Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | bennett-barber |
View: | 212 times |
Download: | 0 times |
Lecture 0. Course Introduction
Prof. Taeweon SuhComputer Science &
EngineeringKorea University
COM850 Computer Hacking and Security
Korea Univ
Course Information
• Instructor Prof. Taeweon Suh
• Textbook HACKING – The Art of Exploitation, 2nd Edition, Jon Erickson, 2008
• Prerequisites C-programming, Network Programming, Computer Architecture, Operating
Systems
• References Practical Packet Analysis using Wireshark to Solve Real-world Network
Problems, Chris Sanders, 2nd Edition, no starch press, 2011 TCP/IP Protocol Suite, Behrouz Forouzan, 4th Edition, McGraw-Hill, 2009 TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley, 1994
• Office hours After class as needed By appointment at Lyceum 307
• Course materials will be posted on the course web at http://esca.korea.ac.kr/
• Contact Information [email protected] 02-3290-2397
2
Korea Univ
Pioneers of Hacking
• John Draper Hacked telephone line to make free
calls Arrested on toll fraud charges in 1972 Inspired 2 Steves
3Discovery Channel’s The Secret History of Hacking http://www.youtube.com/watch?v=Y47m1cOyKjA
Korea Univ
Pioneers of Hacking
• Steve Wozniack Apple co-founder Started revolution in computers
• Kevin Mitnick Hacked many computer systems Convicted of various computer
and communication-related crimes
4Discovery Channel’s The Secret History of Hacking http://www.youtube.com/watch?v=Y47m1cOyKjA
Korea Univ
Hacking is Bad?
• Most people associate hacking with breaking the law and assume that everyone who engages in hacking activities is a criminal Hackers are outlaws, snooping,
stealing, and spreading viruses. No one has good words for them
• The essence of hacking is finding unintended or overlooked uses and applying them in a new and inventive ways Hacked solutions follow the rules of
the system, but they use those rules in counterintuitive ways
5
Korea Univ
“My” Hacking Classification
• Software hacking Exploit vulnerabilities in software
• Hardware Trojan Implant malicious hardware inside a chip
• Hybrid (hardware + software) Software to trigger Hardware Trojans Software based on the understanding of
hardware details
6
Korea Univ
Abstractions in Computer
7
Hardware Implementatio
n
Instruction Set Architecture (ISA)
Assembly language
orMachine language
Operating Systems
Programming using APIs
Provides APIs (Application
Programming Interface)
Korea Univ
Software Hacking
• Exploit vulnerabilities in software Classic buffer overflow Heap-based overflow Function pointer overflow …
8
Layout of virtual address space on IA-32
Korea Univ
Software Hacking
• Exploit weakness in network protocols and their implementation in software Denial of Service (DoS): SYN flooding, Ping flooding,
Ping of Death, Teardrop, Smurf and Fraggle attacks, Distributed DoS…
9
Korea Univ
Hardware Trojan
• Relatively new and different attack method• Implant malicious logic into a chip
10
Implantation during Design Phase
IPs
HDL Implantation during
fabrication
Implantation via CAD tools
Korea Univ
Hardware Trojan
• Israel’s strike to nuclear plants in Syria (2007)
• European chip maker recently built into its microprocessors a kill-switch that could be accessed remotely. French defense contractors have used the chips in military equipment
• Time-bomb …
11• “The Hunt for The Kill Switch,” IEEE Spectrum, May 2008
Korea Univ
Hybrid
• Certain conditions created by software-triggered Hardware Trojans
• Software hacks computer systems based on understanding of hardware details
12• “Hardware Security in Practice: Challenges and Opportunities,” HOST, 2011
• Insecure hardware initialization by the BIOS• The BIOS didn’t lock remapping registers
after configuration
• Attackers reprogram these registers to map to TSEG
• Corrupt SMI handlers with malicious code
Korea Univ
Objectives
• Our focus is on software hacking and security In-depth understanding of x86 processor,
compiler outcome, networking, and hopefully OS Understand vulnerabilites in software
• Classic buffer overflow in stack• Denial of Service (DoS) attacks• TCP/IP Hijacking• …
Study countermeasures to prevent from attacks As a side effect, get used to:
• Linux system programming• x86-based assembly
13
Korea Univ
Lab Environment
• Hardware: x86-based computers Personal laptops are preferred
• Software: 32-bit Linux The textbook contain a CD you
can play with Or, experiment with the latest
Linux, but recent OSs are patched against well-known security threats
GDB, Wireshark …
14
Korea Univ
Grading Policy
• Midterm Exam: 30%
• Final Exam: 30%
• Class Presentations: 40%
• Fail rule You will be given an “F” if you are absent more than 3 times
• 2 late show-ups will be counted as 1 absence
15
Korea Univ
Understand Computer?
• How much do you “exactly” understand computers?
• Answer to the following 2 questions
16
Korea Univ
0.025 != 0.025 ?
17
Korea Univ
0.07 != 0.07 ?
18
Korea Univ
a x b x c != b x c x a ?
19
Korea Univ
What Would You Get?
20
#include <stdio.h>
int main(){
signed int sa = 7;signed int sb = -7;unsigned int ua = *((unsigned int *) &sa);unsigned int ub = *((unsigned int *) &sb);
printf("sa = %d : ua = 0x%x\n", sa, ua);printf("sb = %d : ub = 0x%x\n", sb, ub);
return 0;}
Korea Univ
What Would You Get?
21
#include <stdio.h>
int main(){
float f1 = -58.0;unsigned int u1 = *((unsigned int *) &f1);
printf("f1 = %f\n", f1);printf("f1 = %3.20f\n", f1);printf("u1 = 0x%X\n", u1);
return 0;}
What is this?
Korea Univ
What Would You Get?
22
#include <stdio.h>
int main(){
double d1 = -58.0;unsigned long long u1 = *((unsigned long long *) &d1);
printf("d1 = %lf\n", d1);printf("d1 = %3.20lf\n", d1);printf("u1 = 0x%llX\n", u1);
return 0;}
What is this?
Korea Univ
What Would You Get?
23
#include <stdio.h>
int main(){
float f2 = -0.1;unsigned int u2 = *((unsigned int *) &f2);
printf("f2 = %f\n", f2);printf("f2 = %3.20f\n", f2);printf("u2 = 0x%X\n", u2);
return 0;}
And What is this?
Why are these different?
Korea Univ
What Would You Get?
24
#include <stdio.h>
int main(){
float f3 = 0.7;unsigned int u3 = *((unsigned int *) &f3);
printf("f3 = %f\n", f3);printf("f3 = %3.20f\n", f3);printf("u3 = 0x%X\n", u3);
return 0;}
What is this?
Why are these different?
Korea Univ
Intel’s Core i7 (2nd Gen.)
25
2nd Generation Core i7
995 million transistors in 216 mm2 with 32nm
technology
L1 32 KB
L2 256 KB
L3 8MB
Sandy Bridge