KEMBAR78
Lecture 1 | PDF | Pointer (Computer Programming) | Security
0% found this document useful (0 votes)
12 views62 pages

Lecture 1

The document outlines the syllabus for the CC551/CSE468 course on Computer and Network Security, including an introduction to various security threats and real-world attacks. It discusses key concepts such as vulnerabilities, security principles, and the importance of a security mindset, while also detailing class logistics and grading policies. The course aims to provide foundational knowledge in cybersecurity, covering topics like cryptographic schemes and the impact of security on society.

Uploaded by

shifeau
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
12 views62 pages

Lecture 1

The document outlines the syllabus for the CC551/CSE468 course on Computer and Network Security, including an introduction to various security threats and real-world attacks. It discusses key concepts such as vulnerabilities, security principles, and the importance of a security mindset, while also detailing class logistics and grading policies. The course aims to provide foundational knowledge in cybersecurity, covering topics like cryptographic schemes and the impact of security on society.

Uploaded by

shifeau
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 62

Fall 2024

CC551/CSE468: Computer and


Network Security
Lecture 1

Ahmed Kosba

Department of Computer and Systems Engineering


Faculty of Engineering, Alexandria University

1
Today’s Lecture
• Introduction
• Threats against the security of computer systems and communication
• Some real-world attacks
• Class goals and logistics
• Security principles
--
• Buffer overflow vulnerabilities

2
Discussion of Basic Threats/Attacks
This is not a comprehensive list

3
Example 1: Eavesdropping on Communications

Alice Bob

• Defense?
• Would hiding the content, i.e., encryption, prevent all kinds of attacks?

4
Example 2: Unauthorized Modification of
Information
Example: Active man in the middle attacks

Alice Bob

• Defense?

5
Example 3: Denial of Service
• Example: Malicious disruption of a server

Defense?
6
Figure Source: Wikimedia Commons
Example 4: Malicious Software/Hardware
Attackers could develop malicious software or hardware that exploit
vulnerabilities in systems.
Vulnerabilities?
• Vulnerabilities are defects in software or hardware implementations
that could allow attackers to compromise systems security.

Vulnerabilities could be
exploited by attackers to
break confidentiality,
availability and/or integrity.

1999 Source: https://www.cvedetails.com/browse-by-date.php 2021


Defense?
Many serious cyber attacks rely on finding unknown vulnerabilities 8
(zero-day vulnerabilities) that were not discovered before.
Example 5: Leaked/Weak Passwords
• According to the 2018 Verizon Data
Breach Incident Report, Compromised
passwords are responsible for 81% of
hacking-related breaches.
• Also, users don’t use very good
passwords.

• Defense?

9
Example 6: Social Engineering Attacks
Social Engineering: Attacks target the human factor through
psychological tricks.
Examples include phishing, spear-phishing, smishing and vishing.
Example 7: Threats against outsourced
data/computations to the cloud
Cloud Services
Client Devices

Examples of problems that could occur?


11
Real-world Attacks
WannaCry Ransomware Attack (2017)
200,000 computers were infected in 150 countries

Images from Wikipedia


Real-world Attacks

14
Real-world Attacks

15
Cyberwarfare
Bloomberg
• Attacks against critical infrastructure
• Industrial control systems
• Electrical grids
• Transportation networks

• Manipulation of elections and public opinion


• Hacking election systems Washington Post
• Misinformation campaigns
Real-world Vulnerabilities: Software Vulnerability
Example

• Heartbleed: Software bug in the Openssl


cryptographic library.
• At the time of disclosure (2014), half a
million of the Internet's web servers were
thought to be vulnerable to the attack.

Figure source: https://blog.malwarebytes.com


https://meltdownattack.com/

Real-world Vulnerabilities:
Hardware Vulnerability Example
• Meltdown and Spectre vulnerabilities
• Discovered in 2017 and disclosed in early 2018.
• Exploit out-of-order and speculative execution
implemented in many processors.
• Can be used to extract confidential program data.

