View
212
Download
0
Category
Preview:
Citation preview
Final Exam Review
Common Attack Techniques
• Stack overflow– Basic version– Advanced versions
• Mitigations– Canary– W^X page– ASLR
Quiz
• Which one of the mitigations can be circumvented by the advanced version of stack overflow?
A. Canary B. W^X C. ASLR 1. indirect jump 2. return into libc3. ROP
Basic Cryptography
• Four primitives– Cryptographic hash– Symmetric encryption– Asymmetric encryption– Digital signature
Quiz
• Which property of cryptographic hash ensures that if password hash matches the one stored on the system, the password is the correct one?
• Which property of cryptographic hash ensures that the stored hash does not jeopardize the secrecy of passwords
Authentication
• Password-based authentication– How is authentication state stored– How is verification done– Attacks and mitigation
Quiz
• Adversary obtains authentication state from the system and conduct brute-force attacks. If the authentication state is salted, would the attack be more difficult than if it is not?
Authentication Protocol
• Challenge-response– Why need it?
• Example ones using the various cryptographic primitives– MAC– Encryption– Digital signature
Quiz
• Using symmetric encryption for authentication. Alice sends m to Bob, Bob encrypts m using shared key K and send it back to Alice, Alice decrypts it and send Bob the plaintext. Bob verifies that the plaintext is the same as m.– Can Alice authenticates to Bob using this?
UNIX Protection Basics
• File system protection• Setuid
Quiz
• What is the security problem you can see?
-rwsr-xrwx 1 simon fac 13589 Jul 30 20:08 getscore
Secure Operating System
• Mandatory Access Control– Complete Mediation: all security-sensitive ops– Tamperproof: untrusted processes cannot modify
access enforcement system– Verifiable: small TCB
Concrete OS Examples
• SELinux– Only need to understand the basic protection
concept.– Policy language not required
• Android– Basic security architecture– Security problems
Security Models
• Bell LaPadula (Secrecy)
• Biba (Integrity)
Trusted Infrastructure
• TPM– Root of trust for storage– Root of trust for reporting– Root of trust for measurement*
• Measured boot
DNS Security
• DNS poisoning problem– How the attack is carried out– Consequence of a successful attack
• DNSSEC– Basic concepts– How this will address the insecurity problem of
DNS
Recommended