View
5
Download
0
Category
Preview:
Citation preview
Operating Systems Security(524870)
Operating Systems Security(524870)
Computer Security & OS LabDept. of Software Science, DKU
Cho, Seong-je (조성제)
Fall, 2018
sjcho at dankook.ac.kr
– 2 – 524870, F’18Computer Security & OS Lab.
Teaching Teaml Instructor
n Prof. Cho, Seong-je (조성제 교수)l Room 510, SW·ICT Halll Computer Security & OS Lab.
Dept. of Software Science, Dankook Univ.l Faculty advisor of the Aegis, Information Security Clubl Email) sjcho at dankook.ac.kr l http://SecureSW.dankook.ac.kr
» Lecture notes, Exam schedule, Assignments
l TAn Jaemin Jung & Minjae Park (정재민 & 박민재)
l Room 504/505, Media center building
What is Operating Systems?
What is Computer Security?Which types of threats are there?
– 4 – 524870, F’18
What is Computer Security?l Allow intended use of computer systems
l Prevent unintended use that may cause harm
l Protect information and systems from security threatsn Protect computing resources and system assets from security threats
※ Security threats: STRIDE
Computer Security & OS Lab.
– 5 – 524870, F’18
Operating Systems & Securityl Threats / Attacks
n Password cracking for root IDn Bootkit, Rootkit, keylogger, backdoor, …n Privilege Escalation Attacks (User à Super user)
l Buffer overflows, Frame Pointer overwrite attack, Ret2Libc, ROPl Android rooting, iOS jailbreaking
n Race condition vulnerabilitiesn DLL injection, GOT overwrite, …
l Defensesn Secure boot, Measured boot, …n Stack Guard (Canary), Stack Shield, NX bit, DEP, PAX/ExecShield, ASLRn SELinux/SEAndroid, AppArmor, SMACK, TOMOYO, grsecurity, …n Sandbox, Trusted Execution Environment (TEE), Secure OS, …n Audit log, Computer forensics, …
Computer Security & OS Lab.
Learn About Security
Make a Difference
What is This Class About?What is This Class About?
– 7 – 524870, F’18
Topics Covered in Intro to SW Security, Spring Semester, 2018
l Basic security threats and propertiesn Microsoft STRIDE vs. CIA Triad
l Primary concepts for Cryptographyn Symmetric Cryptography vs. Public-key Cryptographyn Cryptographic Hash Functions
l C secure coding overviewn BoF overview, Integer overflow, Format string overview
l Malware analysis, Reverse Engineeringl Web Security: SQL injection
l Malwaren Backdoor, Logic bomb, Viruses, Worms
l Network security basicsn Sniffing, Spoofing, Firewall, DDoS attacks
Computer Security & OS Lab.
– 8 – 524870, F’18
Possible Topics Covered in Class of this Semester
l Basic system security attacks and defensen Authentication, Password cracking, Loggingn Buffer overflow, Ret2Libc, ROP ↔ Stack canary, LibSafe, ASLR, Guard page
l Privilege escalation, Code injection attacks, Code reuse attacksl Control flow hijacking ↔ Control flow integrity (CFI)
l Linux Security Framework / Access Controln Access control (DAC/MAC/RBAC)
l Multilevel Security (MLS), Type Enforcement (TE)n SELinux, SMACK, AppArmor, grsecurity, …
l Malware / Rootingn Keylogger, Backdoor, Rootkitsn Android rooting
l Other OS securityn Command injection, DLL injection, Hookingn Race condition, PLT/GOT overwriten Sandbox, Virtualization
Computer Security & OS Lab.
– 9 – 524870, F’18
Course Formatl Lecture: 15 weeks (including midterm/final exam)
n Lecture + Practical exercise (roughly 70:30)
n Midterm exam: Oct. 30 or Nov. 5 Final exam: Dec. 11 ~ Dec. 17
l Students can get extra credit (or bonus points)n Presentation about recent security issues
l E.g.: Android/iOS Security, Tizen Security, …n Reporting after a field trip to an expon Technical report including hands-on experience (practical exercises)
in current systems
Computer Security & OS Lab.
– 10 – 524870, F’18
Assignments and Labsl Tentative plan
n Two types of homeworkl 2~4 Labs + Team-based term project
l Usually 2-3 weeks long
l Lab & Team-based term projectn Lab environment: TOAST Cloud, or Linuxn Term project: will be done in groups of 3~4 (Pick partners soon!)
l Expected Assignment/Labn PLT/GOT overwrite, ROP, DLL injectionn Android malware analysis (Reverse engineering)n Rootkit (Hooking), Rooting detection, Network securityn Comparison of SELinux, AppArmor, and SMACK
Computer Security & OS Lab.