Out-of-order execution allows future instructions to


be executed before the previous ones complete.
For example, in the following, the processor could
execute i3 and i4 before finishing i1.
i1: r1 ← r2 / r3
i2: r4 ← r1 + r3
i3: r7 ← r6 – r5
i4: r8 ← r5 + r3

18
More Attacks ..
• Attacks against Machine Learning

Figure from Anderson et al’s, PLDI’19 19


Today’s Lecture
• Introduction
• Threats against the security of computer systems and communication
• Some real-world attacks
• Class goals and logistics
• Security principles
--
• Buffer overflow attacks

20
Class Logistics
• Grading Policy (Tentative)
• Final Exam: 60%
• Coursework: 40% (25% midterm + 15% assignments)
• Lectures and assignments will be posted on MS teams
• Team code posted to your group

• Tutorials:
• TAs: Eng. Aly Hamdy, Hossam Elshami, Youssef Sameh
• The tutorials' plan will be decided based on class progress.

21
References

• Introduction to Modern Cryptography, 2nd Edition, by Jonathan Katz and Yehuda Lindell.
• Cryptography and Network Security: Principles and Practice, 7th Edition, by William Stallings.
• Introduction to Computer Security, by Michael Goodrich and Roberto Tamassia.
22
Guidelines
• Attend lectures and review the given content weekly to be up to date.
• Ask questions.
• Start working early on the assignments.
• Note: Some questions in the assignments introduce new ideas, and could be
challenging. However, the grading is done based on serious attempts.
• Academic Integrity
• Don’t cheat in any of the assignments.
• Unless mentioned otherwise, you should work individually.
• If any extra source or discussion helped you answer a question, you should
cite that source and write solutions in your own way.

23
Goals of this course
The primary goal is to help you develop a security mindset.
• In this course, you will learn about:
• The basics of computer and network security
• Standard cryptographic schemes
• How some real worlds attacks work
• Some software and web security issues
• The impact on the society
• Some recent trends (This will depend on time)

However, after this course,


• You won’t be able to invent your own cryptographic schemes.
• You will need more in-depth knowledge in order to do research or work on open
problems.
• Not all details will be covered, given the limited time of the course. 24
Further notes
• Learning Cybersecurity should be fun.
• Many topics can be viewed as a game between defenders and
attackers.
• Serious consequences for mistakes in practice, but not in class, so
make use of this chance to learn.

25
Further notes
• Recent developments in security and cryptography enable
new applications.
• Example of research trends:
• Searchable Encryption
• Hiding Access Patterns
• Zero-knowledge Proofs
• Secure Multi-party Computation

• You can do things that might seem impossible.

26
Computer and Network
Security Concepts

27
Security Definition and Goals
• Definition of Computer Security [NIST SP 800-14]
“The protection afforded to an automated information system in order to attain the
applicable objectives of preserving the integrity, availability, and confidentiality of
information system resources (including hardware, software, firmware, information
data, and telecommunications).”

• Definition of Cybersecurity [NISTIR 7621 Rev. 1]


“ Prevention of damage to, protection of, and restoration of computers, electronic
communications systems, electronic communications services, wire communication,
and electronic communication, including information contained therein, to ensure its
availability, integrity, authentication, confidentiality, and nonrepudiation.”

CIA Triad:
Confidentiality, Integrity, Availability
- How are the attacks we discussed earlier related? 28
CIA: Confidentiality – Integrity – Availability
• Confidentiality
• Prevent unauthorized access to or disclosure of information

• Integrity
• Data Integrity means that the data has not been altered in any unauthorized
manner. This covers data in storage, during processing, and during transmission.
• System Integrity means that the system performs the intended functions without
unauthorized manipulation.

• Availability
• The systems and services perform the intended functions promptly, and without
interruptions
29
Additional Concepts (related to Integrity)
Authenticity
• The property that statements made by persons/electronic systems are genuine. This
includes being able to verify that messages originated from certain sources.

Non-repudiation
• Definition according to NIST SP 800-53 Rev. 5: “Protection against an individual who
falsely denies having performed a certain action and provides the capability to determine
whether an individual took a certain action, such as creating information, sending a
message, approving information, or receiving a message.”
• This helps with accountability in digital contracts for example.

