secure systems engineering
play

SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> - PowerPoint PPT Presentation

May 27, 2023 •329 likes •971 views

SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPING The covert channel traces are online You get always 5 traces from the unmodified app 5 traces from Other student submissions My own implementation

  1. SECURE SYSTEMS ENGINEERING ERIK TEWS <E.TEWS@UTWENTEL.NL>

  2. HOUSEKEEPING ▪ The covert channel traces are online ▪ You get always ▪ 5 traces from the unmodified app ▪ 5 traces from ▪ Other student submissions ▪ My own implementation Systems Security – Secure Systems Engineering 2 11.06.2018

  3. NEXT WEEK ▪ Feel free to submit questions ▪ When you missed a lab session, you can catch up with it next week right after the lecture in Twente Systems Security – Secure Systems Engineering 3 11.06.2018

  4. SECURE SYSTEMS ENGINEERING HOW TO BUILD SECURE SYSTEMS ▪ Choose a good architecture ▪ Use methods from secure programming ▪ Run everything with the least privilege possible ▪ Have permanent monitoring and updates Systems Security – Secure Systems Engineering 4 11.06.2018

  5. A GOOD ARCHITECTURE? Your application Systems Security – Secure Systems Engineering 5 11.06.2018

  6. TYPICAL DESIGN FOR A WEB APPLICATION Web server Application Database Systems Security – Secure Systems Engineering 6 11.06.2018

  7. TYPICAL DESIGN FOR A WEB APPLICATION User accounts Web server Application Database Systems Security – Secure Systems Engineering 7 11.06.2018

  8. USING MICROSITES/MICROSERVICES Common Database services Application Web server Database Web server Application Database Application Web server Database Systems Security – Secure Systems Engineering 8 11.06.2018

  9. DIFFERENT SECURITY ZONES Sensors and Robot Web frontend validation control Systems Security – Secure Systems Engineering 9 11.06.2018

  10. SUMMARY FOR SECURITY FRIENDLY ARCHITECTURES ▪ Split your application into individual modules/layers ▪ Put either very insecure or highly privileged stuff into modules ▪ Have a clear separation between them ▪ Have a clear way of communication between them Systems Security – Secure Systems Engineering 10 11.06.2018

  11. LEAST PRIVILEGE ▪ For each of the modules try to drop privileges ▪ Do we need to write files? ▪ Do we need write access to the database? ▪ Should we be able to see all fields in a table? Systems Security – Secure Systems Engineering 11 11.06.2018

  12. DROPPING PRIVILEGES ON WEB APPLICATIONS ▪ By default, a web application can ▪ Load all kinds of resources from everywhere ▪ Use inline JavaScript ▪ Send form data everywhere ▪ Load content from insecure sources ▪ Read all cookies for this specific host

  13. USING A CONTENT SECURITY POLICY Systems Security – Secure Systems Engineering 13 11.06.2018

  14. EXAMPLES ▪ Content-Security-Policy: default-src 'self ‘ ▪ Content-Security-Policy: default-src 'self' *.trusted.com ▪ Content-Security-Policy: default-src 'self'; img-src *; media-src media1.com media2.com; script-src userscripts.example.com ▪ Delivered in an HTTP header Systems Security – Secure Systems Engineering 14 11.06.2018

  15. ASSIGNMENT CSP ▪ There is a (poorly written) python app that allows you to search for US presidents ▪ Add a CSP for the app Systems Security – Secure Systems Engineering 15 11.06.2018

  16. ISOLATION ▪ Limiting the attack surface can be helpful ▪ An application running on Linux has acces to the entire system ▪ Entire filesystem ▪ Bind to all network interfaces ▪ See all processes ▪ We would like to limit that Systems Security – Secure Systems Engineering 16 11.06.2018

  17. ISOLATION FEATURES ON LINUX ▪ Namespaces ▪ Network ▪ IPC ▪ Mount (filesystem) ▪ Process ID ▪ UTS (Hostname) ▪ Control group Systems Security – Secure Systems Engineering 17 11.06.2018