– 11 – 524870, F’18
Gradingl Coursework will consist of homeworks and a midterm exam,
and a comprehensive final exam. l The overall grade will be determined as follows:
n 35% from the midterm examn 35% from the final examn 10% from assignmentsn 10% from lab, presentations & discussions (Technical Reports)n 10% from attendance and participation
l “A/B/C/D/F” Grading systemsn Grade percentage can be variablen Only 10% to 20% of all students may receive grade ‘A’
Computer Security & OS Lab.
– 12 – 524870, F’18
Cheating policyl Performance must be 100% individual effort on all exams, that is, no
collaboration is allowed on exams. Any collaboration or copying will be considered cheating.
l Group work on lab is permitted, but each student must list his or her collaborators in writing for each problem, using a phrase like "In collaboration with Gildong Hong...". If a student turns in a solution without listing the others who helped produce this solution, this act will be considered cheating (for it is plagiarism).
l Late homework assignments will not be accepted without a medical or other life-emergency excuse.
l Students caught cheating will be given a zero on the homework or exam in question and have a letter filed with their associate dean for academic affairs.
Computer Security & OS Lab.
– 13 – 524870, F’18
Cheating policy & Course Requirements l No cheating
n What is cheating?l Sharing code: either by copying, retyping, looking at, or supplying a copy
of a file.n What is NOT cheating?
l Helping others use systems or tools.l Helping others with high-level design issues.l Helping others debug their code.
n Penalty for cheating: F grade
l Active class participationn Questionn Presentation & Discussionn Feedback
l Read newspapers including “보안뉴스” ( http://www.boannews.com/ )
Computer Security & OS Lab.
– 14 – 524870, F’18
Textbookl William Stallings and Lawrie Brown, Computer Security: Principles and
Practice, 2/E or 3/E, Prentice Hall, 2011/2014, Pearson’ International Editionn http://williamstallings.com/ComputerSecurity/n http://www.pearsonhighered.com/educator/academic/product/1,,0132775069,00.htmln http://www.pearsonhighered.com/educator/product/Computer-Security-Principles-and-
Practice/9780133773927.page
Computer Security & OS Lab.
– 15 – 524870, F’18
Contents of TextChap.1: OverviewPart I: Computer Security Technology and PrinciplesChap. 2: Cryptographic ToolsChap. 3: User AuthenticationChap. 4: Access ControlChap. 5: Database & Cloud SecurityChap. 6: Malicious SoftwareChap. 7: Denial-of-Service AttacksChap. 8: Intrusion DetectionChap. 9: Firewalls and IPSPart II: SW Security and Trusted SystemsChap. 10: Buffer OverflowChap. 11: Software SecurityChap. 12: OS SecurityChap. 13: Trusted Computing and Multilevel Security
Computer Security & OS Lab.
Part III: Management IssuesChap.14: Security Management and RAChap. 15: Security Controls, Plans, and ProcChap. 16: Physical & Infrastructure SecChap. 17: Human Resource SecurityChap. 18: Security AuditingChap. 19: Legal & Ethical AspectsPart IV: Cryptographic AlgorithmsChap. 20: Symmetric Encryption and Message ConfidentialityChap. 21: Public-key Cryptography & Message AuthenticationPart V: Network SecurityChap. 22: Internet Security Protocols and StandardsChap. 23: Internet Authentication ApplicationsChap. 24: Wireless Network Security
– 16 – 524870, F’18Computer Security & OS Lab.
Tentative Schedule (subject to change)
l Week 1: Course introduction, Threats, Overview of OS & Securityl Week 2: User authentication, Password crackingl Week 3: Buffer overflow, Privilege Escalation, BoF exercise
l Stack overflow / Heap overflow / Data overflow
l Week 4: Buffer overflow attack, BoF exercisel Week 5: Defense of BoF attacks: ASLR, Guard page, Ret2Libc, PLT/GOT overwritel Week 6: Race conditions, Return Oriented Programming (ROP)l Week 7: Defenses against control flow hijacking, Examples for term projectl Week 8: Midterm examl Week 9: Access control: DAC, SetUID program, RUID/EUIDl Week 10: Access control: MAC, Privilege escalation, SELinux overviewl Week 11: Access control: RBAC, SELinux TE & RBAC & MLSl Week 12: Malware (Keylogger, Backdoor) l Week 13: Malware (Rootkit, …), Rooting, Practical exercise for malwarel Week 14: Injection (Command, DLL), Trusted OS, Presentationl Week 15: Final exam, Presentation
– 17 – 524870, F’18
Tentative schedule
Computer Security & OS Lab.
