software security continued
play

Software Security Continued + Cryptography Intro Autumn 2018 - PowerPoint PPT Presentation

Nov 17, 2022 •223 likes •445 views

CSE 484 / CSE M 584: Computer Security and Privacy Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,

  1. CSE 484 / CSE M 584: Computer Security and Privacy Software Security Continued + Cryptography Intro Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell, Franziska Roesner, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Admin • Lab 1: – Checkpoint Friday – Come to quiz section this week! 10/10/2018 CSE 484 / CSE M 584 2

  3. Password Checker • Functional requirements – PwdCheck(RealPwd, CandidatePwd) should: • Return TRUE if RealPwd matches CandidatePwd • Return FALSE otherwise – RealPwd and CandidatePwd are both 8 characters long • Implementation (like TENEX system) PwdCheck(RealPwd, CandidatePwd) // both 8 chars for i = 1 to 8 do if (RealPwd[i] != CandidatePwd[i]) then return FALSE return TRUE • Clearly meets functional description 10/10/2018 CSE 484 / CSE M 584 3

  4. Attacker Model PwdCheck(RealPwd, CandidatePwd) // both 8 chars for i = 1 to 8 do if (RealPwd[i] != CandidatePwd[i]) then return FALSE return TRUE • Attacker can guess CandidatePwds through some standard interface • Naive: Try all 256 8 = 18,446,744,073,709,551,616 possibilities • Better: Time how long it takes to reject a CandidatePasswd. Then try all possibilities for first character, then second, then third, .... – Total tries: 256*8 = 2048 10/10/2018 CSE 484 / CSE M 584 4

  5. Timing Attacks • Assume there are no “typical” bugs in the software – No buffer overflow bugs – No format string vulnerabilities – Good choice of randomness – Good design • The software may still be vulnerable to timing attacks – Software exhibits input-dependent timings • Complex and hard to fully protect against 10/10/2018 CSE 484 / CSE M 584 5

  6. Other Examples • Plenty of other examples of timings attacks – AES cache misses • AES is the “Advanced Encryption Standard” • It is used in SSH, SSL, IPsec, PGP, ... – RSA exponentiation time • RSA is a famous public-key encryption scheme • It’s also used in many cryptographic protocols and products – Recently: Spectre and Meltdown 10/10/2018 CSE 484 / CSE M 584 6

  7. Software Security: So what do we do? 10/10/2018 CSE 484 / CSE M 584 7

  8. Fuzz Testing • Generate “random” inputs to program – Sometimes conforming to input structures (file formats, etc.) • See if program crashes – If crashes, found a bug – Bug may be exploitable • Surprisingly effective • Now standard part of development lifecycle 10/10/2018 CSE 484 / CSE M 584 8

  9. General Principles • Check inputs 10/10/2018 CSE 484 / CSE M 584 9

  10. General Principles • Check inputs • Check all return values • Least privilege • Securely clear memory (passwords, keys, etc.) • Failsafe defaults • Defense in depth – Also: prevent, detect, respond • NOT: security through obscurity 10/10/2018 CSE 484 / CSE M 584 11

  11. General Principles • Reduce size of trusted computing base (TCB) • Simplicity, modularity – But: Be careful at interface boundaries! • Minimize attack surface • Use vetted component • Security by design – But: tension between security and other goals • Open design? Open source? Closed source? – Different perspectives 10/10/2018 CSE 484 / CSE M 584 12

  12. Vulnerability Analysis and Disclosure • What do you do if you’ve found a security problem in a real system? E.g., – A commercial website? – UW grade database? – Boeing 787? – TSA procedures? 10/10/2018 CSE 484 / CSE M 584 17

  13. Vulnerability Analysis and Disclosure • Suppose companies A, B, and C all have a vulnerability, but have not made the existence of that vulnerability public – Company A has a software update prepared and ready to go that, once shipped, will fix the vulnerability; but B and C are still working on developing a patch for the vulnerability – Company A learns that attackers are exploiting this vulnerability in the wild – Should Company A release their patch, even if doing so means that the vulnerability now becomes public and other actors can start exploiting Companies B and C? – Should Company A wait until Companies B and C have patches? 10/10/2018 CSE 484 / CSE M 584 18

  14. CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Intro] Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.Washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli, John Mitchell, Franziska Roesner, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  15. Cryptography and Security • Art and science of protecting our information . – Keeping it confidential , if we want privacy. – Protecting its integrity , if we want to avoid forgeries. Images from Wikipedia and Barnes & Noble 10/10/2018 CSE 484 / CSE M 584 20

  16. Some Thoughts About Cryptography • Cryptography only one small piece of a larger system • Must protect entire system – Physical security – Operating system security – Network security – Users – Cryptography (following slides) • Recall the weakest link • Famous quote: “Those who think that cryptography can solve their problems don’t understand cryptography and don’t understand their problems. ” 10/10/2018 CSE 484 / CSE M 584 21

  17. Improved Security, Increased Risk • RFIDs in car keys: – RFIDs in car keys make it harder to hotwire a car – Result: Car jackings increased 10/10/2018 CSE 484 / CSE M 584 22

  18. Improved Security, Increased Risk • RFIDs in car keys: – RFIDs in car keys make it harder to hotwire a car – Result: Car jackings increased 10/10/2018 CSE 484 / CSE M 584 23

  19. XKCD: http://xkcd.com/538/ 10/10/2018 CSE 484 / CSE M 584 24

  20. Kerckhoff’s Principle • Security of a cryptographic object should depend only on the secrecy of the secret (private) key. • Security should not depend on the secrecy of the algorithm itself. 10/10/2018 CSE 484 / CSE M 584 25

