goals for today
play

Goals for Today Learning Objective: Understand why secure systems - PowerPoint PPT Presentation

Mar 28, 2023 •90 likes •297 views

Goals for Today Learning Objective: Understand why secure systems fail Announcements, etc: MP3 is now available for download on Compass! DUE APRIL 15th (5 days from now) MP2.5 enrollment now closed! MP4 Release Date

  1. Goals for Today • Learning Objective: • Understand why secure systems fail • Announcements, etc: MP3 is now available for download on Compass! • DUE APRIL 15th (5 days from now) • MP2.5 enrollment now closed! • MP4 Release Date — April 17 • Reminder : Please put away devices at the start of class CS 423: Operating Systems Design 1

  2. CS 423 
 Operating System Design: Epic Security Fails in Operating System History Professor Adam Bates CS 423: Operating Systems Design

  3. Security in Practice • In practice, systems are not that secure • any system with bugs is vulnerable • Where do vulnerabilities come from? • vuln’s often arise when system used in unanticipated ways • usually not a brute force attack against encryption key • How do we tell when system is compromised? • if hackers control system, they can hide their tracks • How can we dell when system is secure again? • even after we patch the vulnerability, hackers could have left unknown backdoors CS 423: Operating Systems Design 3

  4. Ex1: Tenex Password Vuln • Early system supporting virtual memory • Kernel login check: for (i = 0; i < password length; i++) { if (password[i] != userpwd[i]) return error; } return ok CS 423: Operating Systems Design 4

  5. Ex1: Tenex Password Vuln • Early system supporting virtual memory • Kernel login check: for (i = 0; i < password length; i++) { if (password[i] != userpwd[i]) return error; } return ok ANY PROBLEMS HERE? CS 423: Operating Systems Design 5

  6. Ex1: Tenex Password Vuln • Observation: Programs have *a lot* of control over how their virtual memory works. • Attack #1: Trap-To-User Bit Exploit Trap-To-User: Alert me if this 2nd page is accessed! • Attack #2: Exploit timing side-channel Processing time for password check was proportional to the number of correct characters at the front of the attacker’s guess. CS 423: Operating Systems Design 6

  7. Ex2: Morris Worm • Used the Internet to infect a large number of machines in 1988 • Three Propagation Vectors sendmail bug • default configuration allowed debug access • well known for several years, but not fixed • fingerd: finger adam@cs • fingerd allocated fixed size buffer on stack • copied string into buffer without checking length • encode virus into string! • dictionary attack on week passwords • • Used infected machines to find/infect others CS 423: Operating Systems Design 7

  8. Ex3: Ping of Death • IP packets can be fragmented, reordered in flight • Reassembly at host • can get fragments out of order, so host allocates buffer to hold fragments • Malformed IP fragment possible • offset + length > max packet size • Kernel implementation didn’t check • Was used for denial of service, but could have been used for virus propagation CS 423: Operating Systems Design 8

  9. Ex4: UNIX Talk • UNIX talk was an early version of Internet chat • For users logged onto same machine • App was setuid root • Needed to write to everyone’s terminal • But it had a bug… • Signal handler for ctrl-C • Arbitrary code execution CS 423: Operating Systems Design 9

  10. Ex5: Netscape • How do you pick a session key? • Early Netscape browser used time of day as seed to the random number generator • Made it easy to predict/break • How do you download a patch? • Netscape offered patch to the random seed problem for download over Web, and from mirror sites • four byte change to executable to make it use attacker’s key CS 423: Operating Systems Design 10

  11. Ex6: Code Red Worm • Code Red: Exploited buffer overflow in IIS for which patch was available but largely unapplied: GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNN %u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801 %u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 • Behaviors: Worked on a monthly schedule. Spread itself, defaced hosted websites, DoS’d IPs including whitehouse.gov. • Developer of defense was invited to White House CS 423: Operating Systems Design 11

  12. Ex7: Nimda Worm • Utilized multiple attack vectors, ’Metasploit’-style. • Email phising, network shares, compromised web sites, IIS Server vulns, and leftover Code Red backdoor • Left open backdoor on infected machines for any use. Infected ~ 400K machines. CS 423: Operating Systems Design 12

  13. Ex8: SQL Slammer Worm • Slammer: Single UDP packet on MySQL port. Infected 75K vulnerable machines in under 10 minutes • Today: Million node botnets now common!! CS 423: Operating Systems Design 13

  14. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Attempt 1: Add a malicious change to Unix’s login.c if (name == “ken”) { don’t check password; (A) login ken as root; } • … but this modification is too obvious. How do we hide it? CS 423: Operating Systems Design 14