Week Lecture Hands-on Exercise(s)1 Introduction
Password cracking2 User authentication 3 Buffer Overflow (BoF)
LoB (Lord of Buffer overflow)4 Buffer overflow attacks5 Defense for Buffer overflow, Ret2Libc PLT/GOT overwrite6 Race condition & ROP Race condition or ROP7 Defenses against control flow hijacking8 Mid-term exam9 Discretionary Access Control (DAC)
SELinux (basic commands, user addition, policy insertion & change)10 Mandatory Access Control (MAC)
11 Role-based Access Control (RBAC)12 Malware (keylogger, Backdoor)13 Malware (Rootkit), Android rooting TiwelRoot v3.0 APK14 Injection, Smartphone security issues Android library injection15 Final exam
– 18 – 524870, F’18
Reference 1 (Table of Contents)Information Security: Principles and Practice, 2nd edition by Mark Stamp, Wiley, 2011
n http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470626399,miniSiteCd-BSG.htmln http://onlinelibrary.wiley.com/book/10.1002/9781118027974n You can find out online chapters and appendices are available
l Introductionl Chapter 1: Introduction
l CrytoChapter 2: Crypto BasicsChapter 3: Symmetric Key Crypto Chapter 4: Public Key CryptoChapter 5: Hash Functions and
Other TopicsChapter 6: Advanced Cryptanalysis
l Access Control Chapter 7: AuthenticationChapter 8: Authorization
l ProtocolChapter 9: Simple Authentication ProtocolsChapter 10: Real-World Security Protocols
l SoftwareChapter 11: Software Flaws and MalwareChapter 12: Insecurity in SoftwareChapter 13: Operating Systems and Security
Computer Security & OS Lab.
– 19 – 524870, F’18
Reference 2l M.T. Goodrich and R. Tamassia, Introduction to Computer Security,
Pearson’ International Edition (Addison-Wesley), 2011n http://www.securitybook.net/n http://www.ics.uci.edu/~goodrich/teach/ics8/syll.html n http://www.pearsonhighered.com/educator/product/Introduction-to-Computer-
Security/0321512944.page
Computer Security & OS Lab.
– 20 – 524870, F’18
Contents of Textbook
Computer Security & OS Lab.
International Edition Original Edition
Chap.1:
Chap.2:
Chap.3:
Chap.4:
Chap.5:
Chap.6:
Chap.7:
Chap.8:
Chap.9:
Chap.10:
Introduction
Cryptography
Operating Systems Security
Malicious Software
Network Security I
Network Security II
Browser Security
Physical Security
Security Models and Practice
Application Security
Introduction
Physical Security
Operating Systems Security
Malware
Network Security I
Network Security II
Web Security
Cryptography
Security Models and Practice
Distributed Application Security
– 21 – 524870, F’18
Reference 3l M.T. Goodrich and R. Tamassia, Introduction to Computer Security :
Pearson New International Edition (Addison-Wesley), 2013n http://catalogue.pearsoned.co.uk/educator/product/Introduction-to-Computer-
Security-Pearson-New-International-Edition/9781292025407.pagen ISBN-10: 1292025409 • ISBN-13: 9781292025407
Computer Security & OS Lab.
– 22 – 524870, F’18
Other Referencesl crackmes.de - A great site for testing your reversing skills. Crackmes range from
Very Easy to Very Hard [1-9] for many Operating systems !n Reverser’s playground: www.crackmes.de
l tdhack.com - a lot of challenges including cryptographic riddles, hackmes and software applications to crack for both Windows and Linux. Polish and English languages are supported.n Hacking, cracking, wargames, cryptography
l Lord of the Rootn https://www.vulnhub.com/entry/lord-of-the-root-101,129/
n https://www.vulnhub.com/ https://research.g0blin.co.uk/lord-of-the-root-vulnhub-writeup/
l 양대일, 정보보안 개론과 실습: 시스템 해킹과 보안(개정판), 한빛미디어, 2011 http://hack.pe.kr/321
Computer Security & OS Lab.
– 23 – 524870, F’18
Notice / Notificationl Be careful that only the attendee can download the
lecture notesn Copyright of all lecture notes should be protected
l Please do not distribute/upload the lecture notes (PDF slides) via the Internet, blog, usb, email, …n We are strictly prohibited from distributing the PPT/PDF
slides written by the authors of textbooks
Computer Security & OS Lab.
Everyone is invited, regardless of skillEveryone is invited, regardless of skillContact: Cho, Seong-je <sjcho at dankook.ac.kr>
orVisit: http://securesw.dankook.ac.kr
Computer Security & OS Lab.
We need great diligence and effort. Every effort makes the next effort easier and more enjoyable
– 25 – 524870, F’18
A Key Comment
• Do not try attacks at home or school!• Our goal is to educate so you can defend, not attack
Computer Security & OS Lab.
– 26 – 524870, F’18
Summaryl Prerequisites
n C language, Computer architecturen System programming (Debugging)
l Related coursesn Introduction to SW Securityn Introduction to operating systems, Computer networks
l http://securesw.dankook.ac.kr
Computer Security & OS Lab.
– 27 – 524870, F’18
Any questions?l Hardships, The way of suffering
n Diligence, An unremitting effort, Sincerity, Passion---------------------------------------------------------------------
l Expert, Specialist
l Black hat vs. White hat
Computer Security & OS Lab.
Recommended