1 / 23

Integration of Information Security Laboratories into

Integration of Information Security Laboratories into Computer Architecture Courses to Enhance Undergraduate Education Jayantha Herath, Sarnath Ramnath, Susantha Herath, *Ajantha Herath St. Cloud State University, * University of Dubuque. Active Learning Environments.

ivor-french
Download Presentation

Integration of Information Security Laboratories into

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integration of Information Security Laboratories into Computer Architecture Courses to Enhance Undergraduate Education Jayantha Herath, Sarnath Ramnath, Susantha Herath, *Ajantha Herath St. Cloud State University, *University of Dubuque

  2. Active Learning Environments • Computer Architecture –1 • Digital Logic Circuit Design Course • Performance focus • http://web.stcloudstate.edu/jherath/CompArch-1 • Introduction to Programming in C++ • http://web.stcloudstate.edu/jherath/Cplusplus • Intermediate Computer Architecture • Performance focus • Interface to CS-1 and Computer Architecture-1 • http://web.stcloudstate.edu/jherath/CompArch-2 • Need to interface with other courses • Information Assurance and Computer Security Course

  3. Interfacing Computer Architecture-1 Digital Logic Circuit Design CS-1 Intermediate Computer Architecture CS-2 Compiler Design Networking Storage Operating Systems Databases

  4. Implementation of basic programming constructs • I/O • arithmetic expressions • memory operations • register operations • if-else and switch conditional operations • for-while iterative computation controls • simple and recursive functions in several different ISAs. • Pipeline processor design using VHDL • Main focus - Performance

  5. Main Message • Computer Architecture should be learning more than traditional performance issues • Secure Networking • Secure Storage • Secure Databases • Secure Operating system

  6. Problems • Information assurance and network security tracks have been developed over the recent years without providing necessary and sufficient background knowledge in logic, storages and processor architecture. • Passive Learning • Interfacing laboratories for Architecture • Symposium

  7. First Close Lab in Computer Architecture-2 • TUTOR 1.32> MS 2000 'ABCDEFGHIJKLMNOPWRSTUVWXYZ' • TUTOR 1.32> MS 2020 'abcdefghijklmnopwrstuvwxyz' • TUTOR 1.32> MS 2040 '0123456789' • MEMORY DISPLAY • TUTOR 1.32> MD 2000 256 • 002000 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 ABCDEFGHIJKLMNOP • 002010 57 52 53 54 55 56 57 58 59 5A FF FF FF FF FF FF WRSTUVWXYZ...... • 002020 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop • 002030 77 72 73 74 75 76 77 78 79 7A FF FF FF FF FF FF wrstuvwxyz...... • 002040 30 31 32 33 34 35 36 37 38 39 FF FF FF FF FF FF 0123456789...... • .... • 002090 12 EB 00 13 12 EB 00 0E 12 FC 00 20 12 EA 00 02 .k...k...|. .j.. • 0020A0 12 EA 00 12 12 EA 00 03 12 EA 00 02 12 FC 00 21 .j...j...j...|.! • .... • 0020F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ • Figure 1. Setting and Displaying the Content of Storage

  8. Open Lab 1 for Computer Architecture-2 • Packet Sniffing Using Ethareal • Communication networks • Passive monitoring • 00000000 50 4f 53 54 20 2f 63 67 69 2d 62 69 6e 2f 6c 6f POST /cg i-bin/lo • 00000010 67 69 6e 2e 63 67 69 20 48 54 54 50 2f 31 2e 31 gin.cgi HTTP/1.1 • 00000020 0d 0a 41 63 63 65 70 74 3a 20 61 70 70 6c 69 63 ..Accept : applic • 00000030 61 74 69 6f 6e 2f 76 6e 64 2e 6d 73 2d 65 78 63 ation/vn d.ms-exc • 00000040 65 6c 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f el, appl ication/ • 00000050 6d 73 77 6f 72 64 2c 20 61 70 70 6c 69 63 61 74 msword, applicat • Figure 2(a) Packet Sniffer Output - www.rediff.com • 00000000 16 03 00 04 79 02 00 00 46 03 00 2f ed 29 44 2a ....y... F../.)D* 00000020 7a b2 b5 95 40 08 c3 74 ae 70 98 20 49 08 00 00 z...@..t .p. I... • 00000030 82 32 61 be ad eb b1 27 ee 5e 93 e6 b3 1e ac 79 .2a....' .^.....y • 00000040 7e 80 31 0b d2 2e b9 70 3b e5 55 b3 00 03 00 0b ~.1....p ;.U..... • 00000050 00 03 5a 00 03 57 00 03 54 30 82 03 50 30 82 02 ..Z..W.. T0..P0.. • 00000060 bd a0 03 02 01 02 02 10 3c f4 4e cc 7b c3 e6 34 ........ <.N.{..4 • 00000070 b0 3f 2d 8e b8 78 41 27 30 0d 06 09 2a 86 48 86 .?-..xA' 0...*.H. • 00000080 f7 0d 01 01 05 05 00 30 5f 31 0b 30 09 06 03 55 .......0 _1.0...U • Figure 2 (b) Packet Sniffer Output - www.hotmail.com

