sandboxing
play

Sandboxing 1 logistics CHALLENGE assignment take-home portion of - PowerPoint PPT Presentation

May 11, 2023 •177 likes •848 views

Sandboxing 1 logistics CHALLENGE assignment take-home portion of the fjnal next class fjnal exam review 2 CHALLENGE (1) expect to release before Saturday; due by written fjnal probably complete all but two fjve of seven or four of

  1. Sandboxing 1

  2. logistics CHALLENGE assignment — take-home portion of the fjnal next class — fjnal exam review 2

  3. CHALLENGE (1) expect to release before Saturday; due by written fjnal probably complete all but two fjve of seven or four of six (waiting for TA feedback to callibrate difficulty) similar format to “attack” homeworks create a program that produces input you are responsible for fjguringout what scenario applies 3

  4. CHALLENGE (2) some very similar to prior HWs, some not reference solutions to OVER, ROP, FORMAT will be available you may modify and use these you can ask about general strategies, but not specifjc challenges e.g. ask TAs/students to go through examples of how to do stack smashing e.g. ask TAs/students how to tell if pointer subterfuge would work 4

  5. web page 5

  6. web security summary (1) browser as OS: websites are like programs cross-site scripting command injection for the web not just stufg to display — program code for website problem: runs with website permissions (e.g. cookies) 6

  7. web security summary (2) isolation mechanism: same origin policy decision: everything on domain name is “the same” cross-site request forgery consequence of statelessness all requests send cookie (password-equivalent) extra token to distinguish “user initiated” or not 7

  8. on user tracking embedding one web page in another enables tracking users across website example: multiple webpages include iframe with a google ad Google reliably gets excerpt of web history reason: websites cooperated with Google users often don’t like this what can browsers do about this? 8 your browser sends request to Google with same cookie

  9. changing the cookie policy (1) idea: no “third-party” cookies only send cookies for URL in address bar now embedded Google calendar can’t use my credentials what about websites that use multiple domains? 9

  10. changing the cookie policy (1) idea: no “third-party” cookies only send cookies for URL in address bar now embedded Google calendar can’t use my credentials what about websites that use multiple domains? 9

  11. changing the cookie policy (2) current Firefox “tracking protection” approach: manually(?) created list of sites that do tracking …and can be ignored without breaking things 10

  12. changing the cookie policy (3) EFF Privacy Badger: heuristic apporach create score using amount of info in cookies number of places third-party appears block requests to third-party or fjlter cookies if score too high hard-coded exceptions for common false positives/tricky caes ‘surrogate’ code to avoid breaking website by blocking tracking code has callbacks to third-party e.g. facebook.com and fbcdn.com 11

  13. tracking without cookies websites can do tracking even with no cookies information in URLs — add ?sessionID to all links other forms of browser storage — e.g. via Flash websites can “fjngerprint” browser and machine version, fonts, screen resolution, plugins, graphics features, … caching of previously downloaded resources almost unique a surprising amount of the time have IP addresses, too — very good hints 12

  14. tracking without cookies websites can do tracking even with no cookies information in URLs — add ?sessionID to all links other forms of browser storage — e.g. via Flash websites can “fjngerprint” browser and machine version, fonts, screen resolution, plugins, graphics features, … caching of previously downloaded resources almost unique a surprising amount of the time have IP addresses, too — very good hints 12

  15. Web Frameworks tools for making writing interactive websites help e.g. Django (Python): default to anti-embedding HTTP header (no clickjacking) default to HttpOnly cookies default to requiring CSRF token for POSTs usually provide “templates” which escape HTML properly by default template: <p>Name: {{name}} (placeholder in {{…}}) if name is <script>... result is <p>Name: &lt;script&gt;... 13

  16. recall: UAF triggering code // garbage collector frees unreachable objects vid.src = window.URL.createObjectURL(ms); ms.addEventListener('webkitsourceopen', source_opened); ms = new WebKitMediaSource(); } buffer.timestampOffset = 42; // buffer now internally refers to delete'd player object // (would be run automatically, eventually, too) gc(); // force garbage collector to run now earlier in semester: exploit in Chrome browser itself vid.parentNode.removeChild(vid); codecs="vorbis,vp8"'); buffer = ms.addSourceBuffer('video/webm; function source_opened() { // <video id="vid"> (video player element) // in HTML near this JavaScript: 14 ␣

