In retrospect - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

In retrospect

Description:

... a traffic pattern that will be interpreted by the IDS monitor in one fashion and ... directory and allow it to access files in or below this directory. ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 21
Provided by: alcorCo
Category:
Tags: retrospect

less

Transcript and Presenter's Notes

Title: In retrospect


1
In retrospect
  • SOEN321, Fall 2004
  • Serguei Mokhov

2
Contents
  • Scale
  • Threats
  • Trojan Horses
  • Object Reuse
  • Hash Functions
  • Salt

3
Scale
  • Criminal exploits using the net often are
    analogous to their physical-world counterparts
    but they can have a special flavor.
  • Consider an e-tailer like Amazon.com that
    maintains a database of the credit-card numbers
    of its customers.
  • A hacker might succeed in compromising this
    database.
  • Why worry about this when a crooked restaurant
    waiter can make an extra imprint of your credit
    card and steal very similar information?
  • Answer this question by describing the leverage
    the hacker can obtain that is not obtainable by
    even an organized team of crooked waiters.

4
Threats (1)
  • In the context of a well-configured information
    system of moderate size connected to the
    Internet, give an example of
  • a high-probability, low-impact electronic threat,
    and
  • a low-probability, high-impact electronic threat.
  • Finally, give an example of an electronic threat
    so overwhelming that not even a large corporation
    would even consider defending against it.
  • In risk assessment and mitigation, why is
    commercial insurance often an option for a
    commercial corporation but rarely --- if ever ---
    an option for the armed forces or an intelligence
    agency?

5
Threats (2) Trojan Horses
  • Why do mandatory access controls protect
    confidentiality requirements from compromise by
    Trojan horses better than do discretionary access
    controls?

6
Object Reuse
  • In most operating systems, file deletion merely
    removes a link to a file but does not physically
    overwrite it. (In PCs, there are standard
    utilities to recover deleted files).
  • In a local area network with a file server and
    hundreds of users, will a fully deleted file
    physically survive very long?
  • On what does this depend? (We are not
    considering sophisticated physical recovery
    methods here).

7
Hash Function (1)
  • One often hears, "If you change even a single bit
    of this 5-GB file, the hash result (image) will
    totally change". That's probably true.
  • Still, consider a hash function h with domain D
    and codomain C, given by
  • D 1, 2, ..., 100, domain of x
  • C 0, 1, ..., 63, domain of h
  • h(x) x --gt (67x2 13x 5 x mod 2) mod 64
  • If x ltgt x' in D collide, what mathematical
    relationship is there between x and x'?
  • h(x) h(x)
  • Could you flip a single bit to transform x into
    x'? Explain.
  • Lets take a particular case
  • x 00000001, x 00000011, no
  • Find me x, so that h(x) h(1) 22, and x
    differs from 0 by a one bit, so x has to be a
    power of 2 1, eg. 3, 5, 9, 17
  • Basically, can you solve 3x2 13x 6 22 so
    the some of the numbers above are (is) roots?
  • Same for even.

8
Salt
  • The traditional Unix password hash function has
    the form
  • lthash valuegt DES25 (ltsaltgt, ltpasswordgt,
    initially 0)
  • which means that DES is applied iteratively 25
    times to blocks, the first one of which is a
    block of 64 0's, using parameters 'salt' and
    'password as arguments to DES.
  • DES is a block encryption algorithm.
  • How is the success of off-line dictionary attacks
    very closely dependent on the generally available
    computer power?
  • Given your answer, imagine a possible requirement
    on a replacement hash function.
  • How is using a shadow password file a different
    defense approach?
  • Now does NIS change things? -)

9
Digital Signature (1)
  • Why are cryptographic hash functions essential in
    all practical implementations of
    digital-signature schemes?
  • What bad things might happen if hashes were not
    bound to the messages they are allegedly digests
    of?
  • How would you (practically) achieve all three
    goals
  • i) message confidentiality,
  • ii) message integrity, and
  • iii) message-origin authentication, in one
    message transmission?

10
Firewall (1)
  • Stateful packet filters do not examine packets in
    isolation.
  • They use state information derived from past
    communications to make control decisions for new
    communication attempts.
  • Show how a stateful packet filter has a better
    chance of verifying an incoming FTP data
    connection by remembering the history of the FTP
    session.
  • Why is it difficult to use packet filtering of
    any kind to filter RPC services?