Note: As we will see during the course, not all integrity primitives provide the same guarantees. For
example, a primitive could enable authentication, but not non-repudiation.
30
OSI Security Architecture
Provides definitions for
• Security Attacks
• Security Mechanism
• A method or process (or a device incorporating it) that is designed for
detecting, preventing and recovering from security attacks
• Examples: Encipherment, Digital Signatures, Access Control, Routing Control, etc.
• Security Service
• A service, provided by a layer of communicating open systems, that ensures
adequate security of the systems or the data transfers.
• Could use one or more security mechanisms
• Examples: Data origin authentication, traffic flow confidentiality, non-repudiation, etc.
Definitions can be found in:
• X.800: Security architecture for Open Systems Interconnection for CCITT applications
32
• RFC 4949: Internet Security Glossary, Version 2
Examples

Security attacks
- Passive Attacks Alice Bob
- Eavesdropping
- Traffic Analysis

- Active Attacks
- Modification of data/information
- Altering system behavior
- DDoS
- Masquerading
- Replay attacks Alice Bob

- Which are more difficult to detect?

33
Security Design Principles
• Economy of mechanism • Isolation
• Fail-safe defaults • Encapsulation
• Complete mediation • Modularity
• Open design • Layering
• Separation of privilege
• Least privilege • Compromise recording
• Least common mechanism • Work factor
• Psychological acceptability

35
Security Design Principles [1/4]
• Economy of mechanism
• Simplicity in design
• Fail-safe defaults
• Access decisions should be based on explicit permission, not exclusion.
• Example: When adding a new user to a system, the user should have none or
minimal access rights by default, i.e., the default is lack of access, unless given
explicit access permission.
• Complete mediation
• All accesses to objects must be checked for compliance with the access control
policies or protection schemes in place.
• Note: Checking every access does not always happen in real systems. Some form of
caching could be employed, but this could lead to issues. [Examples – 13.2.4]
• Open design
• The design of a security mechanism should be public. In other words, the security
should not depend on the secrecy of the design.
36
• What about encryption algorithms?
Security Design Principles [2/4]
• Separation of privilege
Definitions appear in different forms.
• Have a different permission for each operation (fine-grained access control).
• Functions should be separate and provide as much granularity as possible.
• This principle can apply to both systems and users.
• In the case of systems, functions such as read, edit, write, and execute should be separate.
• In the case of system operators and users, roles should be as separate as possible. For example,
if resources allow, the role of system administrator should be separate from that of the
database administrator. [NIST 800-123]
• Require more than one condition to achieve access to a restricted resource or
perform a sensitive operation. (similar to separation of duties)
• Least privilege
• Each program/user should operate with the minimum privileges needed to
perform the desired function. 37
Security Design Principles [3/4]
• Least common mechanism
• Minimize the functions/resources shared by different users or programs.
• Sharing resources could lead to undesirable attack channels.

• Psychological acceptability
• Usability: Security mechanisms should be transparent to the users or at most
introduce minimal interference.
• Least astonishment: The UI should match the experience and expectations of the
user.

• Isolation
• Separate public access systems from critical resources.
• Processes and files of individual users should be isolated from each other, unless
desired otherwise. 38
Security Design Principles [4/4]
• Encapsulation
• This is another form of isolation that is similar to encapsulation in OOP.
• The internal structure of a data object is accessible only to the procedures of
the protected subsystem. External operations on data or procedures may be
called only at well-defined entry points.

• Modularity
• Develop security functionalities as separate modules.
• Use a modular architecture for the design and implementation of security
mechanisms.
• Layering
• Use multiple layers of defense.
39
Minimize the Attack Surface!
• An attack surface of a system is the set of ways through which an adversary can
access a system and compromise its security.
• In other words, it’s the software and network parts that are exposed to attacks.
Another Definition: “Reachable and exploitable vulnerabilities in a system” [Textbook]
• Examples
• Open ports, and the code listening on these ports.
• Services used inside a firewall.

Categories
• Software Attack Surface
• Network Attack Surface
• Human Attack Surface 40
Integrating Security with System
Development Life Cycle
• Security must be integrated with all the SDLC stages, since the start.
• Security should never be an afterthought.
• This helps with:
• Early detection and mitigation of potential security vulnerabilities, which
reduces the mitigation cost later.
• Identifying the engineering challenges caused by the needed security
mechanisms

Based on NIST SP 800-64 41


Additional Security Concepts
• Information security protections are implemented so as to be
commensurate with risk.

• Information security requires a comprehensive and integrated


approach

• Information security roles and responsibilities should be made


explicit.