  17. recall: UAF triggering code // garbage collector frees unreachable objects vid.src = window.URL.createObjectURL(ms); ms.addEventListener('webkitsourceopen', source_opened); ms = new WebKitMediaSource(); } buffer.timestampOffset = 42; // buffer now internally refers to delete'd player object // (would be run automatically, eventually, too) 14 earlier in semester: exploit in Chrome browser itself vid.parentNode.removeChild(vid); codecs="vorbis,vp8"'); buffer = ms.addSourceBuffer('video/webm; function source_opened() { // <video id="vid"> (video player element) // in HTML near this JavaScript: ␣ gc(); // force garbage collector to run now

  18. recall: UAF triggering code // garbage collector frees unreachable objects vid.src = window.URL.createObjectURL(ms); ms.addEventListener('webkitsourceopen', source_opened); ms = new WebKitMediaSource(); } buffer.timestampOffset = 42; // buffer now internally refers to delete'd player object // (would be run automatically, eventually, too) gc(); // force garbage collector to run now earlier in semester: exploit in Chrome browser itself vid.parentNode.removeChild(vid); codecs="vorbis,vp8"'); buffer = ms.addSourceBuffer('video/webm; function source_opened() { // <video id="vid"> (video player element) // in HTML near this JavaScript: 14 ␣

  19. recall: UAF triggering code // garbage collector frees unreachable objects vid.src = window.URL.createObjectURL(ms); ms.addEventListener('webkitsourceopen', source_opened); ms = new WebKitMediaSource(); } buffer.timestampOffset = 42; // buffer now internally refers to delete'd player object // (would be run automatically, eventually, too) gc(); // force garbage collector to run now earlier in semester: exploit in Chrome browser itself vid.parentNode.removeChild(vid); codecs="vorbis,vp8"'); buffer = ms.addSourceBuffer('video/webm; function source_opened() { // <video id="vid"> (video player element) // in HTML near this JavaScript: 14 ␣

  20. browsers and exploits browsers are in a particularly dangerous position for exploits routinely run untrusted code (JavaScript on websites) huge amounts of code, often written in C/C++ WebKit (part of Chrome, Safari) has millions of lines of code 15

  21. malvertising could trick user into visiting your website or pay for ad — embed your webpage in another! can run whatever script you like 16

  22. modern advertising landscape (1) website ads are often sold in realtime conceptual idea: mini-auction for every ad major concerns about fraud are you really showing my ad? ad operators want to do own tracking get better idea what to show/bid 17

  23. modern advertising landscape (2) website operators typically don’t host ads don’t build own realtime auction infrastructure not trusted to report number of ad views correctly ads often sold indirectly middleman handles bidding/etc. website operators sell to multiple ad operators 18

  24. browsers and exploit mitigations modern browsers employ many of the mitigations we talked about full ASLR write XOR execute (with exceptions for runtime-compiled code) stack canaries 19 also some other mitigations

  25. least privilege why can code running for a webpage install software? never needs to do that concept: let’s run it without those permissions 20

  26. multi-user OSs cr4bd@labunix01:~$ cp myprogram.exe /bin/ls OS tracks “user” of running every program result: malware I installed shouldn’t be able to efgect other users idea 1: reuse this support for web browsers webpage should run as “difgerent user” malware should only afgect web browser? 21 cp: cannot create regular file ‘ /bin/ls ’ : Permission denied programs have limited privileges

  27. permission enforcement struct Process { int user_id; ... }; int handle_open_system_call( char *filename, ...) { Process* currentProcess = GetCurrentProcess(); File* file = GetFileByFilename(filename); if (!file->UserCanAccess(currentProcess->user_id)) { return ERROR_PERMISSION_DENIED; } ... } 22

  28. multi-user OSs cr4bd@labunix01:~$ cp myprogram.exe /bin/ls OS tracks “user” of running every program result: malware I installed shouldn’t be able to efgect other users idea 1: reuse this support for web browsers webpage should run as “difgerent user” malware should only afgect web browser? 23 cp: cannot create regular file ‘ /bin/ls ’ : Permission denied programs have limited privileges

  29. things browsers need what things should browser be able to do? 24

  30. things browsers need save fjles have your webmail password … 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

secmodel_sandbox An application sandbox for NetBSD Stephen Herwig sandboxing Sandboxing:

secmodel_sandbox An application sandbox for NetBSD Stephen Herwig sandboxing Sandboxing:

secmodel_sandbox An application sandbox for NetBSD Stephen Herwig sandboxing Sandboxing: limiting the privileges of a process Two motivations - Running untrusted code in a restricted environment - Dropping privileges in trusted code so as to

1.09k views • 58 slides
Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz

Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz

Crowdsourced Conformance Testing via Remote Sandboxing Joe Gibbs Politz http://www.batchgeo.com Remote Sandboxing? Students' interpreters g r a d e . r k t 1 6 0 0 t i m e s ? Students' interpreters g r a d e

