cs 161: computer securitycs161/sp18/slides/1.16...late project: -10% if < 24 hrs, -20% < 48...
TRANSCRIPT
![Page 1: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/1.jpg)
CS 161: Computer Security
http://inst.eecs.berkeley.edu/~cs161/
January 16, 2017
Prof. Raluca Ada Popa
ROOM
FIRE
CODE
![Page 2: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/2.jpg)
And a team of a talented TAs
Head TAs:
Keyhan and
Won
![Page 3: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/3.jpg)
and talented readers
Jianan Lu
Kijung Kim
Katharine Jiang
Kate Xu
Denis Li
Audrey Ku
Kevin Ma
David Niu
Billy Zhao
Anusha Syed
Riku Miyao
![Page 4: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/4.jpg)
What is Computer Security?
Detects or prevents unwanted use of computer systems or data
![Page 5: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/5.jpg)
Why security?
![Page 6: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/6.jpg)
![Page 7: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/7.jpg)
Why should you care?
-to-day life Millions of compromised computers, millions of stolen passwords, stolen money
![Page 8: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/8.jpg)
It is important for our
physical safety and safety of our possessions
confidentiality of data/ privacy
functionality
![Page 9: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/9.jpg)
Safety
Adversaries can affect our safety by
tampering with pacemakers, planes, cars
![Page 10: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/10.jpg)
Privacy/confidentiality
Adversaries get access to medical, financial,
personal user data, or sensitive corporate data
Pretty much any major company collecting user data
has been hacked
140 million records breached
(containing SSN, names, credit cards)
![Page 11: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/11.jpg)
Computer Science 161 Fall 2016 Popa and Weaver
Can aff s economy
X
![Page 12: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/12.jpg)
![Page 13: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/13.jpg)
Learn About Security
Make a Difference
![Page 14: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/14.jpg)
Computer security is not only
important but it is
FUN!
- You are playing a game: can you stop the attacker?
- Beautiful blend of analytical thinking (math) and
engineering (build systems)
![Page 15: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/15.jpg)
Computer security is varied
Cryptography
Network security
Operating systems security
Web security
Database security
Distributed systems security
Machine learning and security
Security usability
It has room for many skills Big challenge:
many of you
the expertise in
those areas
Provides a
glimpse of these
disciplines
Tell us what
concepts you
need more
background in
![Page 16: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/16.jpg)
Logistics
![Page 17: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/17.jpg)
Course Structure
Absorb material presented in lectures and section
Lecture will be webcasted
3 course projects (24% total)
Done individually or in small groups
~4 homeworks (16% total)
Done individually
Two midterms (30%)
A comprehensive final exam (30%)
![Page 18: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/18.jpg)
Textbooks
No required textbook. If you want extra reading:
Optional: Introduction to Computer Security, Goodrich & Tamassia
Optional: The Craft of System Security, Smith & Marchesini
![Page 19: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/19.jpg)
Class Policies
Late homework: no credit
Late project: -10% if < 24 hrs, -20% < 48 hrs,
-40% < 72 hrs, no credit hrs
Never read or share solutions, code, etc. with
someone else, nor read past materials: work on
your own (unless assignment states otherwise).
If lecture materials available prior to lecture,
use to answer questions during class
Participate in Piazza Send course-related questions/comments, or ask in office hours. No scale.
![Page 20: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/20.jpg)
Ethics
We will be looking for plagiarism, both
manually and using advanced software;
we can identify copy even if not exact,
including from old material or
submissions
We will apply severe penalties including
reporting to Student Conduct office
![Page 21: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/21.jpg)
THREAT MODELS
![Page 22: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/22.jpg)
Threat models
Cannot protect against all possible attackers
High-level goal is risk management Much of the effort concerns raising the bar and trading off resources
How to prudently spend your time & money?
Key notion of threat model: what you are defending against
Determines which defenses are worthwhile
![Page 23: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/23.jpg)
Threats have evolved
l Spam, pharmaceuticals, credit card theft, identity theft
![Page 24: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/24.jpg)
Threats have evolved
Attackers have become more sophisticated; arms race between attackers and defenders fuels rapid innovation in malware
but not all security is an arms race, there are definite solutions to certain settings
Many attacks aim for profit and are facilitated by a well-
![Page 25: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/25.jpg)
Threats have evolved
l Spam, pharmaceuticals, credit card theft, click fraud
Government actors: Stuxnet, Flame, Aurora, Sony
Private activism: Anonymous, Wikileaks
![Page 26: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/26.jpg)
![Page 27: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/27.jpg)
![Page 28: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/28.jpg)
![Page 29: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/29.jpg)
![Page 30: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/30.jpg)
Lesson
To protect computer systems, you must know your enemy
defenses that are good enough to stop the
![Page 31: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/31.jpg)
2 CLASSICAL EXPLOITS
![Page 32: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/32.jpg)
Epic Hack: Internet worm
The first Internet worm, Morris worm
A grad student experimented (in the lab) with self-spreading malware
It got out.
![Page 33: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/33.jpg)
Epic Hack: Internet worm
The first Internet worm
A grad student experimented (in the lab) with self-spreading malware
It got out
And took down the Internet
![Page 34: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/34.jpg)
Epic Hack: Internet worm
The first Internet worm
A grad student experimented (in the lab) with self-spreading malware
It got out.
And took down the Internet.
There is a lesson here.
