on computer systems in security
play

On Computer Systems (In)Security Vinod Ganapathy - PowerPoint PPT Presentation

Apr 10, 2024 •421 likes •953 views

On Computer Systems (In)Security Vinod Ganapathy vg@csa.iisc.ernet.in Associate Professor/CSA/IISc My goal today To convince you that: 1. Computer systems are difficult to secure Vinod Ganapathy - CSA Undergraduate Symposium 2 My goal

  1. On Computer Systems (In)Security Vinod Ganapathy vg@csa.iisc.ernet.in Associate Professor/CSA/IISc

  2. My goal today To convince you that: 1. Computer systems are difficult to secure Vinod Ganapathy - CSA Undergraduate Symposium 2

  3. My goal today To convince you that: 1. Computer systems are difficult to secure 2. Computer systems security is a fruitful research area Vinod Ganapathy - CSA Undergraduate Symposium 3

  4. My goal today To convince you that: 1. Computer systems are difficult to secure 2. Computer systems security is a fruitful research area 3. You need to apply to the CSA/IISc Ph.D. program and work on these problems  Vinod Ganapathy - CSA Undergraduate Symposium 4

  5. Vinod Ganapathy - CSA Undergraduate Symposium 5

  6. There a “There are no solutions, only p roblems.” re no solutions, only problems Vinod Ganapathy - CSA Undergraduate Symposium 6

  7. Layered computer system design Modern computer systems are built using layers of abstraction Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 7

  8. Layered computer system design Modern computer systems are built using layers of abstraction IDT … Syscalls Operating Kernel Process System Code List Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 8

  9. Layered computer system design Modern computer systems are built using layers of abstraction gcc … Utilities & ls , ps , & libc Libraries bash utilities IDT … Syscalls Operating Kernel Process System Code List Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 9

  10. Layered computer system design Modern computer systems are built using layers of abstraction … User User app app gcc … Utilities & ls , ps , & libc Libraries bash utilities IDT … Syscalls Operating Kernel Process System Code List Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 10

  11. Fundamental principle in security The lower you go, the more control you have … Least User User control app app gcc … Utilities & ls , ps , & libc Libraries bash utilities IDT … Syscalls Operating Kernel Process System Code List Hardware Most CPU Memory I/O devices control Vinod Ganapathy - CSA Undergraduate Symposium 11

  12. Example: Malware detection User app Utilities & Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 12

  13. Example: Malware detection User Malware app detector Utilities & Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 13

  14. Example: Malware detection User Malware Trusted app detector Layer … Utilities & TCB cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 14

  15. But utilities may be compromised! User Malware app detector Utilities & cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 15

  16. But utilities may be compromised! Show me 1 file contents User Malware 1 app detector Utilities & cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 16

  17. But utilities may be compromised! Show me 1 file contents 2 Fake, benign content User Malware 2 app detector Utilities & cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 17

  18. Solution: Query the OS Query with syscall 1 User Malware app detector Utilities & 1 Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 18

  19. Solution: Query the OS Query with syscall 1 2 OS reads file User Malware app detector Utilities & 2 Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 19

  20. Solution: Query the OS Query with syscall 1 2 OS reads file Returns true 3 User Malware file content app detector Utilities & 3 Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 20

  21. OS detects malicious utilities too cat file A Read file B diff vs ? A B User Malware app detector Utilities & A cat B Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 21

  22. What if the OS is malicious? User Malware app detector Utilities & Libraries Operating System call API System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 22

  23. Rootkit = Malware that infects OS Rootkits hide malware from detectors  Long-term stealth … Malware detector Utilities & Libraries Operating System call API System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 23

  24. How does an OS get infected? • Exploits of kernel vulnerabilities : – Injecting malicious code by exploiting a memory error in the kernel • Privilege escalation attacks : – Exploit a root process and use resulting administrative privileges to update the kernel • Social engineering attacks : – Trick user into installing fake kernel updates • Defeated via signature verification of kernel updates • Trivial to perform prior to the Windows Vista OS Vinod Ganapathy - CSA Undergraduate Symposium 24