11
DDoS
  • Why is it a good idea to maintain a number of
    out-of-band communication channels to aid in
    defending against a DDoS attack?
  • Identify a scaling problem with this idea.
  • Why might this scaling problem suggest that the
    response must come from the network itself?
  • Why is naive trust in authentication not
    necessarily a good solution to DDoS?

12
IDS
  • An attacker is trying to use subterfuge to defeat
    a stand-alone network intrusion-detection system.
  • Why is finding a traffic pattern that will be
    interpreted by the IDS monitor in one fashion and
    by the target host in a different fashion the key
    to a subterfuge (deception/fraud) attack?
  • Give two examples of how this can be done.

13
Buffer Overflow
  • An attacker is trying to use a buffer-overflow
    attack against a privileged program 'p'.
  • The defender has put a "canary word next to the
    return address.
  • The attacker is trying to overcome this defense.
  • Imagine the stack of activation records is
    growing down.
  • The calling procedure pushes arguments onto the
    stack, pushes a return address onto the stack,
    and then pushes a canary word onto the stack.
  • The buffer has been allocated at an
    imperfectly-known offset 'd' from the return
    address, and the linear, sequential write of
    bytes to the buffer proceeds in the up direction.
  • If the sequence of canary values used in
    different invocations of 'p' has been guessed by
    the attacker, and the attacker knows roughly
    where in the sequence the system is, show how the
    attacker can succeed in smashing the stack.

14
SUID
  • Unix allows suid-root files. If an ordinary user
    can create a file whose owner has uid 0 and whose
    suid bit is set, would this compromise the
    system? Explain.
  • If an ordinary user can execute a system file
    whose owner has uid 0 and whose suid bit is set,
    would this by itself compromise the system?
    Explain.
  • What additional event is required to produce a
    compromise?

15
Confinement
  • An application may be untrusted if it is exposed
    to outside attack but not trusted to protect
    itself against adversarial inputs.
  • Confinement can be achieved---on the interface
    the OS presents to the untrusted application---if
    we intercept system calls made by the untrusted
    application and filter potentially harmful
    requests before they are executed.
  • We try to enforce the Principle of Least
    Privilege.
  • Show that any user-level mechanism we provide
    must reside in a different address space.
  • We place the untrusted application in a
    particular directory and allow it to access files
    in or below this directory. If 'chroot' sets
    this up, what system call must we forbid? (You
    may need to mention parameters).
  • Why must network access be carefully controlled
    in addition to the 'chroot' confinement?

16
DNSSec
  • Consider the following proposal
  • A DNS record is a triple lt'hostname',
    'IPaddress', 'host's public key'gt. Each DNS
    record is signed with the relevant authority's
    private key (so lcs.mit.edu's record is signed
    by mit.edu, mit.edu's record is signed by edu,
    and edu's record is signed by the DNS root
    'dot'). The public key for 'dot' is assumed to
    be known to all DNS clients.
  • This way, when you perform a query, say, on
    lcs.mit.edu, and get back a DNS record, it will
    be recursively self-authenticating.
  • What is the purpose of adding the public key to
    the DNS record?

17
Key Transport
  • Using a predefined scheme, Alice sends to Bob a
    128-bit crypto key.
  • The hash function h(x) generates 64-bit hashes.
  • Alice chooses 128-bit random number rn and sends
  • A,rn, h(rn)k-A k-B
  • Can Bob prove Alice is the sender?
  • If theres no interity problem Alice sends
  • A,rnk-A k-B
  • Can Ted choose his own 128-bit random key rn, and
    send it to Bob making Bob believe it came from
    Alice?

18
Integrity
  • Suppose when you modify a file, you always change
    its length.
  • There are independent system functions that
    return the length size() and length().
  • Alice keeps the lengths offline for integrity
    check.
  • If she uses either function, what are her trust
    assumptions?
  • If she uses both, any added security value?

19
Vulnerabilities
  • SOEN and SOFTDEV revolution.
  • Radically reduces of sys. vulnerabilities.
  • Are firewalls much less essential?
  • Firewalls penetrate and patch
  • Why the former do not remove the need for latter?

20
Protection
  • Pure capabilities system
  • Secure mechanism to insert, modify, delete
    capabilities from the protection domain of a
    running process.
  • Is it good support for Principle of Least
    Privilege?
  • Comprehensive Mandatory Access Control policy
    less susceptible to Trojan horses?
Write a Comment
User Comments (0)
About PowerShow.com