  18. AN EXAMPLE ▪ Try to run unshare Systems Security – Secure Systems Engineering 18 11.06.2018

  19. DOCKER ▪ Uses namespaces (as well as some other technologies) ▪ Creates isolated containers on Linux ▪ For processes running inside a container, it looks like a standalone Linux system ▪ In fact, they share a common kernel ▪ Pro ▪ Very efficient ▪ Con ▪ A kernel bug will compromise all containers Systems Security – Secure Systems Engineering 19 11.06.2018

  20. A DEFAULT LINUX SYSTEM Kernel Application 1 Application 2 Application 3 Systems Security – Secure Systems Engineering 20 11.06.2018

  21. LINUX WITH DOCKER Kernel Web container Database container Application 1 Application 2 Application 3 Systems Security – Secure Systems Engineering 21 11.06.2018

  22. LINUX WITH XEN Xen Hypervisor Kernel Dom0 Kernel DomU Kernel DomU Management tools Application 1 App 2 App 3 Systems Security – Secure Systems Engineering 22 11.06.2018

  23. LINUX WITH KVM Kernel Kernel Guest Kernel Guest Application 1 Application 2 App 3 App 4 Systems Security – Secure Systems Engineering 23 11.06.2018

  24. LINUX WITH XEN AND KVM ▪ Pro ▪ A kernel bug will (hopefully) only compromise the specific VM ▪ Running different kernels is possible ▪ Some things are hard to put into containers ▪ Cons ▪ In general, this needs way more ressources Systems Security – Secure Systems Engineering 24 11.06.2018

  25. DROPPING PRIVILEDGES ON LINUX ▪ We would still like to run apps with the least priviledge possible ▪ Reduces impact on everything in the same container/system when a single app is compromised ▪ May also reduce the attack surface against the currently running Linux kernel Systems Security – Secure Systems Engineering 25 11.06.2018

  26. Prepare to react ct In Intern rnet 1 The text on this slide will instruct your audience on how to post. This 2 text will only appear once you start a free or a credit session. Please note that the text and appearance of this slide (font, size, TXT 1 color, etc.) cannot be changed. 2 Posting messages is anonymous 14.05.2018

  27. How can we drop priviledges on Linux? 1. Your 2. Your 3. Your audience's audience's audience's responses will responses will responses will appear here. appear here. appear here. Please feel free Please feel free Please feel free to change the to change the to change the font, color etc. font, color etc. font, color etc. This text This text This text disappears after disappears after disappears after starting your starting your starting your session and session and session and slideshow. slideshow. slideshow. Internet This text box will be used to describe the different message sending methods. # Messages: 0 TXT TXT The applicable explanations will be inserted after you have started a session.

  28. BREAK ▪ When you like to, get a Linux vm up and running ▪ Download the seccomp-examples.zip from canvas

  29. SYSCALLS ▪ Interface for applications to request services by the operating systems ▪ Opening files (open) ▪ Writing to files (write) ▪ Reading from files (read) ▪ Establish network connections (socket/connect) ▪ Attach a debugger (ptrace) ▪ Allocate memory (brk) ▪ Operating system specific

  30. CODE EXAMPLE #include <stdio.h> #include <stdlib.h> int main ( int argc , char ** argv ) { FILE * f = fopen ( "logs/myapp.log" , "w+" ); if ( f == NULL) { fprintf ( stderr , "Cannot open the logfile\n" ); return 1 ; } fprintf ( f , "App started!\n" ); return 0 ; } Systems Security – Secure Systems Engineering 30 11.06.2018

  31. WORKING WITH SYSCALLS ON LINUX ▪ Usually not used directly (libc wrapper) ▪ Arguments depend on the individual call ▪ Often an integer to specify ▪ Length ▪ Flag/Enum ▪ Resource/File handle ▪ Or a pointer to the program memory ▪ Data structure/buffer to be used by the syscall ▪ Memory to transfer results to ▪ Can be shown using strace <program> Systems Security – Secure Systems Engineering 31 11.06.2018

  32. RESULTS FOR THE EXAMPLE open("logs/myapp.log", O_RDWR|O_CREAT|O_TRUNC, 0666) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 write(3, "App started!\n", 13) = 13 Systems Security – Secure Systems Engineering 32 11.06.2018

