COMPUTER SECURITY MIDTERM REVIEWCS161 University of California BerkeleyApril 4, 2012

Midterm Announcements

Wednesday April 11 in class No cheat sheetMaterial1. Video Lectures “Control hijacking attacks and

defense(I)" until "Cross Site Scripting (31 min) (Due Apr 3)".

2. Labs 1-43. Required in-class lectures

1. Mobile Security2. Program Analysis & Verification

4. Required crypto notes

Survey!

Please fill out the surveys which we sent out over break!

These help us improve the class.

CONTROL HIJACKING

Control Hijacking Attacks

Buffer Overflows Heap Overflows

Double Free Function Pointer Clobbering Arc Injection Format Strings

Control Hijacking Defenses

Stack Canaries Address Randomization Executable Space Protection (W xor X) JMP target verification Return address stack

ISOLATION AND LEAST PRIVILEGE

Isolation and Least Privilege

chroot Reference Monitor Software Fault Isolation Virtual Machines Process Isolation

Capabilities Access Control Principle of Least Privilege Confinement Principle

MOBILE COMPUTING

Mobile Computing

iOS/Android/Windows phone 7 security models Isolation Privilege management

FUZZING AND PROGRAM ANALYSIS

Reasoning on programs

Preconditions Postconditions Loop invariants Memory allocation and memory safety

When/how are variables allocated in the heap/stack? When/how do access violations occur on read/write?

Corner cases Bitvector arithmetic Type casting Two’s complement representation of signed

variables

Program Analysis

Program analysis Soundness & Completeness of techniques

Symbolic execution and dynamic symbolic execution

Generate path conditions through SSA conversion Solving path constraints for input values Negation of branch conditions to go explore new paths merging branch conditions into path constraints in

purely static analysis Fuzzing

whitebox and blackbox

TRUSTED COMPUTING AND HARDWARE ISOLATION

Trusted Computing

Trusted Platform Module (TPM) Platform Configuration Registers

Virtual TPM Trusted Boot Dynamic Root of Trust BitLocker Windows 8 Secure Boot

CRYPTOGRAPHY

Cryptography

Symmetric and Asymmetric encryption and decryption

Message Authentication Codes Cryptographic hashes Digital signatures Understand what primitives are

important for a given scenario.

Cryptography

Integrity, authenticity, authorization, privacy.

Cryptographic hardness What is it? Where does it come from?

Certificates and certificate authorities RSA algorithm

WEB SECURITY

Know your threats!

Web attacker Control malicious site, which we may call

“attacker.com” Can obtain SSL/TLS certificate for attacker.com User visits attacker.com

Or: runs attacker’s Facebook app, site with attack ad, …

Network attacker Passive: Wireless eavesdropper Active: Evil router, DNS poisoning

Malware attacker Attacker escapes browser isolation mechanisms

and run separately under control of OS

Browser Operation

Understand the basics of how the browser works Protocols, rendering, frames, etc.

Inter-domain communication

Browser isolation policies Same Origin Policy

Web Session Management

How are sessions represented?

Cookies store session tokens

Unpredictability, randomness

Web Application Security

Know your injections Command

Executing system code SQL

Executing database queries XSS

Executing scripts in a browser as another web site

Note: No CSRF