protection
play

Protection Disclaimer: some slides are adopted from book authors - PowerPoint PPT Presentation

Jul 08, 2023 •435 likes •953 views

Protection Disclaimer: some slides are adopted from book authors slides with permission 1 Today Protection Security 2 Examples of OS Protection Memory protection Between user processes Between user and kernel File

  1. Protection Disclaimer: some slides are adopted from book authors’ slides with permission 1

  2. Today • Protection • Security 2

  3. Examples of OS Protection • Memory protection – Between user processes – Between user and kernel • File protection – Prevent unauthorized accesses to files 3

  4. Principles of Protection • Principle of least privilege – Programs and users should be given just enough privileges to perform their tasks – Limit the damage if the entity has a bug or abused 4

  5. Protection Domains • Let D i and D j be any two domain rings • If j < I  D i  D j • Kernel mode vs. user mode Most privileged Least privileged 5

  6. Access Control Matrix • Domains in rows – Domain: a user or a group of users • Resources in columns – File, device, … E.g., User D1 can read F1 or F3 6

  7. Method 1: Access Control List • Each object stores users and their permissions -rw-rw-r-- heechul heechul 38077 Apr 23 15:16 main.tex owner group world 7

  8. Method 2: Capability List • Each domain tracks which objects can access – Page table: each process (domain) tracks all pages (objects) it can access 8

  9. Summary • Protection – Prevent unintended/unauthorized accesses • Protection domains – Class hierarchy: root can to everything a normal user can do + alpha • Access control matrix – Domains (Users)  → Resources (Objects) – Resource oriented: Access control list – Domain oriented: Capability list 9

  10. Security 10

  11. Today • Security basics • Stack overflow • Some recent security bugs 11

  12. Security • System secure if resources used and accessed as intended under all circumstances – Unachievable • Intruders ( crackers ) attempt to breach security • Threat is potential security violation • Attack is attempt to breach security 12

  13. Threats: Software • Stack and Buffer Overflow – Exploits a bug in a program (overflow either the stack or memory buffers) – Failure to check bounds on inputs, arguments – Write past arguments on the stack into the return address on stack – When routine returns from call, returns to hacked address • Pointed to code loaded onto stack that executes malicious code – Unauthorized user or privilege escalation 13

  14. Stack Frame Layout Stack pointer 14

  15. Code with Buffer Overflow #define BUFFER_SIZE 256 int process_args(char *arg1) { char buffer[BUFFER SIZE]; strcpy(buffer,arg1); ... } int main(int argc, char *argv[]) { process_args(argv[1]); ... } • What is wrong in this code? 15

  16. Code with Buffer Overflow #define BUFFER_SIZE 256 int process_args(char *arg1) { char buffer[BUFFER SIZE]; strcpy(buffer,arg1); ... } int main(int argc, char *argv[]) arg1 { process_args(argv[1]); ... } • Stack layout after calling process_arg() 16

  17. Code with Buffer Overflow #define BUFFER_SIZE 256 int process_args(char *arg1) { char buffer[BUFFER SIZE]; strcpy(buffer,arg1); ... } int main(int argc, char *argv[]) arg1 { process_args(argv[1]); ... } • Do you remember strcpy() in C? 17

  18. Let’s Get the Shell • Steps – Compile the code you want to illegitimately execute – ‘Carefully’ modify the binary – Pass the modified binary as string to the process_arg() #include <stdio.h> int main(int argc, char *argv[]) { execvp( ‘‘ /bin/sh ’’ , ‘‘ /bin/sh ’’ , NULL); return 0; } 18

  19. The Attack: Buffer Overflow Before After executing strcpy(buffer, arg1 ) the crafted string containing the illegitimate code 19

  20. Linux Kernel Buffer Overflow Bugs 212 reported buffer overflow bugs in Linux Source: http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id- 47/cvssscoremin-9/cvssscoremax-/Linux-Linux-Kernel.html 20

  21. Linux Kernel Buffer Overflow Bugs 21

  22. 22 Slide from Dr. Vitaly Shmatikov (Cornell)

  23. 23 Slide from Dr. Vitaly Shmatikov (Cornell)

  24. 24 Slide from Dr. Vitaly Shmatikov (Cornell)