  33. ARGUMENTS File handle open("logs/myapp.log", O_RDWR|O_CREAT|O_TRUNC, 0666) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 write(3, "App started!\n", 13) = 13 Buffer length Buffer content to write Systems Security – Secure Systems Engineering 33 11.06.2018

  34. SYSCALLS EXAMPLE (FOR PRINTF/WRITE) Application Call fprintf (…) Standard C library write syscall Copy from trap into userspace Userspace kernel space Kernelspace Syscall handler write handler Device driver

  35. SYSCALLS ON LINUX ▪ Linux provides 300+ syscalls ▪ Probably no application that needs all of them ▪ They can be used by adversaries who exploit a weakness in your code ▪ socket/connect to establish network connections ▪ openat/getdents/open/read to read local files ▪ execve to launch another program ▪ Seccomp helps you to prevent that Systems Security – Secure Systems Engineering 35 11.06.2018

  36. SECCOMP HIGH LEVEL OVERVIEW ▪ Application compiles a filter for syscalls ▪ List of allowed syscalls ▪ Optionally with restrictions in the arguments ▪ Action to be executed for forbidden syscalls ▪ Usually terminate the application immediately ▪ Alternatively a debugger can be attached ▪ The filter is transferred to the kernel space ▪ Every syscall is checked before it is executed ▪ Filters cannot be removed Systems Security – Secure Systems Engineering 36 11.06.2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems Computer systems can be considered a closed box. Informa8on in the box is safe as long as nothing enters or leaves the box. Systems S8ll

206 views • 16 slides
What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recent Security Incidents Garmin Ransomware -- $10 million Sync servers down for many days

506 views • 21 slides
CS6570: Secure Systems Engineering Course Instructor : Chester Rebeiro, Assistant Professor,

CS6570: Secure Systems Engineering Course Instructor : Chester Rebeiro, Assistant Professor,

CS6570: Secure Systems Engineering Course Instructor : Chester Rebeiro, Assistant Professor, IIT Madras E Slot Lectures: Tuesdays 11:00 to 12:00; Wednesdays 10:00 to 10:50; Thursdays 8:00 to 8:50 Tutorials: Fridays 16:50 to 17:40

487 views • 3 slides
Collaboration, Interoperability, and Secure Systems Mr. Richard Lee ADUSD (Information

Collaboration, Interoperability, and Secure Systems Mr. Richard Lee ADUSD (Information

Collaboration, Interoperability, and Secure Systems Mr. Richard Lee ADUSD (Information Integration &amp; Operations) ODUSD (Advanced Systems &amp; Concepts Defense Research &amp; Engineering 703-695-7938 Richard.lee@osd.mil May 21, 2008

484 views • 9 slides
Course Overview Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

Course Overview Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

Course Overview Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering Secure Software Benjamin S. Meyers 1 In-Person Procedures When you enter/leave the classroom: Grab a towel and wipe down your work station

299 views • 10 slides
Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering

Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering

Usability Engineering Secure Software Last Revised: October 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Quote: Taher El-Gamal, Inventor of SSL Security professionals always struggle with the general public because

753 views • 30 slides
Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Flaws that

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Flaws that

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Flaws that would allow an attacker access the OS flaw Bugs in the OS The Human factor Chester Rebeiro, IITM 2 Program Bugs that can be exploited Buffer

844 views • 38 slides
Engineering with UML: The Last Decade and Towards the Future Jan Jrjens http://jan.jurjens.de

Engineering with UML: The Last Decade and Towards the Future Jan Jrjens http://jan.jurjens.de

Model-based Security Engineering with UML: The Last Decade and Towards the Future Jan Jrjens http://jan.jurjens.de Secure IT-Systems Today IT-systems pervade almost all aspects of human life. At the same time, IT-systems become more open

496 views • 28 slides
Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recap Symmetric keys Benefit: fastest, mathematically the strongest Drawback:

425 views • 23 slides
Complete characterization of perfectly secure stego-systems with mutually independent embedding

Complete characterization of perfectly secure stego-systems with mutually independent embedding

Complete characterization of perfectly secure stego-systems with mutually independent embedding operation Tom Filler and Jessica Fridrich Dept. of Electrical and Computer Engineering SUNY Binghamton, New York IEEE ICASSP 2009, Taipei,

396 views • 21 slides
Secure Data Management: Foundations, Systems and Applications My Journey 1985-Present Dr.