  25. How prevalent are rootkits? • 2010 Microsoft report : 7% of all infections from client machines due to rootkits [1] • 2016 HummingBad Android rootkit: [2] – Up to 85 million Android devices infected? – Earns malware authors $300,000 each week through fraudulent mobile advertisements • Used in many high-profile incidents: – Torpig and Storm botnets – Sony BMG (2005), Greek wiretapping (2004/5) [1] Microsoft Malware Protection Center , “ Some Observations on Rootkits, ” January 2010, https://blogs.technet.microsoft.com/mmpc/2010/01/07/some-observations-on-rootkits [2] CheckPoint Software, “ From HummingBad to Worse, ” July 2016, http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf Vinod Ganapathy - CSA Undergraduate Symposium 25

  26. How can we detect rootkits? Ask for help from the layers below User Malware app detector Utilities & Libraries Operating System call API System TCB Hypervisor (a.k.a. Virtual Machine Monitor) Hardware Vinod Ganapathy - CSA Undergraduate Symposium 26

  27. How low can we go? User Malware app detector Utilities & Libraries Operating System [Bluepill, Subvert] Hypervisor Hardware TCB Vinod Ganapathy - CSA Undergraduate Symposium 27

  28. How low can we go? User Malware app detector Utilities & Libraries Operating System Hardware ??? [Stuxnet, Trojaned ICs] TCB Vinod Ganapathy - CSA Undergraduate Symposium 28

  29. Example 1: Linux Adore rootkit sys_open(...) { int main() ... { } open(…) ... sys_open return(0) } System call table User app OS kernel Vinod Ganapathy - CSA Undergraduate Symposium 29

  30. Example 1: Linux Adore rootkit sys_open(...) { int main() ... { } open(…) ... evil_open return(0) } evil_open(...) { malicious(); sys_open(...) System call table } User app OS kernel Vinod Ganapathy - CSA Undergraduate Symposium 30

  31. Example 1: Linux Adore rootkit Violated : Function pointer values in system call table should not change sys_open(...) { int main() ... { } open(…) ... evil_open return(0) } evil_open(...) { malicious(); sys_open(...) System call table } User app OS kernel Vinod Ganapathy - CSA Undergraduate Symposium 31

  32. Example 2: Windows Fu rootkit run-list: Used by the scheduler to select processes for execution Process A Process B Process C run_list run_list run_list next_task next_task next_task all-tasks: Used for process accounting Vinod Ganapathy - CSA Undergraduate Symposium 32

  33. Example 2: Windows Fu rootkit run-list: Used by the scheduler to select processes for execution Process A Process B Process C Hidden process run_list run_list run_list run_list next_task next_task next_task next_task all-tasks: Used for process accounting Vinod Ganapathy - CSA Undergraduate Symposium 33

  34. Example 2: Windows Fu rootkit Violated : run-list ⊆ all-tasks run-list: Used by the scheduler to select processes for execution Process A Process B Process C Hidden process run_list run_list run_list run_list next_task next_task next_task next_task all-tasks: Used for process accounting Vinod Ganapathy - CSA Undergraduate Symposium 34

  35. Next up? Rootkits on IoT devices! 35

  36. Example: Smart phone rootkits Snoop on private phone conversations Track user location using GPS Email sensitive documents to attacker Stealthily enable camera and microphone Exhaust the battery Enable world-wide DDoS attacks [October 2016] Vinod Ganapathy - CSA Undergraduate Symposium 36

  37. How can devices be misused? 1. Malicious end-users can leverage sensors to exfiltrate or infiltrate unauthorized data 2. Malicious apps on devices can achieve similar goals even if end-user is benign 37

  38. Government or corporate office • Problem : Sensitive documents and meetings can be ex-filtrated using the camera, microphone and storage media • Current solution : Physical security scans, device isolation Faraday cages 38

  39. Challenge : Bring your own device 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Capability Systems Trent Jaeger

622 views • 36 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

555 views • 35 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

589 views • 23 slides
Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Multics Trent Jaeger Systems and

569 views • 33 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

420 views • 24 slides
Topics in Systems and Program Security Trent Jaeger Systems and Internet Infrastructure Security