  25. 25 Slide from Dr. Vitaly Shmatikov (Cornell)

  26. Goto Fail Bug iOS 7.0.6 Data Security Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later Impact : An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description : Secure Transport failed to validate the authenticity of the connection . This issue was addressed by restoring missing validation steps. 26

  27. Goto Fail Bug err = 0 . . . hashOut.data = hashes + SSL_MD5_DIGEST_LEN; hashOut.length = SSL_SHA1_DIGEST_LEN; if ((err = SSLFreeBuffer(&hashCtx)) != 0) goto fail; if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; MISTAKE! THIS LINE SHOULD NOT BE HERE if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; err = sslRawVerify(...); // This code must be executed . . . fail: SSLFreeBuffer(&signedHashes); SSLFreeBuffer(&hashCtx); Return err; 27

  28. Heartbleed Bug • Synopsis – Due to a bug in OpenSSL (popular s/w for encrypted communication), web server’s internal memory can be dumped remotely 28

  29. Heartbleed Bug Image source: xkcd.com 29

  30. Heartbleed Bug Image source: xkcd.com 30

  31. Heartbleed Bug struct { HeartbeatMessageType type; Heartbeat uint16 payload_length; req. message opaque payload[HeartbeatMessage.payload_length]; opaque padding[padding_length]; } HeartbeatMessage int tls1_process_heartbeat(SSL *s) Heartbeat { Response function ... /* Read type and payload length first */ hbtype = *p++; n2s(p, payload ); // payload = recv_packet.payload_length pl = p; ... if (hbtype == TLS1_HB_REQUEST) { ... buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; memcpy(bp, pl, payload); r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); ... 31

  32. Shellshock Bug • Synopsis – You can remotely execute arbitrary programs on a server running a web server by simply sending a specially crafted http request. – Example curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/ • The problem – Fail to check the validity of a function definition before executing it For detailed explanation: security.stackexchange.com 32

  33. Threats: Hardware • Disturbance errors in DRAM (*) • a.k.a. Row Hammer Bug • Repeated opening/closing a DRAM row can cause bit flips in adjacent rows. • In more than 80% DRAM modules between 2010 -2013 • Google demonstrated successful hacking method utilizing the bug (**) – manipulate page tables at the user-level (*) Yoongu Kim et al, “ Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors, ” ISCA’14 33 (**) Google Project Zero. Exploiting the DRAM rowhammer bug to gain kernel privileges, 2015

  34. DRAM Chip Wordline Row of Cells Row Victim Row V LOW V HIGH Aggressor Row Row Opened Closed Victim Row Row Row Repeatedly opening and closing a row induces disturbance errors in adjacent rows This slide is from the Dr. Yoongu Kim’s ISCA 2014 presentation 34

  35. Drammer • Successful exploit to gain root privilege of Android smartphones – Exploit row hammer bugs on mobile DRAM – Use Android’s special memory allocation feature – Alter page table entries (privileged) by hammering nearby memory blocks (non-privileged) – [Demo] https://www.vusec.net/projects/drammer/ 35

  36. Meltdown • What is it? – An attack that exploits Intel CPU’s flaw that allows any user-level process to read the content of the kernel- only accessible memory---usually the entire dram • What’s the impact? – An attacker can dump the entire memory, including password and other confidential information • Which CPUs are affected? – Almost all Intel CPUs that do Out-of-Order Execution to improve performance 36

  37. Virtual Memory • Abstraction – A large (e.g., 4GB) linear address space for each process • Reality – A limited (e.g., 1GB) amount of actual physical memory shared with many other processes • How? 37

  38. Properties of Virtual Memory • Memory isolation among different processes – E.g., Process A cannot see process B’s memory (vice versa.) • What about memory isolation between kernel and user ? – Q1. how does kernel map its own private memory? – Q2. how to prevent user processes from accessing the kernel mapped memory? 38

  39. Kernel/User Virtual Memory 0xFFFFFFFF • Kernel memory – Kernel code, data Kernel – Identical to all address spaces 0xC0000000 – Fixed 1-1 mapping of physical memory • User memory User – Process code, data, heap, stack,... – Unique to each address space – On-demand mapping (page fault) 0x00000000 39

