introduction to computer security - carnegie mellon … · introduction to computer security david...
TRANSCRIPT
![Page 2: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/2.jpg)
Today: Overview
• Course Staff
• Trusting Trust
• Course Overview
• Example Applications
• Course Mechanics
• CMU CTF Team
2
![Page 3: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/3.jpg)
You will find
at least one error
on each set of slides. :)
3
![Page 4: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/4.jpg)
4
David Brumley• B.A. Math UNC 1998
• M.S. CS Stanford 2003
• Ph.D. CS CMU 2008
• Computer security officer, Stanford University, 1998-2002
• Assistant Professor, CMU, Jan 2009
![Page 5: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/5.jpg)
Current Research Thrusts
• Automatic Exploit Generation– AEG and Mayhem
• Scalable Malware Analysis– BitShred
• Binary code analysis– Decompilation
• Vetting whole systems
5
![Page 6: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/6.jpg)
TrustTrusting
6
![Page 7: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/7.jpg)
Do you trust hisSoftware?
7
Photo from http://culturadigitalbau.wikispaces.com/file/view/thompson.c1997.102634882.lg.jpg/212982274/thompson.c1997.102634882.lg.jpg
![Page 8: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/8.jpg)
Ken Thompson
Co-Creator of UNIX and C
Turing Award: 1983
8
![Page 9: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/9.jpg)
9
Compiler
011001001111010
FIXME: make login.c
![Page 10: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/10.jpg)
10
Compiler
011001001111010
...if(program == “login”)
add-login-backdoor();if(program == “compiler”)
add-compiler-backdoor();
FIXME: make login.c
![Page 11: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/11.jpg)
Ken Thompson
Co-Creator of UNIX and C
Turing Award: 1983
11
![Page 12: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/12.jpg)
Would you trust Mother Teresa’ssoftware?
12
![Page 13: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/13.jpg)
13
Would you trust Mother Teresa’ssoftware?
![Page 14: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/14.jpg)
14
Surely cryptographers code must be secure?
Ron RivestAdi Shamir Len Adleman
Picture from http://www.usc.edu/dept/molecular-science/RSA-2003.htm
![Page 15: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/15.jpg)
Perfect Cryptography Exists!We’re no better off guessing what an encrypted message contains given the ciphertext.
- Claude Shannon
15
![Page 16: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/16.jpg)
But implementations may still leak...
16
message decrypt(ciphertext c, private_key k){
plaintext m;if(k == 1) m = time t1 decryption ops; return m;if(k == 2) m = time t2 decryption ops; return m;if(k == 3) m = time t3 decryption ops; return m;....
}
![Page 17: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/17.jpg)
17
Isn’t this networking?
Routers run an operating system, which hackers now
target
![Page 18: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/18.jpg)
Even GPS systems run
• Webservers
• FTP servers
• Network time daemons
18
![Page 19: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/19.jpg)
19
Security is many things
![Page 20: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/20.jpg)
This Class: Introduction to the Four Research Cornerstones of Security
20
Software Security Network Security
OS Security Cryptography
![Page 21: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/21.jpg)
21
Course Topics
IntrotoComputerSecurity
SoftwareSecurity
ControlFlowHijack
ExecutionSafety
InformationFlow
Cryptography
GoalsofCrypto
StreamCiphers
BlockCiphers
AsymmetricCrypto
Authentication/Integrity
OSSecurity
CommonDefenses
Authorization
SecurityArchitectures
NetworkSecurity
WebSecurity
DenialofService
Protocols
IntrusionDetection
Your job: become conversant in these topics
![Page 22: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/22.jpg)
Software Security
22
![Page 23: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/23.jpg)
Control Flow Hijacks
23
shellcode (aka payload) padding &buf
computation + control
Allow attacker ability to run arbitrary code– Install malware
– Steal secrets
– Send spam
![Page 24: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/24.jpg)
24
![Page 25: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/25.jpg)
25
![Page 26: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/26.jpg)
26
![Page 27: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/27.jpg)
Software Security
• Recognize and exploit vulnerabilities– Format string
– Buffer overflow
– Gist of other control flow hijacks, e.g., heap overflow
• Understand defenses in theory and practice– ASLR
– DEP
– Canaries
– Know the limitations!
