4 About myself PhD in Robotics, Toulouse University, 1991 Research Engineer at CNRS/LAAS System software system administration and security officer for LAAS robots systems software integration OpenBSD and X.Org contributor Member of the tetaneutral.net associcative local ISP
5 OpenBSD... Unix-like, multi-platform operating system Derived from BSD 4.4 Kernel + userland + documentation maintained together 3rd party applications available via the ports system One release every 6 months Hardware architectures: i386, amd64, alpha, arm, macppc, sparc, sparc64, sgi, vax...
6 Secure by default Leitmotiv since 1996 Adopted since by most OS Non required services are not activated in a default installation. Default configuration of services providing security Activating services require a manual action of the administrator Keep a working (functional, useful) system only a few remote vulnerabilities in more than 15 years.
7 Objectives Provide free code (BSD license...) Quality Correctness Adhering to standards (POSIX, ANSI) Providing good crypto tools (SSH, SSL, IPSEC,...) better security.
8 Current version OpenBSD 5.6 released Nov. 1, New stuff : LibreSSL, OpenSSL fork New getentropy(2) system call PIE by default on more architectures OpenSMTPd, a new privilege separated SMTP daemon is now the default removed unsafe algorithms from OpenSSH protocol negociation lots of unsafe code removal (Kerberos, sendmail,...)...
9 Increasing resilience to attacks Provide an unpredictable resource base with minimum permissions Random stack gap Program segments mappings randomization > shared libraries ASLR, random ordering > PIE > mmap ASLR increased use of the ELF.rodata section malloc randomizations Where it is possible to spot damage, fail hard stack protector stack ghost atexit/ctor protection
11 Random numbers in OpenBSD libc needs high quality random numbers available under any circumstances Theo de Raadt in the kernel in threads in chroots in ENFILE/EMFILE situations in performance critical code Most important characteristic : Ease of use
12 Random numbers in OpenBSD: kernel
13 Use of random numbers in the kernel random PIDs VM mappings (including userland malloc/free requests) network packets creation (sequence numbers) pf NAT and other operations port allocation scheduler decisions userland arc4random() reseeding via getentropy(2) Slicing the random stream between many users: resistance to backtracking and prediction.
14 Random numbers in userland Per-process stream, with re-seeding: too much volume of data has moved too much time elapsed when a fork() is detected Slicing between several users occurs too : malloc(3) DNS ld.so crypto More than 1000 call points in the libraries and system utilities.
16 ASLR stackgap: random offset in stack placement mmap() shared libraries PIE executables by default, including static binaries on most architectures
18 Randomness in mmap() Address returned by mmap(): If MAP_FIXED is not specified: returns a random address. (traditional behaviour: 1st free page after a base starting address)
19 Randomness in malloc() 1 page allocations: mmap() random addresses. < 1 page allocations: classical fixed block allocator, but random selection of the block in the free list. heap attacks more difficult.
20 Protecting dynamically allocated memory [Moerbeek 2009] Activated by /etc/malloc.conf G Each bigger than one page allocation is followed by a guard page segmentation fault if overflow. Smaller allocations are randomly placed inside one page.
21 Propolice / SSP gcc patches initially developped by IBM Tokyo Research Labs (2002). Principle : put a canary on the stack, in front of local variables check it before return. if still alive: no overflow if dead (overwritten): overflow abort() Only when there are arrays in local variables Adopted by gcc since version 4.1. Enabled by default in OpenBSD..
22 W^X Principle of least privilege. Write exclusive or execution right granted on a page.. easy on some architectures (x86_64, sparc, alpha): per page X bit harder or others (x86, powerpc): per memory segment X bit impossible in some cases (vax, m68k, mips) In OpenBSD 5.7: WˆX inside the kernel for x86_64 (PaX on Linux...)
23 Privileges reduction Completely revoke privileges from privileged (setuid) commands, or commands launched with privileges, once every operation requiring a privilege are done. Group those operations as early as possible after start-up. Examples: ping named
24 Privileges separation [Provos 2003] Run system daemons: with an uid 0 in a chroot(2) jail additional helper process keeps the privileges but do paranoid checks on all his actions. A dozen of daemons are protected this way.