  40. Kernel/User Virtual Memory 0xFFFFFFFF • Every user-process has mappings to kernel memory Kernel • But the kernel memory is only accessible at the kernel mode 0xC0000000 – when you execute system calls or interrupt handlers. • Benefits of this design: Performance User – Kernel can move data between user memory and kernel memory easily w/o changing the address space. 0x00000000 40

  41. ARM Page Table 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tier 1 Water Budget CTC SPC Meeting # 2/09 Agenda Item # 6.1 February 17, 2009 Gayle

Tier 1 Water Budget CTC SPC Meeting # 2/09 Agenda Item # 6.1 February 17, 2009 Gayle

CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region www.ctcswp.ca CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection

645 views • 48 slides
Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from performing illegal I/Os Memory protection Otto J. Anshus Prevent users from modifying kernel code and data (including slides from Kai Li,

350 views • 6 slides
The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is

The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is

The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is available for download through the Google Play and iTunes App Stores. The Protection Mainstreaming App is based on the Global Protection Cluster Guidance

260 views • 3 slides
I. Asset Protection Trusts Foreign Asset Protection Trusts Offshore Asset Protection

I. Asset Protection Trusts Foreign Asset Protection Trusts Offshore Asset Protection

I. Asset Protection Trusts Foreign Asset Protection Trusts Offshore Asset Protection Structure STRONGEST asset protection because its not under US law Hurdles FAPTs create for Creditors: o They dont recognize US judgments.

219 views • 9 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Operating System Concepts 18.1

355 views • 19 slides
Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix

Module 18: Protection Goals of Protection Domain of Protection Access Matrix Implementation of Access Matrix Revocation of Access Rights Capability-Based Systems Language-Based Protection Silberschatz, Galvin, and Gagne

314 views • 16 slides
Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents

Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents

Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents Presented By: Robin Hylton Session on International Protection: Patents Patent Protection Outside the United States Paris Convention Basics

584 views • 54 slides
Groundwater Quality Vulnerability Analysis - WHPA delineation &amp; vulnerability CTC SWP

Groundwater Quality Vulnerability Analysis - WHPA delineation &amp; vulnerability CTC SWP

CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region www.ctcswp.ca CTC Source Protection Region CTC Source Protection Region CTC Source Protection Region CTC Source Protection

486 views • 30 slides
Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly internal problem Protection: mechanism for controlling the access of programs, processes, or users to the resources defined by a computer

499 views • 16 slides
Protection &amp; Advocacy Kentucky Protection &amp; Advocacy Camille Collins What is P&amp;A?

Protection &amp; Advocacy Kentucky Protection &amp; Advocacy Camille Collins What is P&amp;A?

Protection &amp; Advocacy Kentucky Protection &amp; Advocacy Camille Collins What is P&amp;A? Federal law requires that each state and U.S. Territory establish a protection and advocacy system. KY P&amp;A is the established agency in

339 views • 20 slides
5 TOP TIPS TO SELL MORE PROTECTION! 5 TOP PROTECTION TIPS! AGENDA Turning water into wine!

5 TOP TIPS TO SELL MORE PROTECTION! 5 TOP PROTECTION TIPS! AGENDA Turning water into wine!

5 TOP TIPS TO SELL MORE PROTECTION! 5 TOP PROTECTION TIPS! AGENDA Turning water into wine! Multi claims - limited benefit plans Pay rise on claims Sick pay for self employed Marketing Protection 5 TOP TIPS FOR PROTECTION

1.02k views • 63 slides
Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses

Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses

Security 1 Recap: Protection Protection Prevent unintended/unauthorized accesses Protection domains Class hierarchy: root can to everything a normal user can do + alpha Access control matrix Domains (Users)

575 views • 24 slides
E L Consumer Consumer P Protection Protection M Project Project A S Nicole Gordillo,

E L Consumer Consumer P Protection Protection M Project Project A S Nicole Gordillo,

E L Consumer Consumer P Protection Protection M Project Project A S Nicole Gordillo, Tyler Ballesteros, Simone Singh, &amp; Jackson McDonough E 47 U.S. Code 227 The Telephone Consumer Protection Act (TCPA) is a federal

431 views • 21 slides
Implementation of Source Protection Plan Policies Halton-Hamilton Source Protection Committee

Implementation of Source Protection Plan Policies Halton-Hamilton Source Protection Committee