27
![Page 28: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/28.jpg)
Cryptography
28
![Page 29: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/29.jpg)
Everyday Cryptography
• ATM’s
• On-line banking
• SSH
• Kerberos
![Page 30: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/30.jpg)
Alice Bob
MPublic Channel
Adversary Eve: A very clever person
![Page 31: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/31.jpg)
Alice Bob
MPublic Channel
Adversary Eve: A very clever person
Cryptography’s Goals:– Data Privacy– Data Integrity– Data Authenticity
![Page 32: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/32.jpg)
Alice Bob
MPublic Channel
Adversary Eve: A very clever personCryptonium
Pipe
![Page 33: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/33.jpg)
Alice Bob
MPublic Channel
Adversary Eve: A very clever personCryptonium
Pipe
Cryptography’s Goals:– Privacy– Integrity– Authenticity
![Page 34: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/34.jpg)
34
![Page 35: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/35.jpg)
Goals
• Understand and believe you should never, ever invent your own algorithm
• Basic construction
• Basic pitfalls
35
![Page 36: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/36.jpg)
OS Security
36
![Page 37: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/37.jpg)
37
PrincipalReferenceMonitor
Object
RequestedOperation
ApprovedOperation
Source Guard Resource
Authentication Authorization
In security, we isolate reasoning about the guard
![Page 38: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/38.jpg)
38
OSSecurity
Authentication Principles
AuthorizationReferencemonitors
Accesscontrollists
Auditing
SecurityArchitecturesVirtualMachines
SoftwareFaultIsolation
![Page 39: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/39.jpg)
OS Goals
• Know Lampson’s “gold” standard
– Authorization
– Authentication
– Audit
• Know currently used security architectures
39
![Page 40: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/40.jpg)
Network Security
40
![Page 41: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/41.jpg)
41
NetworkSecurity
WebSecurity
XSS
StoredXSS
ReflectedXSS
SQLInjection
Defense
Sanitization
Storedprocedures
Attacks
Basicsyntax
Comments
Probes
CSRF
Attack
Defense
RefererValidation
CustomHeader
Tokenvalidation
IntrusionDetection
Stateful
Stateless
BaseRate
ProtocolsKerberos
BGP
DenialofServiceBots
CDN
![Page 42: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/42.jpg)
42
NetworkSecurity
WebSecurity
XSS
StoredXSS
ReflectedXSS
SQLInjection
Defense
Sanitization
Storedprocedures
Attacks
Basicsyntax
Comments
Probes
CSRF
Attack
Defense
RefererValidation
CustomHeader
Tokenvalidation
IntrusionDetection
Stateful
Stateless
BaseRate
ProtocolsKerberos
BGP
DenialofServiceBots
CDN
![Page 43: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/43.jpg)
43
NetworkSecurity
WebSecurity
XSS
StoredXSS
ReflectedXSS
SQLInjection
Defense
Sanitization
Storedprocedures
Attacks
Basicsyntax
Comments
Probes
CSRF
Attack
Defense
RefererValidation
CustomHeader
Tokenvalidation
IntrusionDetection
Stateful
Stateless
BaseRate
ProtocolsKerberos
BGP
DenialofServiceBots
CDN
![Page 44: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/44.jpg)
Networking Goals
• Understand the base rate fallacy and it’s application to IDS
• Be able to recognize and perform basic web attacks
• State what a DDoS is, and how CDN’s mitigate their effect
44
![Page 45: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/45.jpg)
Course Mechanics
45
![Page 46: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/46.jpg)
Basics
• Pre-req: – Basic UNIX development (gcc, gdb, etc.)– 15-213 or similar is recommended
• Read all papers before lecture– Read– Underline– Question– Review
• Course website: http://www.ece.cmu.edu/~dbrumley/courses/18487-f13
46
![Page 47: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/47.jpg)
Workload
• 3 homework assignments
• 3 exams, keep highest 2 grades
• The Coolest Bug day.
47
![Page 48: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/48.jpg)
The Coolest Bug
• Describe a classic old bug, or a new zero-day
• Provide an 5 minute tutorial on the bug.
• Present to the class.
• Class votes (via a limited number of tokens) on best.
• Encourage finding your own zero-days.
48
![Page 49: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/49.jpg)
1996
49
#1 Song: The Macarena Spice Girls Play Olympics Windows 95 Reigned
![Page 50: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/50.jpg)
50
Ping of Death!
![Page 51: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/51.jpg)
51
ICMP and IP Packets
IPPacket
Max IP packet size = 65535 octets (216 – 1)(RFC 791)
20 for typical header
8 for ICMP header
65507 for data(65535-20-8)
To process ICMP, I need to handle up to 65507 octets
http://jobtrakr.com/2011/11/16/so-you-want-to-be-a-manager/
![Page 52: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/52.jpg)
52
ICMP and IP Packets
IPPacket
Max IP packet size = 65535 octets (216 – 1)(RFC 791)
20 for typical header
8 for ICMP header
65507 for data(65535-20-8)
To process ICMP, I need to handle up to 65507 octets
http://jobtrakr.com/2011/11/16/so-you-want-to-be-a-manager/
![Page 53: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/53.jpg)
IP Fragmentation
One 4000 byte packet with Maximum Transmission Unit (MTU) of 1500
53
... length4000
IDx
fragflag0
offset0
...