446 views • 15 slides
Practical and Effective Sandboxing for Non-root users Taesoo Kim and Nickolai Zeldovich MIT

Practical and Effective Sandboxing for Non-root users Taesoo Kim and Nickolai Zeldovich MIT

Practical and Effective Sandboxing for Non-root users Taesoo Kim and Nickolai Zeldovich MIT CSAIL Why yet another sandbox for desktop applications? There are many existing sandbox mechanisms Chroot / Lxc (Unix/Linux) Jail (Freebsd)

515 views • 48 slides
Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 /

Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 /

Landlock LSM: toward unprivileged sandboxing Micka el Sala un ANSSI September 14, 2017 1 / 21 Secure user-space software How to harden an application? secure development follow the least privilege principle compartmentalize

789 views • 61 slides
Vx32: Lightweight User-Level Sandboxing on the x86 Bryan Ford and Russ Cox MIT CSAIL Presented

Vx32: Lightweight User-Level Sandboxing on the x86 Bryan Ford and Russ Cox MIT CSAIL Presented

Vx32: Lightweight User-Level Sandboxing on the x86 Bryan Ford and Russ Cox MIT CSAIL Presented by: Ashwin Chaugule 26th Sept 2008 Area Systems security: Application Virtualization USENIX 08 - Best Student Paper Source code:

427 views • 28 slides
Sandboxing &amp; Virtualization: Modern Tools for Combating Malware Anup K. Ghosh, PhD Founder

Sandboxing &amp; Virtualization: Modern Tools for Combating Malware Anup K. Ghosh, PhD Founder

Sandboxing &amp; Virtualization: Modern Tools for Combating Malware Anup K. Ghosh, PhD Founder anup@invincea.com www.invincea.com Research Professor Center for Secure Information Systems George Mason University May 2010 The User IS the

479 views • 20 slides
Border Control: Sandboxing Accelerators L. E. Olson, Jason Power, Mark. D. Hill and David A.Wood

Border Control: Sandboxing Accelerators L. E. Olson, Jason Power, Mark. D. Hill and David A.Wood

Border Control: Sandboxing Accelerators L. E. Olson, Jason Power, Mark. D. Hill and David A.Wood University of Wisconsin-Madison Presented by : Yash Bhalgat, Arun Subramaniyan Key Id Ideas and goals Sharing memory between host and

596 views • 21 slides
Win at Reversing API Tracing and Sandboxing through Inline Hooking Nick Harbour Agenda

Win at Reversing API Tracing and Sandboxing through Inline Hooking Nick Harbour Agenda

Win at Reversing API Tracing and Sandboxing through Inline Hooking Nick Harbour Agenda Reverse Engineering Primer Approaches to Dynamic Analysis Inline Hooks Advantages Over Other Techniques Usages 2 Reverse Engineering

379 views • 19 slides
Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the

Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the

Capsicum Capability-Based Sandboxing David Drysdale Google UK Features Current LXC uses the following kernel features to contain processes: Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor and SELinux profiles

521 views • 30 slides
Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com

Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com

Minijail: Sandboxing software running on Linux kernels Jorge Lucangeli Obes jorgelo@google.com $ ps -eo pid,user,comm 1 root /sbin/init 2 root [kthreadd] ... 1468 message+ dbus-daemon --system --fork 1749 root

725 views • 38 slides
ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides

ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides

ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides Eliopoulos Arjun Guha Shriram Krishnamurthi 1 2 3 third-party ad third-party ad 4 Who is running code in your browser? 5 Who is running

1.26k views • 95 slides
Application-level sandboxing Erik Poll 1 Overview 1. Compartmentalisation 2. Classic OS access

Application-level sandboxing Erik Poll 1 Overview 1. Compartmentalisation 2. Classic OS access

Software Security Application-level sandboxing Erik Poll 1 Overview 1. Compartmentalisation 2. Classic OS access control compartmentalisation between processes Chapter 2 of lecture notes 3. Language-level access control

909 views • 69 slides
Sandboxing Controllers for Stochastic Cyber-Physical Systems Bingzhuo Zhong, Technical University

Sandboxing Controllers for Stochastic Cyber-Physical Systems Bingzhuo Zhong, Technical University

FORMATS 2019 Sandboxing Controllers for Stochastic Cyber-Physical Systems Bingzhuo Zhong, Technical University of Munich, Germany Majid Zamani, CU Boulder, USA &amp; Ludwig Maximilian University of Munich, Germany Marco Caccamo, Technical

924 views • 23 slides
virtual machine (pt 2) / microkernels 1 last time (1) sandboxing fjlter system calls guest

virtual machine (pt 2) / microkernels 1 last time (1) sandboxing fjlter system calls guest

virtual machine (pt 2) / microkernels 1 last time (1) sandboxing fjlter system calls guest OS running in hypervisor on host OS hypervisor tracks virtual machine state does guest OS think its in kernel mode? does guest OS think