  21. Ingredient: Randomness • Many applications (especially security ones) require randomness • Explicit uses: – Generate secret cryptographic keys – Generate random initialization vectors for encryption • Other “non - obvious” uses: – Generate passwords for new users – Shuffle the order of votes (in an electronic voting machine) – Shuffle cards (for an online gambling site) 10/10/2018 CSE 484 / CSE M 584 26

  22. C’s rand() Function • C has a built-in random function: rand() unsigned long int next = 1; /* rand: return pseudo-random integer on 0..32767 */ int rand(void) { next = next * 1103515245 + 12345; return (unsigned int)(next/65536) % 32768; } /* srand: set seed for rand() */ void srand(unsigned int seed) { next = seed; } • Problem: don’t use rand() for security-critical applications! – Given a few sample outputs, you can predict subsequent ones 10/10/2018 CSE 484 / CSE M 584 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,

577 views • 43 slides
Web Security: Basic Web Security Model [continued] Spring

Web Security: Basic Web Security Model [continued] Spring

CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Basic Web Security Model [continued] Spring 2015 Franziska (Franzi) Roesner

510 views • 18 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued

Introduction Operating System Security, Designing trusted operating systems Continued Encapsulated environments CS 239 Security for Networks and System Software May 22, 2002 Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Spring

389 views • 15 slides
Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 10 Page 1 CS 236 Online Firewall Configuration and Administration Again, the firewall is the point of attack for intruders

375 views • 16 slides
CISC 323 Intro to Software Engineering Week 8: Software Architecture (Continued) CISC 323

CISC 323 Intro to Software Engineering Week 8: Software Architecture (Continued) CISC 323

CISC 323 Intro to Software Engineering Week 8: Software Architecture (Continued) CISC 323 Intro to Software Engineering Lecture 8-1 Data-Centered and Interpreter Architectural Styles Architectural Style Examples [Shaw&Garlan]

1.33k views • 83 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 27, 2006 Lecture 12 Lecture 12 Page 1 Page 2

329 views • 9 slides
Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure

Outline Operating System Security, Buffer overflows Continued Designing secure operating systems CS 239 Assuring OS security Computer Security Logging and auditing February 23, 2005 Lecture 11 Lecture 11 Page 1 Page 2

553 views • 8 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow

Last time We continued By launching our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities Buffer overflow fundamentals This time We will finish up By looking at Buffer Overflow overflows

1.33k views • 103 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security

All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security

All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security Response Center The opinions expressed are my own and do not necessarily reflect those of Microsoft Corporation. Whoami: Nate Warfield (@dk_effect)

506 views • 24 slides
HTTP Server HTTP Server Servers: Concurrency and Creates a socket ( socket ) Bind s

HTTP Server HTTP Server Servers: Concurrency and Creates a socket ( socket ) Bind s

HTTP Server HTTP Server Servers: Concurrency and Creates a socket ( socket ) Bind s to an address Performance Listen s to setup accept backlog Can call accept to block waiting for connections (Can call select to check for

358 views • 9 slides
Isolation and side-channels Deian Stefan Some slides adopted from Nadia Heninger,John Mitchell,

Isolation and side-channels Deian Stefan Some slides adopted from Nadia Heninger,John Mitchell,

CSE 127: Computer Security Isolation and side-channels Deian Stefan Some slides adopted from Nadia Heninger,John Mitchell, Dan Boneh, and Stefan Savage Today Lecture objectives: Understand basic principles for building secure systems

968 views • 78 slides
CS 525M Mobile and Ubiquitous Computing Seminar Characterizing User Behavior and Network

CS 525M Mobile and Ubiquitous Computing Seminar Characterizing User Behavior and Network

CS 525M Mobile and Ubiquitous Computing Seminar Characterizing User Behavior and Network Performance in a Public Wireless LAN Balachandran, Voelker, Bahl, Rangan Presented by Mike Scaviola ! Lamp Time Expired Outline Introduction

350 views • 19 slides
Looking Backwards The Coming Decade of BSD George Neville-Neil Welcome to EuroBSD 2026!

Looking Backwards The Coming Decade of BSD George Neville-Neil Welcome to EuroBSD 2026!

Looking Backwards The Coming Decade of BSD George Neville-Neil Welcome to EuroBSD 2026! FreeBSD 15 Dropped support for sparc64 and PC98 NetBSD 11.0 Dropped VAX, Amiga, and Atari ST Support OpenBSD 9.0 First implementation

706 views • 39 slides
IPv6 ND On-/Off-link Determination IETF 70, Vancouver 6man Working Group Hemant Singh

IPv6 ND On-/Off-link Determination IETF 70, Vancouver 6man Working Group Hemant Singh

IPv6 ND On-/Off-link Determination IETF 70, Vancouver 6man Working Group Hemant Singh (shemant@cisco.com) Wes Beebee (wbeebee@cisco.com) Agenda Why is off-link mode important? Why bother? On-link and Off-link determination issues

122 views • 10 slides
ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 4 TCP/UDP Purpose of the Transport Layer Provides an end to end connectivity to applications application application 4

647 views • 26 slides
1 I nt ernet apps: t heir prot ocols and t ransport prot ocols Application Underlying

1 I nt ernet apps: t heir prot ocols and t ransport prot ocols Application Underlying

Applicat ions and applicat ion-layer prot ocols Applicat ion: communicat ing, applicat ion t r anspor t dist ribut ed processes net work dat a link running in net work host s in physical user space exchange messages t o

758 views • 16 slides

More recommend