... length1500
IDx
fragflag1
offset0
...
... length1040
IDx
fragflag0
offset370
...
... length1500
IDx
fragflag1
offset185
...
packet len < MTU
1480 octet data
offset = 1480/8
Gets fragmented in 3 packets
![Page 54: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/54.jpg)
ping of death
54
Attacker Victim2. Victim reassembles fragments
into one big packet
3. Victim copies large packet,exceeds buffer bounds,
crashes
![Page 55: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/55.jpg)
“A few ICMPv6 packets with router advertisements requests can cause a denial-of-service vulnerability reminiscent of the famous "Ping of Death". It’s a good illustration of how much we still do not know about the stability of IPv6. We continue to recommend turning off IPv6 on workstations if your network is not engineered for its use.”
55
![Page 56: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/56.jpg)
“A few ICMPv6 packets with router advertisements requests can cause a denial-of-service vulnerability reminiscent of the famous "Ping of Death". It’s a good illustration of how much we still do not know about the stability of IPv6. We continue to recommend turning off IPv6 on workstations if your network is not engineered for its use.”
56
![Page 57: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/57.jpg)
Basic Mechanics
• Grading based on:– 3 homeworks (35%)– Highest 2 out of 3 tests (30% each)– Participation and coolest bug (5%)
• No late days except under exceptional circumstances.
• I guarantee at least the following:– 90-100%: A– 80-89%: B– 70-79%: C– 60-69%: D– < 59%: F
57
![Page 58: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/58.jpg)
• Obey the law
• Do not be a nuisance
• Don’t cheat, copy others work, let others copy, etc.
58
![Page 59: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/59.jpg)
One note
My wife will have a baby boy sometime this semester. This may affect the course.
59Image credits: http://onyx-ii.com/srcstore/scripts/store/item.cfm?Item_Number=BE-STXLW-CD
![Page 60: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/60.jpg)
Capture the Flag
60
![Page 61: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/61.jpg)
61
CMU Capture the Flag Team
![Page 62: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/62.jpg)
62
Red Team
• Vulnerability Discovery• Exploitation• Network mapping• Web security
Blue Team
• Intrusion detection• Hot-patching• Firewalls• Work-arounds
![Page 63: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/63.jpg)
63
![Page 64: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/64.jpg)
64
![Page 65: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/65.jpg)
10,000 Students in 2,000 teams
65Size of circle proportional to number of teams
![Page 66: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/66.jpg)
66
![Page 67: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/67.jpg)
67
![Page 68: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/68.jpg)
Example Network Forensics
68
![Page 69: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/69.jpg)
PicoCTF
• 10,000 students
• 600 teams solving advanced problems– ROP attacks
– Breaking incorrect use of modern crypto
• Identified the best of the best“I learned more in one week than the last two years in CS courses.”
69
If you get an A, you may be eligible to help with PicoCTF 2014
![Page 70: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/70.jpg)
70
Questions?
![Page 71: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/71.jpg)
END
![Page 72: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/72.jpg)
Information Flow
72
Program
High In Low In
High Out Low Out
OK to mix NO mixing!
e.g., password e.g., dictionary
![Page 73: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/73.jpg)
73
InformationFlow
DataDependence
Assignment
ControlDependence
if-then-else
SideChannel
Timing
![Page 74: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/74.jpg)
Information Flow Goals
• What is safe and unsafe information flow?
• How is it calculated?
• Know the non-interference information flow property.
74
![Page 75: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/75.jpg)
Execution Safety
Trapped Errors
halts computation immediately
ex:
• divide by zero
• dereference (R/W)an illegal address
Untrapped Errors
can go unnoticed until (possibly much) later
ex:
• buffer overflow
• writing an integer into an array of strings
75
![Page 76: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/76.jpg)
76
![Page 77: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/77.jpg)
Safe Languages
Untrapped Errors
can go unnoticed until (possibly much) later
ex:
• buffer overflow
• writing a string into an integer
77
A safe language has nountrapped errors.
untyped typed
staticallychecked
dynamicallychecked
“typechecking”
![Page 78: Introduction to Computer Security - Carnegie Mellon … · Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University](https://reader033.vdocuments.us/reader033/viewer/2022050903/5b48b8b97f8b9aa4148da939/html5/thumbnails/78.jpg)
Execution Safety Goals
• State what type safety means.
• Read typing inference rules.
• Give examples of differences between type safety and security.
• State control flow integrity– Give examples of vulnerabilities protected by CFI– Give examples of vulnerabilities not protected by CFI
78