Secure Data Management: Foundations, Systems and Applications My Journey 1985-Present Dr.

Erik Jonsson School of Engineering and Computer Science Distinguished Lecture Series 2017-2018 Secure Data Management: Foundations, Systems and Applications My Journey 1985-Present Dr. Bhavani Thuraisingham The University of Texas at Dallas

552 views • 40 slides
Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering

Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering

Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Lottery Story At a lottery agency, a manager was able to turn losing tickets into winners He would buy

309 views • 19 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is XSS? XSS: Cross Site Scripting Injecting malicious scripts into a web page CWE-79

772 views • 12 slides
Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Last Time... Always code defensively Validating input Principles

476 views • 19 slides
Deployment &amp; Distribution Engineering Secure Software Last Revised: November 6, 2020

Deployment &amp; Distribution Engineering Secure Software Last Revised: November 6, 2020

Deployment &amp; Distribution Engineering Secure Software Last Revised: November 6, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 SE Doesnt End at Release Deployment counts too Despite our best efforts to produce

487 views • 20 slides
in the Interaction Room Dr. Matthias Book Professor for Software Engineering Software

in the Interaction Room Dr. Matthias Book Professor for Software Engineering Software

HPC Systems Engineering in the Interaction Room Dr. Matthias Book Professor for Software Engineering Software Engineering Challenges Need to ensure we are building the right software, and we are building it right But many sources of

239 views • 20 slides
Systems Programming &amp; Engineering Spring 2018 Introduction Tyler Bletsch Duke University

Systems Programming &amp; Engineering Spring 2018 Introduction Tyler Bletsch Duke University

ECE 650 Systems Programming &amp; Engineering Spring 2018 Introduction Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Welcome! Welcome to ECE 650: Systems Programming &amp; Engineering Instructor Prof.

410 views • 15 slides
Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split

Embedded Systems Engineering VO + LU Overview The module Embedded Systems Engineering is split in 2 parts: Lectures: ESE VO (182.721) ECTS: 3.0 Web: http://ti.tuwien.ac.at/rts/teaching/courses/esevo Staff: Prof. Radu Grosu,

859 views • 7 slides
Milwaukee Rental Housing Resource Center A Groundbreaking Approach to Address Rental Housing

Milwaukee Rental Housing Resource Center A Groundbreaking Approach to Address Rental Housing

Milwaukee Rental Housing Resource Center A Groundbreaking Approach to Address Rental Housing Instability in Milwaukee November 16, 2020, 12-1:30 p.m. WebinarLogistics Kindly stay muted, use Speaker View For the length of the presentation

272 views • 16 slides
Consortium Update Consortium Update Jason M. Coposky June 5-7, 2018 @jason_coposky iRODS User

Consortium Update Consortium Update Jason M. Coposky June 5-7, 2018 @jason_coposky iRODS User

Consortium Update Consortium Update Jason M. Coposky June 5-7, 2018 @jason_coposky iRODS User Group Meeting 2018 Executive Director, iRODS Consortium Durham, NC The iRODS Consortium Our Mission Write Good Software Grow the Community Show

212 views • 8 slides
DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline

DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline

DSC 102 Systems for Scalable Analytics Arun Kumar Topic 6: Deep Learning Systems 1 Outline Rise of Deep Learning Methods Deep Learning Systems: Specification Deep Learning Systems: Execution Future of Deep Learning Systems

561 views • 25 slides
Transducer FSMs in System Design In this lecture we go through examples of transducer FSMs in

Transducer FSMs in System Design In this lecture we go through examples of transducer FSMs in

Transducer FSMs in System Design In this lecture we go through examples of transducer FSMs in the specification of larger systems. In the process we will discuss system design lifecycles and the role of specification at different lifecycle

417 views • 25 slides
The Specification of POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa Gardner

The Specification of POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa Gardner

The Specification of POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa Gardner Imperial College London gian.ntzik08@imperial.ac.uk pedro.da-rocha-pinto09@imperial.ac.uk p.gardner@imperial.ac.uk INVEST 2017 1/13 Logics for

461 views • 14 slides

More recommend