25 Example: X server
26 Example: OpenSMTPd
27 Securelevels No fine grained policy: too complex, thus potentially dangerous. Three levels of privileges kernel root user Default securelevel = 1: File system flags (immutable, append-only) to limit root access. Some settings cannot be changed (even by root). Restrict access to /dev/mem and raw devices.
29 Threats on protocols Internet: favours working stuff over security. easy to guess values forged packets accepted as valid information leaks use of time as a secret??
30 Protection Principle Use data that are impossible (hard) to guess wherever arbitrary data are allowed, even if no known attack exists. counters timestamps packet, session, host... identifiers But respect constraints and avoid breaking protocols: non repetition minimal interval between 2 values avoid magic numbers
31 Randomness in the network stack Use: IPID (16 bits, no repetition) DNS Queries (16 bits, no repetition) TCP ISN (32 bits, no repetition, steps of 2 15 between 2 values) Source ports (don t re-use a still active port) TCP timestamps (random initial value, then increasing at constant rate) Id NTPd (64 bits, random) instead of current time RIPd MD5 auth...
32 PF: more than one trick in its bag Packet Filter Stateful filtering and rewriting (NAT) engine Scrub to add randomness to packets: TCP ISN IP ID TCP timestamp NAT : rewriting of source ports (and possibly addresses) Also protects non-openbsd machines behind a pf firewall.
34 OpenSSL & Heartbleed for years no one really looked at the OpenSSL code those who had a glance ran away (too horrible) so everyone blindly trusted the OpenSSL project then came Heartbleed, made people look again OpenBSD decided that the only way out was to fork
35 LibreSSL - goals Keep the OpenSSL API Important : remove layers of wrappers around system primitives malloc wrappers where hiding bugs from valgrind/openbsd s malloc Printf-like wrappers may have hidden format string bugs Review the public OpenSSL bug database : dozen of valid bug reports sitting for years Fix random number generator getentropy() Fix many (potential) interger overflows reallocarray() Portable version for Linux, MacOSX, Windows,...
36 libtls new API hides implementation details (no ASN.1, x509,... structures) safe default behaviour (hostnames/certificates verification,...) privilege separation friendly (committed today) example use in OpenSMTPd, relayd, httpd... still under active development
38 Conclusion Lots of progress since the beginning. Contributed to fix bugs in many 3rd party applications. Often Copied (good). Still lots of issues to address...
39 Bibliography arc4random - randomization for all occasions, Theo de Raadt, Hackfest 2014, Quebec City. LibreSSL - An OpenSSL replacement, the first 30 days and where we go from here, Bob Beck, BSDCan Exploit mitigation techniques - An update after 10 years, Theo de Raadt, rubsd 2013, Moscow. OpenSMTPD: We deliver!, Eric Faurot, AsiaBSDCon Time is not a secret: Network Randomness in OpenBSD, Ryan McBride Asia BSD Conference 2007 Security issues related to Pentium System Management Mode, Loïc Duflot, CansecWest Preventing Privilege Escalation, Niels Provos, Markus Friedl and Peter Honeyman, 12th USENIX Security Symposium, Washington, DC, August Enhancing XFree86 security, Matthieu Herrb LSM, Metz 2003.
