1 / 16

CSC 386 – Computer Security

CSC 386 – Computer Security. Scott Heggen. Agenda. Introduction to Software Security. Software Security. What does it mean?. Security and Reliability. Security deals with intentional attacks Reliability deals with accidental failures

Download Presentation

CSC 386 – Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CSC 386 – Computer Security Scott Heggen

  2. Agenda • Introduction to Software Security

  3. Software Security • What does it mean?

  4. Security and Reliability • Security deals with intentional attacks • Reliability deals with accidental failures “It does not matter how many bugs there are, it matters how often they are triggered”.

  5. Bad Stuff • Malware • Computer virus • Worm • Trojan horse • Logic bomb

  6. Abstraction • When writing code, programmers use elementary concepts like character, variable, array, integer, data & program, address (resource locator), atomic transaction, … • These concepts have abstract meanings. • For example, integers are an infinite set with operations ‘add’, ‘multiply’, ‘less or equal’, … • To execute a program, we need concrete implementations of these concepts.

  7. Abstraction • What’s the benefit?

  8. Abstraction • What’s the danger? • Software security problems typically arise when the concrete implementation and the abstract intuition diverge. • Address (location) • Character • Integer • Variable (buffer overflows) • Double-linked list • Atomic transaction

  9. Address (Location) • An application wants to give users access only to files in directory C:/webfolder/kittens/. • Attack: use ../a few times to step up to root directory first; e.g. get password file with an input of: /../../../../etc/passwd. • Countermeasure: input validation, filter out ../

  10. Unicode Characters • UTF-8 encoding of Unicode characters [RFC 2279] • Multi-byte UTF-8 formats: a character has more than one representation • Example: “/” formatbinaryhex • 1 byte 0xxx xxxx 0010 1111 2F • 2 byte 110x xxxx 1100 0000 C0 10xx xxxx 1010 1111 AF • 3 byte 1110 xxxx 1110 0000 E0 10xx xxxx 1000 0000 80 10xx xxxx 1010 1111 AF

  11. Unicode Bug • Microsoft IIS Server • Attacker accesses server via a URL of: {IPaddress}/scripts/..%c0%af../winnt/system32/ • Would get translated to: {IPaddress}/scripts/../../winnt/system32/ • Which would access this directory on the server: C:\winnt\system32 • IIS did not filter illegal Unicode representations using multi-byte UTF-8 formats for single byte characters.

  12. Unix rLogin Remote login Local login • Unix login command: • login [[-p] [-h<host>] [[-f]<user>] • -f option “forces” log in: user is not asked for password • Unix rlogin command for remote login: • rlogin [-l<user>] <machine> • The rlogin daemon sends a login request for <user> to <machine> • Attack (some versions of Linux, AIX): • % rlogin -l -froot <machine> • Results in forced login as root at the designated machine • % login -froot <machine> login –hmyserver –fheggens rlogin –lheggensmyserver

  13. Unix rLogin • Problem: Composition of two commands. • Each command on its own is not vulnerable. • However, rlogin does not check whether the “username” has special properties when passed to login.

  14. Integer Error • What will happen here? inti = 1; while (i > 0) { i = i * 2; }

  15. Integer Math • Unsigned 8-bit integers 255 + 1 = 0 16  17 = 16 0 – 1 = 255 • Signed 8-bit integers 127 + 1 = -128 -128/-1 = -1

  16. Next Class • Midterm Course Evaluation with Dr. Jadud • Quiz 3: Software Security Basics (Wednesday) • Read Chapter 10 • Understand the 6 types of abstractions: • Address (location) • Character • Integer • Variable (buffer overflows) • Double-linked list • Atomic transaction

More Related