  15. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Attempt 2: Add a malicious change to the C compiler • Insert into compiler: if see trigger { (B) insert (A) into the input stream } • Add trigger to login.c /* gobbledygook */ • Now we don’t need to include the code for the backdoor in login.c, just the trigger • … but still too obvious; how do we hide the modification to the C compiler? CS 423: Operating Systems Design 15

  16. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Attempt 3: Hide the modification to the compiler if see trigger2 { (C) insert (B) and (C) into the input stream } • Compile the compiler with C present • Change is now in the object code for compiler • Replace (C) in the compiler source with /*trigger2*/ CS 423: Operating Systems Design 16

  17. Reflections on Trusting Trust • Ken Thompson’s self-replicating program • Now we have an invisible trojan horse in Version 1 of the C compiler… … but the compiler compiles the compiler on successive versions!!! • As long as trigger2 is not removed, code for (B) and (C) will be present • in future versions. Making a compiler for a new machines? You’re going to cross-compile • first on the old machine using the old compiler! • Result: Every new version of login.c has code for (A) included. • Invisible: No source code for the backdoor exists. Anywhere. CS 423: Operating Systems Design 17

  18. Reflections on Trusting Trust • Thompson’s Takeaway: You can’t fully trust code that you didn’t write yourself! • Presented as a thought experiment during Thompson’s Turing Award Lecture. • Didn’t really happen… we think?? • Hard to re-secure a machine after penetration. How do you know you’ve removed all the backdoors? • It’s hard to detect that a machine has been penetrated • Any system with bugs is vulnerable • … and all systems have bugs CS 423: Operating Systems Design 18

  19. Conclusions • What were the failure causes for these systems? • Lower-layers of system violated programmer assumptions … still a problem today (e.g., SPECTRE) • • Trust-by-Default nature of early Internet services … still a problem today (e.g., BadUSB) • • Fixes were available, but people didn’t patch … still a problem today (e.g., Heartbleed) • • Systems were build using 3rd Party SW/HW … still a problem today (e.g., NSA backdoors in Cisco routers) • CS 423: Operating Systems Design 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will

Wilder Research One-on-One Interviews Training for SPF SIG coalitions Goals for today After today, you will understand The purpose of the One-on-Ones The One-on-One process The tools The ways to protect the privacy of

363 views • 19 slides
Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the

Mission, Goals, Metrics: Where Is CSCU Today? CSCU Mission &amp; Goals History BOR adopted the mission and goals - June 2013 Mission &amp; goals development included a wide array of stakeholders In addition to the CSCU Mission , each

314 views • 15 slides
Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4

Goals for Today Learning Objective: Discuss the ins and outs of MP4 Announcements, etc: MP4 is out! Due May 6th (UTC-11) Final Exam MAY 9TH @ 7PM, SIEBEL 1404 Its fine to use electronics today CS 423: Operating

922 views • 34 slides
Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures

Goals for Today Learning Objective: Define a taxonomy for virtualization architectures Announcements, etc: Informal Early Feedback at end of class today Midterm debrief forthcoming on Friday MP2 extension: now due on

726 views • 21 slides
Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in

Goals for Today Learning Objective: Learn how to achieve reliability + availability in storage!! Announcements, etc: MP3 is out! Due April 18th . MP3 Walkthrough on Monday, slides up later today Reminder : Please put away devices

909 views • 47 slides
Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment

2015 Annual Countywide Escheatment Kick-off Meeting Welcome Dan McAllister, Treasurer Tax-Collector 2 Agenda Goals for today Escheatment Overview 2014 Recap Policy and Procedure Summary 2015 Timeline Q&amp;A 3 Goals

661 views • 17 slides
Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content

Goals for Today Learning Objective: Present final exam details + review content Announcements, etc: MP3 Soft Extension: Submit by TODAY for -10pts MP4 due May 7th Deadline provides more time than necessary; wanted to give you

648 views • 49 slides
Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals

Budget Recalibration Phase 2 Implementation Group Kickoff August 8, 2017 1 Agenda and Goals for Today 2 Agenda and Goals for today &gt; Big Picture: Launch of 3-year Phase-in of Modified RCM Budget Model &gt; Goals: Review Process to

502 views • 31 slides
Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some

Goals for Today Learning Objective: Learn about directory structures Run through some disk performance exercises Announcements, etc: C4: I removed 2 papers from your reading list No longer need to read Multics Security Eval

421 views • 27 slides
E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled,

E Komo Mai We Will Be Talking About Your Marketing Goals and Tactics Today. As you get Settled, Please Take a Minute to Think about Examples You Can Share with the Group. Feel Free to Talk Amongst Yourselves... How to Write a Great Very