947 views • 71 slides
Sandboxing and isolation Deian Stefan Today Lecture objectives: Understand basic principles

Sandboxing and isolation Deian Stefan Today Lecture objectives: Understand basic principles

CSE 127: Computer Security Sandboxing and isolation Deian Stefan Today Lecture objectives: Understand basic principles for building secure systems Understand mechanisms used to build secure systems Principles of secure design

1.1k views • 64 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Synthesis A Lock-Free Multiprocessor OS Kernel Josh Triplett April 19, 2006 Locking a Linked

Synthesis A Lock-Free Multiprocessor OS Kernel Josh Triplett April 19, 2006 Locking a Linked

Locking a Linked List Implementing a Spinlock Atomic Instructions Linked list revisited Synthesis Summary Synthesis A Lock-Free Multiprocessor OS Kernel Josh Triplett April 19, 2006 Locking a Linked List Implementing a Spinlock Atomic

1.66k views • 153 slides
FRICTION-FREE BUG REPORTING SPEND TIME WHERE IT MATTERS GAME DEV BUGS EXPECTED WORKFLOW Crash

FRICTION-FREE BUG REPORTING SPEND TIME WHERE IT MATTERS GAME DEV BUGS EXPECTED WORKFLOW Crash

Raphal Saint-Pierre, Tools Team Leader Ubisoft FRICTION-FREE BUG REPORTING SPEND TIME WHERE IT MATTERS GAME DEV BUGS EXPECTED WORKFLOW Crash Fix Close REAL WORKFLOW Crash Callstack Memdump Screenshot Duplicates ? Send bug to

369 views • 34 slides
Netlify Provider The Netlify provider allows you to provision and deploy netlify sites and manage

Netlify Provider The Netlify provider allows you to provision and deploy netlify sites and manage

Netlify Provider The Netlify provider allows you to provision and deploy netlify sites and manage webhooks. The provider needs to be congured with the proper credentials before it can be used. Use the navigation to the left to read about the

277 views • 5 slides
CS260: Object Oriented Programming Some Vocab - October 20, 2016 Overview Quiz next Thursday...

CS260: Object Oriented Programming Some Vocab - October 20, 2016 Overview Quiz next Thursday...

CS260: Object Oriented Programming Some Vocab - October 20, 2016 Overview Quiz next Thursday... Quiz next Thursday... 1. Java Bytecode a. Portable machine code created by an interpreter b. Can be understood and run by any compatible

395 views • 6 slides
Software Engineering I (02161) Week 5 Assoc. Prof. Hubert Baumeister DTU Compute Technical

Software Engineering I (02161) Week 5 Assoc. Prof. Hubert Baumeister DTU Compute Technical

Software Engineering I (02161) Week 5 Assoc. Prof. Hubert Baumeister DTU Compute Technical University of Denmark Spring 2013 Contents Refactoring Refactoring Example Class Diagrams Summary Refactoring Restructure the program without

530 views • 38 slides
Ahead of the Pack: Developing Middle Management from an Inside Perspective Mary Lecy, Hospital

Ahead of the Pack: Developing Middle Management from an Inside Perspective Mary Lecy, Hospital

4/23/2014 Ahead of the Pack: Developing Middle Management from an Inside Perspective Mary Lecy, Hospital Administrator, BluePearl Veterinary Partners 1 4/23/2014 MANAGER LEADER Motivates and Inspires Plans and budgets

518 views • 14 slides
Learning the Valuations of a k-demand Agent Hanrui Zhang Vincent Conitzer Duke

Learning the Valuations of a k-demand Agent Hanrui Zhang Vincent Conitzer Duke

Learning the Valuations of a k-demand Agent Hanrui Zhang Vincent Conitzer Duke University this talk: optimal (up to lower order terms) algorithm for actively learning the valuations of a k- demand agent algorithm with

574 views • 34 slides
FRAMING CRYPTOS IN CAPITAL MARKETS LEGISLATION THE MICAR PROPOSAL Filippo Annunziata

FRAMING CRYPTOS IN CAPITAL MARKETS LEGISLATION THE MICAR PROPOSAL Filippo Annunziata

FRAMING CRYPTOS IN CAPITAL MARKETS LEGISLATION THE MICAR PROPOSAL Filippo Annunziata CRIPTO-ASSETS: CRYPTO CURRENCIES (more than 2.000 see Advice Esma, 9.1.2019) TOKENS (ICOs) 2 3 PAYMENT TOKENS: outside capital markets

357 views • 10 slides

More recommend