Full list can be found in NIST SP 800-12 REV. 1 –Introduction to Information Security.
42
Software Security
Low-level attacks

44
CWEs and CVEs
• When discussing vulnerabilities, you will usually see these terms:
• CWE: Common Weakness Enumeration
• This describes a common weakness in software or hardware, without referring to a
specific instance. This weakness can lead to exploitable vulnerabilities.
• Example: CWE 119 – Buffer Errors

• CVE: Common Vulnerabilities and Exposures:


• This refers to a specific instance of a product or a system that is vulnerable.
• Example: CVE-2014-0160 [Heartbleed vulnerability]
• Applies to TLS and DTLS implementations in OpenSSL 1.0.1
• Weakness: CWE 119

45
Top 10 CWEs in 2019 [Data from https://cwe.mitre.org/]
Rank ID Name
[1] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Improper Neutralization of Input During Web Page Generation ('Cross-site
[2] CWE-79
Scripting')
[3] CWE-20 Improper Input Validation
[4] CWE-200 Information Exposure
[5] CWE-125 Out-of-bounds Read
Improper Neutralization of Special Elements used in an SQL Command
[6] CWE-89
('SQL Injection')
[7] CWE-416 Use After Free
[8] CWE-190 Integer Overflow or Wraparound
[9] CWE-352 Cross-Site Request Forgery (CSRF)
Improper Limitation of a Pathname to a Restricted Directory ('Path
[10] CWE-22
Traversal')
46
See also: https://nvd.nist.gov/vuln/categories
CVEs related to CWE-119
Table from: https://www.cvedetails.com/

Note the different impact of each CVE, although the CWE is the same. 47
Buffer Overflow
• This bug usually appears in C or C++ implementations.
• Many other languages aim to prevent this kind of bugs.

• But how common is development in C or C++ now anyway?


• Still used in the development of operating systems, embedded systems, high-
performance computing, etc.
• They are still in the top 10 used programming languages.

• Buffer overflow attacks exist since the 1980’s (Morris Worm)

48
0xFFFF…FFFF
Kernel
Space

Memory Layout Command-line arguments


+ Environment Variables

• This is the Unix virtual address space, Stack


assuming 32-bit addresses.
• The user space is the set of virtual
addresses the OS makes available to
each user-mode process.
• Mapping to physical addresses is Heap
handled by the operating system and
the MMU. User
Uninitialized global and Space
static variables

• We will focus only on the stack, for Initialized global and


now. static variables

Text
(code segment)
0x0000…0000
Stack
High Address
.
Calling a Function in C .
.
Stack frame
of main()
void f(int arg1, int arg2){
arg2
int x;
int y; arg1
char s[4];
.. Stack frame
} of f()
x
int main(){ y
f(arg1, arg2);
} s

The content
• The arguments and the local variables are pushed of the local
on top of the stack. buffer s is
stored here.
• Note: Each row in the figure is 4 bytes.
50
Stack
High Address
.
Calling a Function in C .
.
void f(int arg1, int arg2){
arg2
int x;
int y; arg1
char s[4];
..
}
x
int main(){ y
f(arg1, arg2);
} s

Questions
• What do we need in order to resume execution
after f returns?
• When f is compiled, what should be the
addresses of the variables x, y and s? 51
Stack
High Address
.
Calling a Function in C .
.
arg2
• During execution, we need three arg1
registers:
• ESP: Stores the current stack pointer (the
address of the top of the stack) %ebp
x
• EBP: Stores the base pointer for the
current stack frame. y

• EIP: Stores the next instruction pointer. s %esp

• When the source code is compiled, the


addresses of the local variables are
defined with respect to the EBP.
52
Assembly Example
• Example from: Software Essentials: Design and Construction, By
Adair Dingle Local variables and parameters are addressed w.r.t. the base frame pointer.