Topics in Systems and Program Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and Program Security Trent Jaeger Systems

426 views • 20 slides
CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

302 views • 16 slides
Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in

792 views • 25 slides
The Role of Simulation-based Studies in Software Engineering Research Prof. Breno Bernard

The Role of Simulation-based Studies in Software Engineering Research Prof. Breno Bernard

The Role of Simulation-based Studies in Software Engineering Research Prof. Breno Bernard Nicolau de Frana breno@ic.unicamp.br Introduction Ways of studying a system... Introduction So, what is simulation? Simulation is the imitation

1.04k views • 65 slides
Summer schools in Maastricht Dirk T empelaar Maastricht University School of Business &

Summer schools in Maastricht Dirk T empelaar Maastricht University School of Business &

Summer schools in Maastricht Dirk T empelaar Maastricht University School of Business & Economics SURF projects in time Webspijkeren I: dec 2004 dec 2006 Webspijkeren II: sept 2006 sept 2008 Both projects directed at improving

820 views • 52 slides
CRESCENT GIRLS SCHOOL PARENTS SEMINAR 2014 PRESENTATION OUTLINE The Crescent Family

CRESCENT GIRLS SCHOOL PARENTS SEMINAR 2014 PRESENTATION OUTLINE The Crescent Family

CRESCENT GIRLS SCHOOL PARENTS SEMINAR 2014 PRESENTATION OUTLINE The Crescent Family Post-Secondary Education Pathways & Institutions The revised A-level Curriculum The International Baccalaureate Programme

751 views • 58 slides
2/4/19 Who we are Summer Learning 2019 Vision To provide a platform for students to explore and

2/4/19 Who we are Summer Learning 2019 Vision To provide a platform for students to explore and

2/4/19 Who we are Summer Learning 2019 Vision To provide a platform for students to explore and extend learning opportunities while fulfilling their educational requirements. Mission North Vancouver School District Summer Learning provides

292 views • 4 slides
Natspec Prevent Conference December 7 Cheshire Conference Centre @Natspec #NatspecPrevent

Natspec Prevent Conference December 7 Cheshire Conference Centre @Natspec #NatspecPrevent

Natspec Prevent Conference December 7 Cheshire Conference Centre @Natspec #NatspecPrevent Prevent and on-line safety 07/12/2016 What technical systems should your college have in place? Common mistakes and how to deal with them. Prevent

588 views • 41 slides
WHO-IAEA Joint Programme on Cancer Control Dr Cecilia Seplveda Senior Adviser Cancer Control

WHO-IAEA Joint Programme on Cancer Control Dr Cecilia Seplveda Senior Adviser Cancer Control

WHO-IAEA Joint Programme on Cancer Control Dr Cecilia Seplveda Senior Adviser Cancer Control Slide 1 WHO-IAEA Joint Programme on Cancer Control Launched in May 2009. Brings together two UN organizations with complementary mandates in

300 views • 9 slides
Clinical Reflection in Practice Learning from challenging situations Arabella Gaunt MSc MOst

Clinical Reflection in Practice Learning from challenging situations Arabella Gaunt MSc MOst

01/05/2020 Clinical Reflection in Practice Learning from challenging situations Arabella Gaunt MSc MOst BSc(Hons) PgACE UCO Clinical Teaching Fellow arabella.gaunt@uco.ac.uk 1 Key Learning Points Participants should be able to:-

440 views • 15 slides
TEACHING FUNCTIONAL SKILLS ENGLISH SESSION 1: STARTING POINTS YOUR TUTOR: RACHEL NER

TEACHING FUNCTIONAL SKILLS ENGLISH SESSION 1: STARTING POINTS YOUR TUTOR: RACHEL NER

TEACHING FUNCTIONAL SKILLS ENGLISH SESSION 1: STARTING POINTS YOUR TUTOR: RACHEL NER rachel.oner@btinternet.com HTTPS://PADLET.COM/C_COLLINS2/L5FSENGLISH Zoom Housekeeping Bottom row Bottom right Top right 2 Introductions Your trainer:

401 views • 27 slides

More recommend