Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | myles-freeman |
View: | 217 times |
Download: | 1 times |
Midterm Announcements
Wednesday April 11 in class No cheat sheetMaterial1. Video Lectures “Control hijacking attacks and
defense(I)" until "Cross Site Scripting (31 min) (Due Apr 3)".
2. Labs 1-43. Required in-class lectures
1. Mobile Security2. Program Analysis & Verification
4. Required crypto notes
Control Hijacking Attacks
Buffer Overflows Heap Overflows
Double Free Function Pointer Clobbering Arc Injection Format Strings
Control Hijacking Defenses
Stack Canaries Address Randomization Executable Space Protection (W xor X) JMP target verification Return address stack
Isolation and Least Privilege
chroot Reference Monitor Software Fault Isolation Virtual Machines Process Isolation
Capabilities Access Control Principle of Least Privilege Confinement Principle
Reasoning on programs
Preconditions Postconditions Loop invariants Memory allocation and memory safety
When/how are variables allocated in the heap/stack? When/how do access violations occur on read/write?
Corner cases Bitvector arithmetic Type casting Two’s complement representation of signed
variables
Program Analysis
Program analysis Soundness & Completeness of techniques
Symbolic execution and dynamic symbolic execution
Generate path conditions through SSA conversion Solving path constraints for input values Negation of branch conditions to go explore new paths merging branch conditions into path constraints in
purely static analysis Fuzzing
whitebox and blackbox
Trusted Computing
Trusted Platform Module (TPM) Platform Configuration Registers
Virtual TPM Trusted Boot Dynamic Root of Trust BitLocker Windows 8 Secure Boot
Cryptography
Symmetric and Asymmetric encryption and decryption
Message Authentication Codes Cryptographic hashes Digital signatures Understand what primitives are
important for a given scenario.
Cryptography
Integrity, authenticity, authorization, privacy.
Cryptographic hardness What is it? Where does it come from?
Certificates and certificate authorities RSA algorithm
Know your threats!
Web attacker Control malicious site, which we may call
“attacker.com” Can obtain SSL/TLS certificate for attacker.com User visits attacker.com
Or: runs attacker’s Facebook app, site with attack ad, …
Network attacker Passive: Wireless eavesdropper Active: Evil router, DNS poisoning
Malware attacker Attacker escapes browser isolation mechanisms
and run separately under control of OS
Browser Operation
Understand the basics of how the browser works Protocols, rendering, frames, etc.
Inter-domain communication
Browser isolation policies Same Origin Policy
Web Session Management
How are sessions represented?
Cookies store session tokens
Unpredictability, randomness