![Page 35: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/35.jpg)
Epic Hack: Sarah Palin
Guy wants to mess with
Tries logging into her Yahoo Mail
![Page 36: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/36.jpg)
Epic Hack: Sarah Palin
![Page 37: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/37.jpg)
Epic Hack: Sarah Palin
![Page 38: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/38.jpg)
Epic Hack: Sarah Palin
![Page 39: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/39.jpg)
Epic Hack: Sarah Palin
![Page 40: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/40.jpg)
Epic Hack: Sarah Palin
![Page 41: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/41.jpg)
Epic Hack: Sarah Palin
![Page 42: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/42.jpg)
Epic Hack: Sarah Palin
Sentenced to 1 year
in federal prison
Lesson: your system is only
as secure as the weakest
link.
![Page 43: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/43.jpg)
Epic Hack: Sarah Palin
Aftermath: in 2012, someone hacks Mitt
![Page 44: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/44.jpg)
Epic Hack: Sarah Palin
Aftermath: in 2012, someone hacks Mitt
Lesson: old attacks remain relevant
![Page 45: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/45.jpg)
Memory safety
![Page 46: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/46.jpg)
![Page 47: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/47.jpg)
![Page 48: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/48.jpg)
![Page 49: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/49.jpg)
#293 HRE-THR 850 1930
ALICE SMITH
COACH
SPECIAL INSTRUX: NONE
![Page 50: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/50.jpg)
![Page 51: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/51.jpg)
#293 HRE-THR 850 1930
ALICE SMITHHHHHHHHHHH
HHACH
SPECIAL INSTRUX: NONE
How could Alice exploit this?
Find a partner and talk it through.
![Page 52: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/52.jpg)
![Page 53: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/53.jpg)
#293 HRE-THR 850 1930
ALICE SMITH
FIRST
SPECIAL INSTRUX: NONE
![Page 54: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/54.jpg)
#293 HRE-THR 850 1930
ALICE SMITH
FIRST
SPECIAL INSTRUX: GIVE
PAX EXTRA CHAMPAGNE.
![Page 55: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/55.jpg)
char name[20]; void vulnerable() { ... gets(name); ... }
![Page 56: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/56.jpg)
char name[20]; char instrux[80] = "none"; void vulnerable() { ... gets(name); ... }
![Page 57: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/57.jpg)
char name[20]; char instrux[80] = "none"; void vulnerable() { ... gets(name); ... }
Memory unsafe code
Reading data in name past 20 characters starts overlapping
instrux because name and instrux are stored next to each
other in memory
![Page 58: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/58.jpg)
char line[512]; char command[] = "/usr/bin/finger"; void main() { ... gets(line); ... execv(command, ...); }
![Page 59: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/59.jpg)
char name[20]; int (*fnptr)(); void vulnerable() { ... gets(name); ... }
![Page 60: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/60.jpg)
char name[20]; int seatinfirstclass = 0; void vulnerable() { ... gets(name); ... }
![Page 61: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/61.jpg)
char name[20]; int authenticated = 0; void vulnerable() { ... gets(name); ... }
![Page 62: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/62.jpg)
Linux (32-bit) process memory layout
Reserved for Kernel
user stack
shared libraries
run time heap
static data segment
text segment
(program)
unused
-0xC0000000
-0x40000000
-0x08048000
$esp
brk
Loaded from exec
-0x00000000
-0xFFFFFFFF
![Page 63: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/63.jpg)
Stack Frame
user stack
shared
libraries
run time heap
static data
segment
text segment
(program)
unused
-0xC0000000
-0x40000000
-0x08048000
-0x00000000
arguments
return address
stack frame pointer
exception handlers
local variables
callee saved registers
To previous stack frame pointer
To the point at which this function was called
Frame
corresponding
to function
invocation
![Page 64: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/64.jpg)
Code Injection
![Page 65: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/65.jpg)
main() { f(); }
f() { int x; g(); }
g() { char buf[80]; gets(buf); }
0xFFFF0000
ret
main()
ret x
f()
ret buf
g()
Stack (return addresses and local variables)
![Page 66: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/66.jpg)
main() { f(); }
f() { int x; g(); }
0xFFFF0000
ret
main()
ret x
f()
ret buf
g()
g() { char buf[80]; gets(buf); }
Stack (return addresses and local variables)
![Page 67: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/67.jpg)
Basic Stack Exploit
Overwriting the return address allows an attacker to redirect the flow of program control.
Instead of crashing, this can allow arbitrary code to be executed.
Example: attacker chooses malicious shellcode ),
compiles to bytes, includes this in the input to the program so it will get stored in memory somewhere, then overwrites return address to point to it.
![Page 68: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/68.jpg)
![Page 69: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/69.jpg)
void vulnerable() { char buf[64]; ... gets(buf); ... }
![Page 70: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/70.jpg)
void safe() { char buf[64]; ... fgets(buf, 64, stdin); ... }
![Page 71: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/71.jpg)
void safer() { char buf[64]; ... fgets(buf, sizeof buf, stdin); ... }
![Page 72: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/72.jpg)
void vulnerable(int len, char *data) { char buf[64]; if (len > 64) return; memcpy(buf, data, len); }
memcpy(void *dst, const void *src, size_t n);
Attack: attacker supplies negative len, which becomes large
value when cast to size_t
![Page 73: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/73.jpg)
void safe(size_t len, char *data) { char buf[64]; if (len > 64) return; memcpy(buf, data, len); }
Fix:
![Page 74: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/74.jpg)
void f(size_t len, char *data) { char *buf = malloc(len+2); if (buf == NULL) return; memcpy(buf, data, len); buf[len] = '\n'; buf[len+1] = '\0'; }
Vulnerable!
If len = 0xffffffff, allocates only 1 byte
Is it safe? Talk to your partner.
![Page 75: CS 161: Computer Securitycs161/sp18/slides/1.16...Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone](https://reader033.vdocuments.us/reader033/viewer/2022052009/601f311bf19f7451f135ba2a/html5/thumbnails/75.jpg)