I assure on my honour that I have actively participated in these solutions, and that the solutions were developed independently from other groups. Group members: Nian Tang, Nian.Tang.email@example.com
S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota firstname.lastname@example.org A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
Defense in Depth: Protecting Against Zero-Day Attacks Chris McNab FIRST 16, Budapest 2004 Agenda Exploits through the ages Discussion of stack and heap overflows Common attack behavior Defense in depth
noway.toonux.com p3.7 10 noway.toonux.com 184.108.40.206 Debian Linux 0 CRITICAL 0 HIGH 5 MEDIUM 2 LOW Running Services Service Service Name Risk General Linux Kernel Medium 22/TCP OpenSSH 5.5p1 Debian 6+squeeze4
SEED Document 1 Summary of the SEED Labs For Authors and Publishers Wenliang Du, Syracuse University To help authors reference our SEED labs in their textbooks, we have created this document, which provides
Linux Operating System Security Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class is for students who want to learn how to configure systems to be secure, test the security
CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
Security Evaluation of the OpenBSD Operating System Jeffery Hughes ECE 578 Computer and Network Security June 3, 2002 Security Evaluation of the OpenBSD Operating System Table of Contents Abstract Page
Secure Software Programming and Vulnerability Analysis Christopher Kruegel email@example.com http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following
z/os Firewall Technology Overview Mary Sweat E - Mail: firstname.lastname@example.org Washington System Center OS/390 Firewall/VPN 1 Firewall Technologies Tools Included with the OS/390 Security Server Configuration
SECURITY IN AN IPv6 WORLD MYTH & REALITY SANOG XXIII Thimphu, Bhutan 14 January 2014 Chris Grundemann WHO AM I? DO Director @ Internet Society CO ISOC Founding Chair NANOG PC RMv6TF Board NANOG-BCOP Founder
Hunting birds Yuki Koike Abstract NADA Junior and Senior High School 8-5-1, Uozaki-Kitamachi, Higashinada-ku, Kobe-shi, Hyogo 658-0082, JAPAN email@example.com Stack Smashing Protection (SSP) is one
System Security Fundamentals Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano alessandro.barenghi - at - polimi.it April 28, 2015 Lesson contents Overview
Jonathan Worthington Scarborough Linux User Group Introduction What does a Virtual Machine do? Hides away the details of the hardware platform and operating system. Defines a common set of instructions.
Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le firstname.lastname@example.org About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET In this talk Nginx brief introduction Nginx chunked
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
OS/390 Firewall Technology Overview Washington System Center Mary Sweat E - Mail: email@example.com Agenda Basic Firewall strategies and design Hardware requirements Software requirements Components of
Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
SAINT Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Install SAINT Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
Host-based Intrusion Prevention on Windows and UNIX Dr. Rich Murphey White Oak Labs Acknowledgements Niels Provos OpenBSD s systrace DT suggested this thread last year Greg Hoglund insights md5 at da ghettohackers
Running a Default Vulnerability Scan A Step-by-Step Guide www.saintcorporation.com Examine. Expose. Exploit. Welcome to SAINT! Congratulations on a smart choice by selecting SAINT s integrated vulnerability
Storm Worm & Botnet Analysis Jun Zhang Security Researcher, Websense Security Labs June 2008 Introduction This month, we caught a new Worm/Trojan sample on ours labs. This worm uses email and various phishing
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
Time has something to tell us about Network Address Translation Elie Bursztein Abstract In this paper we introduce a new technique to count the number of hosts behind a NAT. This technique based on TCP
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization
CSE331: Introduction to Networks and Security Lecture 32 Fall 2004 Hackers / Intruders External attacks Typical hacker Exploits carried out remotely Does not have an account on the remote machine Insider
Firewalls Pehr Söderman KTH-CSC Pehrs@kth.se 1 Definition A firewall is a network device that separates two parts of a network, enforcing a policy for all traversing traffic. 2 Fundamental requirements
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
Security for Mac Computers in the Enterprise October, 2012 Mountain Lion 10.8 Contents Introduction 3 Service and App Protection 4 Gatekeeper 4 Digital Signatures and Developer IDs 4 App Sandboxing 5 Mandatory
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: rsync.net ASV Company: Comodo CA Limited 06-02-2015 Scan expiration date: 08-31-2015 Part 2. Component
Subverting the Xen hypervisor Rafał Wojtczuk Invisible Things Lab Black Hat USA 2008, August 7th, Las Vegas, NV Xen 0wning Trilogy Part One Known virtulizationbased rootkits Bluepill and Vitriol They install
Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running