The caller's %ebp is pushed on top of the stack and %ebp value is updated to the current stack pointer.
53
The arguments are pushed in the code of the caller. The instruction pointer is pushed by the call itself.
Stack
High Address
.
Calling a Function in C .
.
%ebp

arg2
• During execution, we need three arg1
registers:
The caller’s %eip
• ESP: Stores the current stack pointer (the
The caller’s %ebp %ebp
address of the top of the stack)
x
• EBP: Stores the base pointer for the
current stack frame. y

• EIP: Stores the next instruction pointer. s %esp

• When we call a function, we need to


keep track of the EIP and EBP values of
the caller.
54
Stack
High Address
.
Calling a Function in C .
.
%ebp

void f(int arg1, int arg2){


arg2
int x;
int y; arg1
char s[4]; The caller’s %eip
..
} The caller’s %ebp %ebp
x
int main(){ y
f(arg1, arg2);
} s %esp

• When f() terminates, we can restore the


values of the caller’s %eip and %ebp, to
resume the execution of main().
55
Calling a Function in C
• What could happen if we mistakenly had a buffer overflow while
doing write operations?
• Modify the data of other variables.
• Modify the stored instruction pointer on the stack (the return address!).

• Note: The following issues don’t apply only to strcpy. You can find
examples for gets, strcat, etc.

56
Stack
High Address
.
Buffer Overflow .
.
%ebp

void f(char *s){


Note: This is an address, not
int authentic = 0; s the actual string.
char b[4];
strcpy(b,s); The caller’s %eip
if(authentic){
The caller’s %ebp %ebp
// …
} 0 0 0 0
}

int main(){
char *t = “ABCDEFG”;
f(t);
}

• Note: The string s is longer than the buffer b.


• This can affect the control flow of the
program, grant the adversary extra
permissions, etc.
57
Stack
High Address
.
Buffer Overflow .
.
%ebp

void f(char *s){


int authentic = 0; s
char b[4];
strcpy(b,s); The caller’s %eip
if(authentic){
The caller’s %ebp %ebp
// …
} E F G 0
}
A B C D
int main(){
char *t = “ABCDEFG”;
f(t);
}

• Note: The string s is longer than the buffer b.


• This can affect the control flow of the
program, grant the adversary extra
permissions, etc.
58
Buffer Overflow Vulnerabilities
• What else can go wrong?
• The instruction pointer of the caller get modified to point to another
malicious code segment.

• This sort of attack could be challenging to implement correctly if the


attacker does not have access to the code, but it is possible.

59
Stack Smashing Attacks

• This report shows how to inject a “shell code”, which opens a shell for the
attacker. The attacker can issue commands as desired.
60
Other Low-level Bugs
• Similar attacks can also apply for the heap.
• Format string attacks
• Integer overflows

62
Format String Vulnerabilities
int main(int argc, char* argv[]){
printf(argv[1]); // vulnerable
printf("%s", argv[1]); // safer
}

• The behavior is the same if the user inputs a normal string, e.g.,
"Hello!".
• The behavior will be different if the user enter a string with format
specifiers, e.g., "Hello %p %p %p %p %p".
• The content of the stack could be printed.
• An Example will be posted on the MS team.
63
Countermeasures
• Use a memory-safe and a type-safe language
• Most modern languages aim to be memory-and type-safe.
• This does not prevent all issues. You need to follow security recommendations.
• What if we still need to use C?
• Use secure coding guidelines.
• Tools that check whether a program is memory-safe.
• Some known countermeasures in the space
• Stack canaries
• Make code on stack or heap not executable.
• However, some types of attack could still work. See Return-to-libc
• Address space layout randomization
• Control flow integrity
However, countermeasures are not perfect.
64
Notes
• Many compilers now rely on techniques that make a subset of the
attacks harder.
• GCC for example has stack smashing protection (SSP).
• But again, don’t assume that these techniques are perfect.
• Note: GCC's stack smashing protection won't prevent all out-of-bound writes.
• A code example will be posted for this.

• Note that for some compilers, memory protection mechanisms may


not be enabled by default (See the clang-7 example in the lecture).

• Your first defense should be to use secure coding guidelines.


65
Using other languages does not eliminate all
problems!
• You have to check if there are security guidelines that you need to
follow for the version that you are using.
• Simple Example: Using Python 2.7
pin = 12345 ## This is just an example. Don’t hardcode secrets.
inputPin = input("Enter the pin number: ")
if(pin == inputPin):
print "Accepted"
else:
print "Wrong pin"

What can go wrong here? 66


Summary
• Security Principles
• CWEs and CVEs
• Low-level security
• Buffer errors and format string attacks
• Overview of countermeasures

Notes:
• We won't have time to discuss all possible low-level issues.
• However, you know now that the issues could appear in very simple code and
could be exploited in various ways, so keep learning and follow secure coding
practices.
67

You might also like