • 8 slides
Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask) Char/ascii String constants, string as abstraction (albeit a leaky one) C library functions &lt;string.h&gt; Under the hood: C-string as

331 views • 6 slides
OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Member Forums 2015 OCLC Update So, what are our goals for today? Hear what OCLC is doing governance, participation, products and services Talk to each other about what you are doing share best practices, tips and tricks

1.57k views • 102 slides
Marina Industry Our goal today Who we are What are our strategic goals Give you three

Marina Industry Our goal today Who we are What are our strategic goals Give you three

The Voice of the Marina Industry Our goal today Who we are What are our strategic goals Give you three reasons for joining AMIs affiliate program Answer your questions Who are we? Association of Marina Industries The

360 views • 17 slides
Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload and grading Computer Programming II Resources Welcome! This information is largely included in todays handouts, Course Overview and

288 views • 7 slides
AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department is going to focus on that link to the Academic Master Plan AMP connects to multiple items such as performance indicators, enrollment via

333 views • 6 slides
Authenticated Encryption in SSH Kenny Paterson Information Security Group @kennyog;

Authenticated Encryption in SSH Kenny Paterson Information Security Group @kennyog;

Authenticated Encryption in SSH Kenny Paterson Information Security Group @kennyog; www.isg.rhul.ac.uk/~kp Overview (both lectures) Secure channels and their properties AEAD (revision) AEAD secure channel the [APW09] attack

1.63k views • 72 slides
Predictive Simulation &amp; Big Data Analytics ISD Analytics Predict a better future

Predictive Simulation &amp; Big Data Analytics ISD Analytics Predict a better future

Predictive Simulation &amp; Big Data Analytics ISD Analytics Predict a better future Overview Simulation can play a vital role in the emerging $billion field of Big Data analytics to support Government policy and business strategy

607 views • 31 slides
Government to Citizen Mass Scale Government to Citizen Mass Scale Authorised Alerting, Alerting,

Government to Citizen Mass Scale Government to Citizen Mass Scale Authorised Alerting, Alerting,

Government to Citizen Mass Scale Government to Citizen Mass Scale Authorised Alerting, Alerting, Authorised by Cell Broadcasting Cell Broadcasting . . by Its about time Its about time . . By By Mark Wood,

656 views • 26 slides
Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall 2014 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow

859 views • 70 slides
Network traffic characterization A historical perspective 1 Incoming AT&amp;T traffic by port

Network traffic characterization A historical perspective 1 Incoming AT&amp;T traffic by port

Network traffic characterization A historical perspective 1 Incoming AT&amp;T traffic by port (18 hours of traffic to AT&amp;T dial clients on July 22, 1997) N a m e port % bytes % packets bytes per packet w o r l d - w i d e

425 views • 31 slides
Political Communication: Research Methods POLS 418 MWF 10:00-10:50 Drew Seib February 7, 2011

Political Communication: Research Methods POLS 418 MWF 10:00-10:50 Drew Seib February 7, 2011

Goals Importance of Political Talk Results Political Communication: Research Methods POLS 418 MWF 10:00-10:50 Drew Seib February 7, 2011 Drew Seib Political Communication Goals Importance of Political Talk Results Goals Importance

432 views • 18 slides
Online Proctoring David Foster, Caveon May 15-16, 2015 Proctoring Options Unproctored

Online Proctoring David Foster, Caveon May 15-16, 2015 Proctoring Options Unproctored

Online Proctoring David Foster, Caveon May 15-16, 2015 Proctoring Options Unproctored Internet Testing (UIT) with or without a verification test Online Proctored Testing Testing Center Testing What Is Online Proctoring?

335 views • 12 slides
Aim Aim I can keep myself safe when I use the Internet. Success Criteria Success Criteria

Aim Aim I can keep myself safe when I use the Internet. Success Criteria Success Criteria

Aim Aim I can keep myself safe when I use the Internet. Success Criteria Success Criteria Statement 1 Lorem ipsum dolor sit amet, consectetur adipiscing elit. I can identify risks when using the Internet. Statement 2 I

775 views • 17 slides

More recommend