SSL for VM: The Hard Way and the Easy Way David Boyes 2007 Agenda Overview of SSL and the VM Implementation Setup Steps for a DIY Version SSL Enabler, aka the Easy Way A Little Bit About Clients Q&A What
Virtualization of Linux based computers: the Linux-VServer project Benoît t des Ligneris, Ph. D. Benoit.des.Ligneris@RevolutionLinux.com Objectives: Objectives: 1) Present the available programs that can
Security Protocols: SSH Michael E. Locasto University of Calgary Agenda Philosophy: data protec?on on the network Discussion of SSH SSH history Authen?ca?on Mechanisms SSH2 design overview / architecture
16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface
DVR Network Security Page 1 of 12 Table of Contents TABLE OF CONTENTS... 2 GETTING STARTED... 4 INTRODUCTION... 4 DISCLAIMER... 4 BACKGROUND INFORMATION... 4 GENERAL BEST PRACTICES... 4 USE THE EQUIPMENT
COS 318: Operating Systems OS Structures and System Calls Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Outline Protection mechanisms
IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in
CS 377: Operating Systems Lecture 25 - Linux Case Study Guest Lecturer: Tim Wood Outline Linux History Design Principles System Overview Process Scheduling Memory Management File Systems A review of what
Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 220.127.116.11 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the
Bypassing Firewalls: Tools and Techniques Jake Hill firstname.lastname@example.org March 23, 2000 Abstract This paper highlights a very important problem with network perimeter firewalls. The threat discussed is not
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
Why is security important? Practical applications of secure operating systems in E-business Nigel Edwards Hewlett-Packard Internet Security Solutions Division email@example.com 1 2 Web site defacement
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
Confining the Apache Web Server with Security-Enhanced Linux Michelle J. Gosselin, Jennifer Schommer firstname.lastname@example.org, email@example.com Keywords: Operating System Security, Web Server Security, Access
Virtual Private Systems for FreeBSD Klaus P. Ohrhallinger 06. June 2010 Abstract Virtual Private Systems for FreeBSD (VPS) is a novel virtualization implementation which is based on the operating system
Host Discovery with nmap By: Mark Wolfgang firstname.lastname@example.org November 2002 Table of Contents Host Discovery with nmap... 1 1. Introduction... 3 1.1 What is Host Discovery?... 4 2. Exploring nmap s Default
Firewalls slide 1 configuring a sophisticated GNU/Linux firewall involves understanding iptables iptables is a package which interfaces to the Linux kernel and configures various rules for allowing packets
Utilizing Solaris 10 Security Features Presented by: Nate Rotschafer Peter Kiewit Institute Revised: August 8, 2005 Solaris 10 Security Features Outline Solaris Development Least Privilege RBAC Service
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
TCP/IP Concepts Review Ed Crowley 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP addressing
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
CS168 Computer Networks Jannotti Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015 Contents 1 Introduction 1 2 Components 1 2.1 Creating the tunnel..................................... 2 2.2 Using the
tcpcrypt Andrea Bittau, Dan Boneh, Mike Hamburg, Mark Handley, David Mazières, Quinn Slack! Stanford, UCL Reminder: project goal IPsec SSH TLS Unencrypted TCP traffic today Not drawn to scale Reminder:
How the Great Firewall discovers hidden circumvention servers Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson Much already known about GFW Numerous research papers and blog
Firewalls Chien-Chung Shen email@example.com The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
Ethical hacking László Erdődi, PhD. University of Agder firstname.lastname@example.org About myself PhD from Computer Security (Software vulnerability exploitation) Research on Software vulnerabilities (error finding
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 3 1/18/07 CIS/TCOM 551 1 Announcements Email project groups to Jeff (vaughan2 AT seas.upenn.edu) by Jan. 25 Start your projects early!
SYSTEM ADMINISTRATION MTAT.08.021 LECTURE 8 SECURITY Prepared By: Amnir Hadachi and Artjom Lind University of Tartu, Institute of Computer Science email@example.com / firstname.lastname@example.org 1 OUTLINE 1.Is
SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character
Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major
OPG Leadership Series Kickoff, Solaris Security Design September, Considerations 2005 Casper Dik Sun Microsystems, Inc. Solaris Security Design Principles Or how ten years changed my perspective on security
Advances in Networks, Computing and Communications 6 Implementation of the Least Privilege Principle on Windows XP, Windows Vista and Linux Abstract L.Scalbert and P.S.Dowland Centre for Information Security
Operating Systems: Internals and Design Principles Chapter 15 Operating System Security Eighth Edition By William Stallings System Access Threats System access threats fall into two general categories:
Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously