Operating Systems Securitysecuresw.dankook.ac.kr/ISS18-2/OSS/2018_OS_Se_1_Course_intro.pdf · Operating Systems Security (524870) Computer Security & OS Lab Dept. of Software Science,

Operating Systems Security(524870)

Operating Systems Security(524870)

Computer Security & OS LabDept. of Software Science, DKU

Cho, Seong-je (조성제)

Fall, 2018

sjcho at dankook.ac.kr

– 2 – 524870, F’18Computer Security & OS Lab.

Teaching Teaml Instructor

n Prof. Cho, Seong-je (조성제 교수)l Room 510, SW·ICT Halll Computer Security & OS Lab.

Dept. of Software Science, Dankook Univ.l Faculty advisor of the Aegis, Information Security Clubl Email) sjcho at dankook.ac.kr l http://SecureSW.dankook.ac.kr

» Lecture notes, Exam schedule, Assignments

l TAn Jaemin Jung & Minjae Park (정재민 & 박민재)

l Room 504/505, Media center building

What is Operating Systems?

What is Computer Security?Which types of threats are there?

– 4 – 524870, F’18

What is Computer Security?l Allow intended use of computer systems

l Prevent unintended use that may cause harm

l Protect information and systems from security threatsn Protect computing resources and system assets from security threats

※ Security threats: STRIDE

Computer Security & OS Lab.

– 5 – 524870, F’18

Operating Systems & Securityl Threats / Attacks

n Password cracking for root IDn Bootkit, Rootkit, keylogger, backdoor, …n Privilege Escalation Attacks (User à Super user)

l Buffer overflows, Frame Pointer overwrite attack, Ret2Libc, ROPl Android rooting, iOS jailbreaking

n Race condition vulnerabilitiesn DLL injection, GOT overwrite, …

l Defensesn Secure boot, Measured boot, …n Stack Guard (Canary), Stack Shield, NX bit, DEP, PAX/ExecShield, ASLRn SELinux/SEAndroid, AppArmor, SMACK, TOMOYO, grsecurity, …n Sandbox, Trusted Execution Environment (TEE), Secure OS, …n Audit log, Computer forensics, …


Learn About Security

Make a Difference

What is This Class About?What is This Class About?

– 7 – 524870, F’18

Topics Covered in Intro to SW Security, Spring Semester, 2018

l Basic security threats and propertiesn Microsoft STRIDE vs. CIA Triad

l Primary concepts for Cryptographyn Symmetric Cryptography vs. Public-key Cryptographyn Cryptographic Hash Functions

l C secure coding overviewn BoF overview, Integer overflow, Format string overview

l Malware analysis, Reverse Engineeringl Web Security: SQL injection

l Malwaren Backdoor, Logic bomb, Viruses, Worms

l Network security basicsn Sniffing, Spoofing, Firewall, DDoS attacks


– 8 – 524870, F’18

Possible Topics Covered in Class of this Semester

l Basic system security attacks and defensen Authentication, Password cracking, Loggingn Buffer overflow, Ret2Libc, ROP ↔ Stack canary, LibSafe, ASLR, Guard page

l Privilege escalation, Code injection attacks, Code reuse attacksl Control flow hijacking ↔ Control flow integrity (CFI)

l Linux Security Framework / Access Controln Access control (DAC/MAC/RBAC)

l Multilevel Security (MLS), Type Enforcement (TE)n SELinux, SMACK, AppArmor, grsecurity, …

l Malware / Rootingn Keylogger, Backdoor, Rootkitsn Android rooting

l Other OS securityn Command injection, DLL injection, Hookingn Race condition, PLT/GOT overwriten Sandbox, Virtualization


– 9 – 524870, F’18

Course Formatl Lecture: 15 weeks (including midterm/final exam)

n Lecture + Practical exercise (roughly 70:30)

n Midterm exam: Oct. 30 or Nov. 5 Final exam: Dec. 11 ~ Dec. 17

l Students can get extra credit (or bonus points)n Presentation about recent security issues

l E.g.: Android/iOS Security, Tizen Security, …n Reporting after a field trip to an expon Technical report including hands-on experience (practical exercises)

in current systems


– 10 – 524870, F’18

Assignments and Labsl Tentative plan

n Two types of homeworkl 2~4 Labs + Team-based term project

l Usually 2-3 weeks long

l Lab & Team-based term projectn Lab environment: TOAST Cloud, or Linuxn Term project: will be done in groups of 3~4 (Pick partners soon!)

l Expected Assignment/Labn PLT/GOT overwrite, ROP, DLL injectionn Android malware analysis (Reverse engineering)n Rootkit (Hooking), Rooting detection, Network securityn Comparison of SELinux, AppArmor, and SMACK


– 11 – 524870, F’18

Gradingl Coursework will consist of homeworks and a midterm exam,

and a comprehensive final exam. l The overall grade will be determined as follows:

n 35% from the midterm examn 35% from the final examn 10% from assignmentsn 10% from lab, presentations & discussions (Technical Reports)n 10% from attendance and participation

l “A/B/C/D/F” Grading systemsn Grade percentage can be variablen Only 10% to 20% of all students may receive grade ‘A’


– 12 – 524870, F’18

Cheating policyl Performance must be 100% individual effort on all exams, that is, no

collaboration is allowed on exams. Any collaboration or copying will be considered cheating.

l Group work on lab is permitted, but each student must list his or her collaborators in writing for each problem, using a phrase like "In collaboration with Gildong Hong...". If a student turns in a solution without listing the others who helped produce this solution, this act will be considered cheating (for it is plagiarism).

l Late homework assignments will not be accepted without a medical or other life-emergency excuse.

l Students caught cheating will be given a zero on the homework or exam in question and have a letter filed with their associate dean for academic affairs.


– 13 – 524870, F’18

Cheating policy & Course Requirements l No cheating

n What is cheating?l Sharing code: either by copying, retyping, looking at, or supplying a copy

of a file.n What is NOT cheating?

l Helping others use systems or tools.l Helping others with high-level design issues.l Helping others debug their code.

n Penalty for cheating: F grade

l Active class participationn Questionn Presentation & Discussionn Feedback

l Read newspapers including “보안뉴스” ( http://www.boannews.com/ )


– 14 – 524870, F’18

Textbookl William Stallings and Lawrie Brown, Computer Security: Principles and

Practice, 2/E or 3/E, Prentice Hall, 2011/2014, Pearson’ International Editionn http://williamstallings.com/ComputerSecurity/n http://www.pearsonhighered.com/educator/academic/product/1,,0132775069,00.htmln http://www.pearsonhighered.com/educator/product/Computer-Security-Principles-and-

Practice/9780133773927.page


– 15 – 524870, F’18

Contents of TextChap.1: OverviewPart I: Computer Security Technology and PrinciplesChap. 2: Cryptographic ToolsChap. 3: User AuthenticationChap. 4: Access ControlChap. 5: Database & Cloud SecurityChap. 6: Malicious SoftwareChap. 7: Denial-of-Service AttacksChap. 8: Intrusion DetectionChap. 9: Firewalls and IPSPart II: SW Security and Trusted SystemsChap. 10: Buffer OverflowChap. 11: Software SecurityChap. 12: OS SecurityChap. 13: Trusted Computing and Multilevel Security


Part III: Management IssuesChap.14: Security Management and RAChap. 15: Security Controls, Plans, and ProcChap. 16: Physical & Infrastructure SecChap. 17: Human Resource SecurityChap. 18: Security AuditingChap. 19: Legal & Ethical AspectsPart IV: Cryptographic AlgorithmsChap. 20: Symmetric Encryption and Message ConfidentialityChap. 21: Public-key Cryptography & Message AuthenticationPart V: Network SecurityChap. 22: Internet Security Protocols and StandardsChap. 23: Internet Authentication ApplicationsChap. 24: Wireless Network Security

– 16 – 524870, F’18Computer Security & OS Lab.

Tentative Schedule (subject to change)

l Week 1: Course introduction, Threats, Overview of OS & Securityl Week 2: User authentication, Password crackingl Week 3: Buffer overflow, Privilege Escalation, BoF exercise

l Stack overflow / Heap overflow / Data overflow

l Week 4: Buffer overflow attack, BoF exercisel Week 5: Defense of BoF attacks: ASLR, Guard page, Ret2Libc, PLT/GOT overwritel Week 6: Race conditions, Return Oriented Programming (ROP)l Week 7: Defenses against control flow hijacking, Examples for term projectl Week 8: Midterm examl Week 9: Access control: DAC, SetUID program, RUID/EUIDl Week 10: Access control: MAC, Privilege escalation, SELinux overviewl Week 11: Access control: RBAC, SELinux TE & RBAC & MLSl Week 12: Malware (Keylogger, Backdoor) l Week 13: Malware (Rootkit, …), Rooting, Practical exercise for malwarel Week 14: Injection (Command, DLL), Trusted OS, Presentationl Week 15: Final exam, Presentation

– 17 – 524870, F’18

Tentative schedule


Week Lecture Hands-on Exercise(s)1 Introduction

Password cracking2 User authentication 3 Buffer Overflow (BoF)

LoB (Lord of Buffer overflow)4 Buffer overflow attacks5 Defense for Buffer overflow, Ret2Libc PLT/GOT overwrite6 Race condition & ROP Race condition or ROP7 Defenses against control flow hijacking8 Mid-term exam9 Discretionary Access Control (DAC)

SELinux (basic commands, user addition, policy insertion & change)10 Mandatory Access Control (MAC)

