1 / 26

SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation

SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation. Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department of Electrical Engineering & Computer Science Syracuse University. Objectives. Improve experiential learning in computer security education

shing
Download Presentation

SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department of Electrical Engineering & Computer Science Syracuse University ACM SIGCSE'07

  2. Objectives • Improve experiential learning in computer security education • Undergraduate & Graduate • Develop effective labs (or course projects) for security courses • Evaluate the effectiveness of these labs ACM SIGCSE'07

  3. About SEED Project • Funded by the NSF CCLI Program • Phase I ($75K) was funded in 2002 • Phase II ($450K) was funded in 2007 • Four years of experience and development • Four universities involved • Web page for all the developed labs • http://www.cis.syr.edu/~wedu/seed/ ACM SIGCSE'07

  4. Teaching Philosophy • Computer security education should focus on: • fundamental security principles • Students should be given opportunities to experience, apply, tointegrate, and to experiment with these principles. ACM SIGCSE'07

  5. Labs Environment • One environment that supports all labs • Desired properties • Low cost • No physical lab space is needed: we focus on software security • Repeatable ACM SIGCSE'07

  6. Lab Environment Labs Minix Linux Virtual Machine (e.g. vmware) Host OS (Windows, Linux, etc.) ACM SIGCSE'07

  7. Instructional OS (Minix) • Widely used by many courses, e.g., Operating Systems, Networking, etc. • Advantage: • Real OS, not a toy program • Much smaller than production OS • Less secure than production OS • Easy to understand and modify • Disadvantage: • Lack of tools • Lack of advanced security features ACM SIGCSE'07

  8. Labs • Three types of Labs • Design/Implementation Labs • Exploration Labs • Vulnerability Labs ACM SIGCSE'07

  9. Design/Implementation Labs Design/Implementation Labs Minix Virtual Machine (e.g. vmware) ACM SIGCSE'07

  10. Design Labs Minix OS Existing Components Students’ Tasks • Properties of this design: • Focused on targeted principles • Each lab takes 2-6 weeks • Difficulties can be adjusted Capability Encrypted File System Sandbox MAC System Randomization RBAC Access Control List IPSec Firewall IDS ACM SIGCSE'07

  11. Exploration Labs Exploration Labs Minix Linux Virtual Machine (e.g. vmware) ACM SIGCSE'07

  12. Exploration Labs Minix/Linux OS “tour” Other Components Security Component • Guided Tour: • Small experiments • Guided activities • Interact with security components • Observe • Explain the observations Set-UID PAM: Pluggable Authentication Module Intel 80x86 Protection Mode Reference Monitor SYN Cookie All the design labs can be transformed to exploration labs ACM SIGCSE'07

  13. Vulnerability/Attack Labs Vulnerability/Attack Labs Minix Linux Virtual Machine (e.g. vmware) ACM SIGCSE'07

  14. Vulnerability/Attack Labs Real-World Vulnerabilities • Students’ Tasks: • Find out those vulnerabilities • Exploit the vulnerabilities • Fix the vulnerabilities • 4. Design countermeasures Fault Injection Linux/Minix OS User Space Kernel Space ACM SIGCSE'07

  15. Buffer-overflow Lab Race-condition Lab Format-string Lab Sandbox(chroot)Lab Attack Lab on TCP Attack Lab on ARP, IP, ICMP Attack Lab on DNS Integer overflow SQL injection attack Lab Set-UID vulnerability Lab Lab on various OS kernel vulnerabilities Vulnerability Laboratories ACM SIGCSE'07

  16. Example: Capability Lab (1) • Learning objectives: • Capability-based access control • Principle of least privilege • Reference monitor • Lab Tasks • 5 capabilities • Capability management functionalities (enabling, disabling, deleting, delegating, revoking capabilities) • Time: 4-6 weeks ACM SIGCSE'07

  17. Capability Lab (2) • An actual capability system is very complicated • Simplification: 5 capabilities (Solaris has 80) • CAP_READ, CAP_KILL, etc. • Supporting materials: • Identify time-consuming places • Analyze whether they are security relevant or not • If not, tell students how to do those ACM SIGCSE'07

  18. (Crypto + System) Labs • Encrypted File System Lab • Integrate crypto technologies with file systems • 4-5 weeks • Can also be used for Operating System course • IPSec Lab • Integrate crypto technologies with TCP/IP • 4-6 weeks • Can also be used for Networking course • Key management issues: key agreement, key storage, key update, etc. ACM SIGCSE'07

  19. Set-UID Exploration Lab • “Play” with the Set-UID mechanism in both Minix and Linux, and answer: • How is it implemented? • Why is it necessary? • Why is it dangerous? • How to make Set-UID programs more secure? • Why does Linux appear more secure than Minix against vulnerable Set-UID programs. ACM SIGCSE'07

  20. Buffer-Overflow Lab • Students are given: • A vulnerability program: stack.c • Shell code (binary code) • Partially implemented exploit program: exploit.c (shell code is also given) • Students need to: • Finish exploit.c • Construct a string that can be used to overflow the buffer in the vulnerable program • Invoke root shell. • Time: 1 week ACM SIGCSE'07

  21. Evaluation • Survey Questionnaires • The quality of lab design and supporting materials • Students’ perspective in the labs: • How interested they are • Whether the labs are worthwhile • Whether the labs spark their interests in security • Participants: 30 students on average ACM SIGCSE'07

  22. Evaluation Results (1) Survey: Your level of interest in this lab is high. A: Strongly disagree B: Disagree C: Neutral D: Agree E: Strongly agree Set-UID Lab Capability Lab IPSec Lab ACM SIGCSE'07

  23. Evaluation Results (2) Survey: The lab is a valuable part of this course. A: Strongly disagree B: Disagree C: Neutral D: Agree E: Strongly agree Set-UID Lab Capability Lab IPSec Lab ACM SIGCSE'07

  24. Evaluation Results (3) Survey: The lab sparks your interest in computer security. A: Strongly disagree B: Disagree C: Neutral D: Agree E: Strongly agree Set-UID Lab Capability Lab IPSec Lab ACM SIGCSE'07

  25. Summaries • SEED lab environment is low-cost, portable, easy to use • We have developed 15 labs • We have used them during the last 4 years • Some other universities are also using them • Anyone interested are free to use them • Evaluation results are encouraging ACM SIGCSE'07

  26. NSF CCLI Showcase • Time: 10:30 - 12:00 • Place: Exhibit Hall • I will handout hardcopies of all our labs • Project web site: • http://www.cis.syr.edu/~wedu/seed • or google: wedu seed ACM SIGCSE'07

More Related