  9. Another Lab - Logic Attack to Access Databases [4] • username AND password to access database • Convert to username AND password OR any expression always TRUE • Normal Access SQL Logic expression • String query = "SELECT * FROM users_table " + " WHERE username = " + " ‘ " + username + " ‘ " + " AND password = " + " ‘ " + password + " ‘ " ; • Logic Attack • Attacker enters arbitrary username: anyname, but special “password” of: Aa ‘ OR ‘ ‘ = ‘ • Dynamically-constructed query becomes: SELECT * FROM users_table WHERE username = ‘anyname‘ AND password = ‘Aa‘ OR ‘ ‘ = ‘ ‘; • Where clause: F AND F OR T => F OR T => T ! • All user rows returned to application

  10. Criminal cases: Data representation Unaltered data Data collected from: Hard drives Log files Documents Creator signatures Content analysis Origin of source code or ideas Computer Forensics-Labs

  11. A Lab to interface Operating System Concepts - State of Utah vs. Carl Payne [5] • Summer 1996: • FiberNet, ISP, clash with Payne who helped found. • September 96 • Terminate Payne. • October 30, 1996 • Payne’s last day of work. • November 6, 1996 • Attack on FiberNet’s computers. • State Alleged: • Payne • a disgruntled employee with knowledge to carry out the attack. • created a “back door” on his last week of employment. • used his dial-up account to log into Fibernet’s systems and erase everything.

  12. /etc/shadow(printed November 6, 1996 by prosecution expert witness) • What are the numbers • 6445 • 9800 • 9807 • 9818 • ???? • Number of days since January 1, 1970

  13. /etc/shadow(Printed November 6, 1996 by prosecution expert witness) • 9818 = November 11, 1996 • 6445 = August 25, 1987 • 9807 = November 7, 1996 • 9800 = October 31, 1996

  14. Another Open Lab – Storage Issues • Data Sanitization • AutoClave http://staff.washington.edu/jdlarios/autoclave • http://wipe.sourceforge.net for linux • Free • Writes just zeroes, DoD specs, or the Gutmann patterns. Very convenient and easy to use. Erases the entire disk including all swap space. • Data Retrieve - Forensics tools • The Coroner’s Toolkit www.porcupine.org/forensicsl/tct.htm

  15. US vs. John Doe • 1992 Dr. John Doe joined University A as an Associate Professor of medicine, received tenure in one-year, and promoted to Full Professor in the following year. • Twenty seven years of professional experience • Generated clinical income for the University via his specialist clinics where he cared for hundreds of chronically ill patients with bone diseases and external funds. • 2001 - Resigned from the University A, started working as a tenured Professor at University B in State J.

  16. Worm spread in U- May 16, 2001 Around 10:50 AM CDT, users of U started receiving infected emails. Followed by rapid flashes of infected emails sending out. Network began to slowdown due to emails spread by worm. Some users opened the attachment in the emails. They saw a message window, Some users reported it to the helpdesk and to IST staff.

  17. May 16, 2001 • While at University A, John opened an e-mail from a friend of his native country, via the Yahoo e-mail, with an attachment file bearing the name of a town familiar to him. • John opened the attachment without knowing that it was a worm arriving from an infected machine. • A few days later his supervisors accused him of creating and transmitting a virus. • his computer was confiscated.

  18. One and half years after John opened the e-mail attachment, he was informed that a grand jury indicted him for violating 18 USC 1030.

  19. The grand jury charged that Professor John Doe did knowingly cause the transmission of a program, information, code or command, and as a result of such conduct, did intentionally cause damage without authorization to a protected computer, which is used in interstate and foreign commerce and communication, and, by such conduct, caused loss to one or more persons during a one-year period aggregating at least $5K in value.

  20. Professor Doe started finding an attorney to represent himself, many attorneys asked him to pay $150,000 upfront to represent him in the case. • Found one for $5000 and he quits • Then found another for $50,000 • Lawyers, judges, juries do not know computer related issues

  21. Annual Regional Symposiums 1.Symposium on Computer Architecture -2002 http://web.stcloudstate.edu/jherath/hipe2002 2. Symposium on Information Assurance and Security -2003 http://web.stcloudstate.edu/sherath/SIAS2003 3.Information and Network Security Workshop-2003 http://web.stcloudstate.edu/sherath/INSW2003

  22. Main Message Revisited • Computer Architecture should be more than learning traditional performance issues • Secure Storage • Secure Databases • Secure applications • Secure operating system • Secure network environment • Need Architecture Laboratories to address security issues of processors and Storages.

  23. 1.Symposium on Information Assurance and Security -2003 http://web.stcloudstate.edu/sherath/SIAS2003 2.Information and Network Security Workshop-2003 http://web.stcloudstate.edu/sherath/INSW2003 3.Pfleeger, Security in Computing, http://www.prenhall.com 4.http://www.cs.uwec.edu/~wagnerpj/security/ 5.http://www.simson.net/2002-11-Forensics.ppt 6.http://www.ethereal.com/distribution/win32/ 7.http://winpcap.mirror.ethereal.com/install/default.htm

More Related