11 Role-based Access Control (RBAC)12 Malware (keylogger, Backdoor)13 Malware (Rootkit), Android rooting TiwelRoot v3.0 APK14 Injection, Smartphone security issues Android library injection15 Final exam

– 18 – 524870, F’18

Reference 1 (Table of Contents)Information Security: Principles and Practice, 2nd edition by Mark Stamp, Wiley, 2011

n http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470626399,miniSiteCd-BSG.htmln http://onlinelibrary.wiley.com/book/10.1002/9781118027974n You can find out online chapters and appendices are available

l Introductionl Chapter 1: Introduction

l CrytoChapter 2: Crypto BasicsChapter 3: Symmetric Key Crypto Chapter 4: Public Key CryptoChapter 5: Hash Functions and

Other TopicsChapter 6: Advanced Cryptanalysis

l Access Control Chapter 7: AuthenticationChapter 8: Authorization

l ProtocolChapter 9: Simple Authentication ProtocolsChapter 10: Real-World Security Protocols

l SoftwareChapter 11: Software Flaws and MalwareChapter 12: Insecurity in SoftwareChapter 13: Operating Systems and Security


– 19 – 524870, F’18

Reference 2l M.T. Goodrich and R. Tamassia, Introduction to Computer Security,

Pearson’ International Edition (Addison-Wesley), 2011n http://www.securitybook.net/n http://www.ics.uci.edu/~goodrich/teach/ics8/syll.html n http://www.pearsonhighered.com/educator/product/Introduction-to-Computer-

Security/0321512944.page


– 20 – 524870, F’18

Contents of Textbook


International Edition Original Edition

Chap.1:

Chap.2:

Chap.3:

Chap.4:

Chap.5:

Chap.6:

Chap.7:

Chap.8:

Chap.9:

Chap.10:

Introduction

Cryptography

Operating Systems Security

Malicious Software

Network Security I

Network Security II

Browser Security

Physical Security

Security Models and Practice

Application Security

Introduction

Physical Security

Operating Systems Security

Malware

Network Security I

Network Security II

Web Security

Cryptography

Security Models and Practice

Distributed Application Security

– 21 – 524870, F’18

Reference 3l M.T. Goodrich and R. Tamassia, Introduction to Computer Security :

Pearson New International Edition (Addison-Wesley), 2013n http://catalogue.pearsoned.co.uk/educator/product/Introduction-to-Computer-

Security-Pearson-New-International-Edition/9781292025407.pagen ISBN-10: 1292025409 • ISBN-13: 9781292025407


– 22 – 524870, F’18

Other Referencesl crackmes.de - A great site for testing your reversing skills. Crackmes range from

Very Easy to Very Hard [1-9] for many Operating systems !n Reverser’s playground: www.crackmes.de

l tdhack.com - a lot of challenges including cryptographic riddles, hackmes and software applications to crack for both Windows and Linux. Polish and English languages are supported.n Hacking, cracking, wargames, cryptography

l Lord of the Rootn https://www.vulnhub.com/entry/lord-of-the-root-101,129/

n https://www.vulnhub.com/ https://research.g0blin.co.uk/lord-of-the-root-vulnhub-writeup/

l 양대일, 정보보안 개론과 실습: 시스템 해킹과 보안(개정판), 한빛미디어, 2011 http://hack.pe.kr/321


– 23 – 524870, F’18

Notice / Notificationl Be careful that only the attendee can download the

lecture notesn Copyright of all lecture notes should be protected

l Please do not distribute/upload the lecture notes (PDF slides) via the Internet, blog, usb, email, …n We are strictly prohibited from distributing the PPT/PDF

slides written by the authors of textbooks


Everyone is invited, regardless of skillEveryone is invited, regardless of skillContact: Cho, Seong-je <sjcho at dankook.ac.kr>

orVisit: http://securesw.dankook.ac.kr


We need great diligence and effort. Every effort makes the next effort easier and more enjoyable

– 25 – 524870, F’18

A Key Comment

• Do not try attacks at home or school!• Our goal is to educate so you can defend, not attack


– 26 – 524870, F’18

Summaryl Prerequisites

n C language, Computer architecturen System programming (Debugging)

l Related coursesn Introduction to SW Securityn Introduction to operating systems, Computer networks

l http://securesw.dankook.ac.kr


– 27 – 524870, F’18

Any questions?l Hardships, The way of suffering

n Diligence, An unremitting effort, Sincerity, Passion---------------------------------------------------------------------

l Expert, Specialist

l Black hat vs. White hat


Documents

Operating Systems Securitysecuresw.dankook.ac.kr/ISS18-2/OSS/2018_OS_Se_1_Course_intro.pdf · Operating Systems Security (524870) Computer Security & OS Lab Dept. of Software Science,