269 views • 13 slides
2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements:

2/10/15 Today s goals Design Patterns What are Design Patterns? Announcements: Thank you for your Early Informal Feedback Composite, Visitor, HW3 Phase 2, peer reviews due this Thu at Template Method, Faade, 5pm

104 views • 8 slides
Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask)

Goals for today Everything you wanted to know about C-strings (but were afraid to ask) Char/ascii String constants, string as abstraction (albeit a leaky one) C library functions &lt;string.h&gt; Under the hood: C-string as

331 views • 6 slides
OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Update So, what are our goals for today? Hear what OCLC is doing governance,

OCLC Member Forums 2015 OCLC Update So, what are our goals for today? Hear what OCLC is doing governance, participation, products and services Talk to each other about what you are doing share best practices, tips and tricks

1.57k views • 102 slides
Marina Industry Our goal today Who we are What are our strategic goals Give you three

Marina Industry Our goal today Who we are What are our strategic goals Give you three

The Voice of the Marina Industry Our goal today Who we are What are our strategic goals Give you three reasons for joining AMIs affiliate program Answer your questions Who are we? Association of Marina Industries The

360 views • 17 slides
Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload

Outline for Today Course Overview Goals Administrative details CSE 143 Workload and grading Computer Programming II Resources Welcome! This information is largely included in todays handouts, Course Overview and

288 views • 7 slides
AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department

AMP Implementation Workshop 9-13-2013 Goal for today: Draft 3-5 goals that your department is going to focus on that link to the Academic Master Plan AMP connects to multiple items such as performance indicators, enrollment via

333 views • 6 slides
CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of

CS333 Intro to Operating Systems Jonathan Walpole Security Overview Different aspects of security User authentication Protection mechanisms Attacks: - trojan horses, spoofing, logic bombs, trap doors, buffer overflow attacks, viruses,

1.2k views • 59 slides
Security III: Availability, DDoS, sli.do time and Routing Security 15-441 Spring 2019 (yell

Security III: Availability, DDoS, sli.do time and Routing Security 15-441 Spring 2019 (yell

3/28/19 Security III: Availability, DDoS, sli.do time and Routing Security 15-441 Spring 2019 (yell at me if I dont notice?) Profs Peter Steenkiste &amp; Justine Sherry &amp; (Guest Lecturer) Sannan Slides almost entirely copied from

288 views • 18 slides
Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author:

Yang Models for I2NSF Capabilities draft-hares-i2nsf-capabilities-yang Susan Hares Co-author: Robert Moskowitz` Capability Model (Xia, et al.) External Meta External ECA Model Model Capability sub-model Attack Mitigation Network Security

258 views • 15 slides
A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio

A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio

Complex Systems A Simulation-Based Approach Current Prototype Conclusions A Simulation-Driven Approach for Assessing Risks of Complex Systems Fabrizio Baiardi 1 Claudio Telmon 1 Daniele Sgandurra 2 1 Dipartimento di Informatica, Universit` a

601 views • 29 slides
Internet Discussion Theme: Death by TLAs Slides with * are not testable material

Internet Discussion Theme: Death by TLAs Slides with * are not testable material

Internet Discussion Theme: Death by TLAs Slides with * are not testable material Theme of the Day - An analysis: Well, technically most are initialisms, because we say each letter as opposed to sounding them out as one word.

601 views • 29 slides
Is Software Malfunction an Oxymoron? Jesse Hughes July 25, 2007 Hughes Is Software Malfunction

Is Software Malfunction an Oxymoron? Jesse Hughes July 25, 2007 Hughes Is Software Malfunction

An introduction to malfunction Token and type malfunction Misfunction Is Software Malfunction an Oxymoron? Jesse Hughes July 25, 2007 Hughes Is Software Malfunction an Oxymoron? An introduction to malfunction Token and type malfunction

1.03k views • 81 slides
The war on error James Chapman University of Tartu Practicalities 4 weeks of 4 sessions per

The war on error James Chapman University of Tartu Practicalities 4 weeks of 4 sessions per

The war on error James Chapman University of Tartu Practicalities 4 weeks of 4 sessions per week Monday, 12.15-14.00 Tuesday, 16.15-18.00 Wednesday, 12.15-14.00 Thursday, 10.15-12.00 It will be assessed by 4 pieces of

1.01k views • 55 slides
Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/

Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/

Availability models Dr. Jnos Tapolcai tapolcai@tmit.bme.hu http://opti.tmit.bme.hu/~tapolcai/ / 1 Failure sources HW failures Network element failures Type failures Manufacturing or design failures Turns out at the testing

553 views • 31 slides

More recommend