seed a suite of instructional laboratories for computer se curity ed ucation l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation PowerPoint Presentation
Download Presentation
SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation

Loading in 2 Seconds...

play fullscreen
1 / 29

SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation - PowerPoint PPT Presentation


  • 555 Views
  • Uploaded on

SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation. Wenliang (Kevin) Du Department of Electrical Engineering & Computer Science Syracuse University Email: wedu@ecs.syr.edu URL: http://www.cis.syr.edu/~wedu/seed/. Objectives.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Department of Electrical Engineering & Computer Science Syracuse University Email: wedu@ecs.syr.edu URL: http://www.cis.syr.edu/~wedu/seed/ Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    2. Objectives • Improve experiential learning in computer security education • Develop effective security-related labs (or course projects) • Targeting both security and non-security courses. Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    3. Overview • Philosophies behind our approach • Lab environment • The design of SEED labs • Overview of the labs (about 20) • Discussions Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    4. About SEED Project • Funded by the NSF CCLI Program • Phase I ($75K) was funded in 2002 • Phase II ($450K) was funded in 2007 • Four universities are main partners. • Several more universities are using. • Web page for all the developed labs • http://www.cis.syr.edu/~wedu/seed/ Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    5. Philosophy #1 • Computer security education should focus on both the fundamental security principles and security-practice skills. • Principles: A wide spectrum. • Skills: designing, programming, testing, analyzing, innovating, and applying. • Focused and comprehensive labs Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    6. Philosophy #2 • Computer security education should be integrated into many other courses, including Operating Systems, Networking, Computer Architecture, Compilers, Software Engineering, etc. Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    7. A Generic Environment • Use for most of the labs: • Learning a new environment is not easy • Not too expensive: • Most schools do not have budget for this Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    8. Finding a System • A system that can be used to demonstrate a variety of security principles. • Interesting: can motivate students • Meaningful: not a toy • Manageable: doesn’t take months to understand What can be more comprehensive than operating systems? Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    9. A Unified Lab Environment Labs Minix Linux Virtual Machine (e.g. vmware) Host OS (Windows, Linux, etc.) Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    10. Cost of Environment • Software cost • vmware is free for academic use • Minix and Linux are open-source and free • Hardware cost • Use student’s personal computer: • At least 1.5GB RAM, the more the better • Use a general computer lab • Administrator: install vmware • Students: buy a portable hard drive (> 6 G) Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    11. Laboratories • Three types of labs • Design/Implementation Labs • Exploration Labs • Vulnerability/Attack Labs • They cover different sets of skills • The time needed for these labs varies (1 week to 6 weeks) Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    12. Design/Implementation Labs Design/Implementation Labs Minix Virtual Machine (e.g. vmware) Objectives: to build and integrate security mechanisms in systems, and to apply security principles in system building. Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    13. Design Labs Minix OS Existing Components Students’ Tasks • Properties of this design: • Focused on targeted principles • Each lab takes 2-6 weeks • Difficulties can be adjusted Capability Encrypted File System Sandbox MAC System Randomization RBAC Access Control List IPSec Firewall IDS Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    14. Lab Development • Learning objectives • The principles covered by each lab • Simplification of the system • Multi-year project  Few weeks • Self-contained • Not over-simplified • Reduce non-security critical tasks • Simplification • Develop supporting materials Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    15. Exploration Labs Exploration Labs Minix Linux Virtual Machine (e.g. vmware) Objectives: to explore how security mechanisms work, and to apply security principles in evaluating those mechanisms. Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    16. Exploration Labs Minix/Linux OS “tour” Other Components Security Component • Guided Tour: • Small experiments • Guided activities • Interact with security components • Observe • Explain the observations Set-UID PAM: Pluggable Authentication Module Intel 80x86 Protection Mode Reference Monitor SYN Cookie All the design labs can be transformed to exploration labs Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    17. Vulnerability/Attack Labs Vulnerability/Attack Labs Minix Linux Virtual Machine (e.g. vmware) Objectives: to learn from mistakes, to see how a flaw leads to security breaches, to carry out real attacks in the lab environment, and to apply security principles in defense. Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    18. Vulnerability/Attack Labs Real-World Vulnerabilities • Students’ Tasks: • Find out those vulnerabilities • Exploit the vulnerabilities • Fix the vulnerabilities • 4. Design countermeasures Fault Injection Linux/Minix OS User Space Kernel Space Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    19. Buffer-overflow Lab Return-to-libc Attack Lab Race-condition Lab Format-string Lab Sandbox(chroot)Lab Attack Lab on TCP/IP Attack Lab on DNS (Pharming Attacks) Cross-Site Scripting Lab SQL injection attack Lab Set-UID vulnerability Lab Lab on various OS kernel vulnerabilities Vulnerability Laboratories Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    20. Our 2nd Philosophy • Computer security education should be integrated into many other courses, including Operating Systems, Networking, Computer Architecture, Compilers, Software Engineering, etc. Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    21. Examples for Operating Systems • File Systems • Encrypted File System (EFS) Lab • Access Control • Capability Lab • RBAC (Role-Based Access Control) Lab: demo • Memory Management • Memory Randomization Lab • Privilege Escalation • Set-UID Lab • Privilege Restriction • Chroot Sandboxing Lab • Set-RandomUID Sandboxing Lab Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    22. OS (continued) • Enhancing OS to protect against attacks on vulnerable programs. • Buffer-overflow Lab: demo • Format-string Lab • Race condition Lab • Sandbox Lab Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    23. Networking • TCP/IP Protocols: • TCP/IP attack Labs (e.g. SYN flooding, TCP RST attacks, TCP session hijacking, Port scanning) • SYN-Cookie Labs (defend against DOS attacks) • DNS Protocol • Pharming Attacks Labs • IP Routing: • IPSec/VPN Labs • Firewall Labs Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    24. For Other Courses • Computer Architecture • 80386 Protection Mode Lab • Compilers • Return-to-libc lab (how stack works) • Software Engineering • Capability, RBAC labs (requirement analysis, design architecture, testing) Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    25. Web Programming • Hardening systems to defeat attacks on web applications. • SQL Injection • XSS Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    26. Evaluation • Survey-based evaluation • Anonymous survey after each lab • Group interview (by a specialist) each semester • Student feedbacks • Interview experiences • Job experiences • Peer reviews • Publications • Interviews Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    27. Experience • Developed 20 Labs during the last 6 years • Used in 3 courses at Syracuse University • One senior-level and two graduate-level • Also used by several other universities • Including non-secure courses. • The results are very encouraging • Evaluation results can be found in our published papers and web sites. Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    28. Discussion Topics • Ideas of labs for various courses • Dissemination • We need to get others to use the labs, how? • Reach out to our own community. • A barrier: interested use Secure Coding Faculty Workshop, April 14-15, Orlando, FL

    29. Initiative: Open-source Library of Labs • Hosting and Coordinating • Organizers and Industry/NSF sponsors • Contributing mechanisms • Portal or repository • Categorization mechanisms • By courses, topics, principles, difficulties, book chapters • Feedback mechanism • Anonymous comments, endorsements by employers • # of downloads • Discussion Forums Secure Coding Faculty Workshop, April 14-15, Orlando, FL