Implementation of Source Protection Plan Policies Halton-Hamilton Source Protection Committee Meeting December 8, 2015 The Ministry of the Environment and Climate Change 2 Source Protection Plan Policy Approaches Source Protection

656 views • 46 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection

Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection

Silberschatz and Galvin Chapter 19 Protection CPSC 410--Richard Furuta 4/26/99 1 Protection Goals of protection schemes Domain of protection Mechanisms access matrix implementation of access matrix revocation of access

437 views • 14 slides
Cosmology: the First 4 Days D. Russell Humphreys, Ph.D. Creation Research Society In the

Cosmology: the First 4 Days D. Russell Humphreys, Ph.D. Creation Research Society In the

Cosmology: the First 4 Days D. Russell Humphreys, Ph.D. Creation Research Society In the beginning God created ... = space ... the heavens and the earth. In the beginning God created ... = space ... the heavens and the earth. When?

280 views • 26 slides
Welcome We will begin at 7:30 p.m. Central Time. Alexis Conavay Or Organizing Coordinator

Welcome We will begin at 7:30 p.m. Central Time. Alexis Conavay Or Organizing Coordinator

Welcome We will begin at 7:30 p.m. Central Time. Alexis Conavay Or Organizing Coordinator Jalakoi Solomon Re Regional Organizing Manager Logistics We will meet every Wednesday for 90 minutes. If you cannot attend, inform your fellows

518 views • 40 slides
States, Processes, and Events, and the Ontology of Causal Relations Antony Galton College of

States, Processes, and Events, and the Ontology of Causal Relations Antony Galton College of

States, Processes, and Events, and the Ontology of Causal Relations Antony Galton College of Engineering, Mathematics, and Physical Sciences, University of Exeter, UK FOIS-2012, Graz, Austria, July 2012 Key Questions regarding Causation (after

427 views • 28 slides
Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl, Austria, April 2019 1 Czech Technical University in Prague, Czech Republic Jan Jakub uv, Josef Urban Clause Features for Theorem Prover Guidance

589 views • 35 slides
Symbion Interleaving Symbolic with Concrete Execution Fabio Gritti , Lorenzo Fontana, Eric

Symbion Interleaving Symbolic with Concrete Execution Fabio Gritti , Lorenzo Fontana, Eric

Symbion Interleaving Symbolic with Concrete Execution Fabio Gritti , Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, and Giovanni Vigna University of California, Santa Barbara 1 Motivation

1.91k views • 116 slides
The Project FeederWatch Top 20 feeder birds in the East Central region Based on the reports of

The Project FeederWatch Top 20 feeder birds in the East Central region Based on the reports of

The Project FeederWatch Top 20 feeder birds in the East Central region Based on the reports of citizen scientists from across the region. White-breasted Nuthatch by Steve Delloff Do you like to watch the birds that visit your backyard bird

369 views • 26 slides
jive5ab 2.8.1 and support acts m5copy and vbs_{fs,ls,rm} May 2017 TOG - Ventspils

jive5ab 2.8.1 and support acts m5copy and vbs_{fs,ls,rm} May 2017 TOG - Ventspils

jive5ab 2.8.1 and support acts m5copy and vbs_{fs,ls,rm} May 2017 TOG - Ventspils verkouter@jive.eu New developments in jive5ab 2.8.1 May 2017 TOG - Ventspils verkouter@jive.eu Many fjxes in 2.8.1 SIGSEGV reported by one (1) FlexBuff

572 views • 28 slides
EMBODIED NEURO- SYMBOLIC COMPUTATION SERGE THILL SERGE.THILL@HIS.SE CONTENTS (from

EMBODIED NEURO- SYMBOLIC COMPUTATION SERGE THILL SERGE.THILL@HIS.SE CONTENTS (from

EMBODIED NEURO- SYMBOLIC COMPUTATION SERGE THILL SERGE.THILL@HIS.SE CONTENTS (from stampauctionnetwork.com) TWO REASONS FOR BEING INTERESTED IN NEURO-SYMBOLIC COMPUTATION 1. IT APPEARS USEFUL FOR APPLICATIONS IN COGNITIVE SYSTEMS 2. IT MAY

1.03k views • 38 slides

More recommend