CS52600: Information Security



Similar documents
Introduction to Security

CS 392/681 - Computer Security. Module 16 Vulnerability Analysis

(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Access Control Fundamentals

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Detecting SQL Injection Vulnerabilities in Web Services

Application Intrusion Detection

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Penetration Testing in Romania

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Lecture 18: More Assurance

Data Management Policies. Sage ERP Online

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Thick Client Application Security

How To Manage Security On A Networked Computer System

- Table of Contents -

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

CS574 Computer Security. San Diego State University Spring 2008 Lecture #7

Auditing a Web Application. Brad Ruppert. SANS Technology Institute GWAS Presentation 1

Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006

Columbia University Web Security Standards and Practices. Objective and Scope

CS 665: Computer System Security. Designing Trusted Operating Systems. Trusted? What Makes System Trusted. Information Assurance Module

Software Asset Management (SWAM) Capability Data Sheet

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Web application security: automated scanning versus manual penetration testing.

External Supplier Control Requirements

How To Protect A Network From Attack From A Hacker (Hbss)

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Chapter 23. Database Security. Security Issues. Database Security

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

Homeland Security Red Teaming

Security Testing & Load Testing for Online Document Management system

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Incident Reporting Guidelines for Constituents (Public)

Information Technology Cyber Security Policy

Consensus Policy Resource Community. Lab Security Policy

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Certification Report

Data Security Incident Response Plan. [Insert Organization Name]

UNCLASSIFIED Version 1.0 May 2012

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Three significant risks of FTP use and how to overcome them

Virtualization System Security

Managing IT Security with Penetration Testing

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

CSC574 - Computer and Network Security Module: Intrusion Detection

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Passing PCI Compliance How to Address the Application Security Mandates

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE, AND AGING

Malicious Software. Ola Flygt Växjö University, Sweden Viruses and Related Threats

05.0 Application Development

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS

Chapter 8 A secure virtual web database environment

UF Risk IT Assessment Guidelines

Cyril Onwubiko Networking and Communications Group ncg.kingston.ac.

Post-Class Quiz: Software Development Security Domain

Secrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security

Certification Report

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

Introduction to Security

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

white SECURITY TESTING WHITE PAPER

QuickBooks Online: Security & Infrastructure

Taxonomic Modeling of Security Threats in Software Defined Networking

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Access Control Models Part I. Murat Kantarcioglu UT Dallas

Certification Report

CS 356 Lecture 28 Internet Authentication. Spring 2013

Client logo placeholder XXX REPORT. Page 1 of 37

Middleware and Distributed Systems. System Models. Dr. Martin v. Löwis. Freitag, 14. Oktober 11

Certification Report

Penetration Testing Report Client: Business Solutions June 15 th 2015

Network and Host-based Vulnerability Assessment

Certification Report

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

Transparent Monitoring of a Process Self in a Virtual Environment

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Course Title: Penetration Testing: Network & Perimeter Testing

Transcription:

CS18000: Programming I CS52600: Information Security Vulnerability Analysis 15 November 2010 Prof. Chris Clifton Vulnerability Analysis Vulnerability: Lapse in enforcement enabling violation of security policy Errors in code Human violators Mismatch between assumptions Exploit: Use of vulnerability to violate policy CS52600 2 2010 Chris Clifton 1

CS18000: Programming I Vulnerability Analysis System Verification Determine preconditions, postconditions Validate that system ensures postconditions given preconditions Penetration testing Start with system/environment characteristics Try to find vulnerabilities CS52600 3 We ve covered a lot Formal verification System Verification Information flow analysis Formal reviews What are the problems? Invalid assumptions Limited view of system Still an inexact science CS52600 4 2010 Chris Clifton 2

CS18000: Programming I Penetration Testing Test complete system Attempt to violate stated policy Works on in-place system Framework for evaluating results Typical approach: Red Team, Blue Team Red team attempts to discover vulnerabilities Blue team simulates normal administration Detect attack, respond White team injects workload, captures results CS52600 5 Types of Penetration Testing Black Box External attacker has no knowledge of target system Attacks often build on human element System access provided Red team provided with limited access to system Models external attack Goal is to gain normal or elevated access Then violate policy Internal attacker Red team provided with authorized user access Goal is to elevate privilege / violate policy CS52600 6 2010 Chris Clifton 3

CS18000: Programming I Red Team Approach Information gathering Examine design, environment Flaw hypothesis Predict likely vulnerabilities Flaw testing Determine where vulnerabilities exist Flaw generalization Attempt to broaden discovered flaws Flaw elimination Suggest means to eliminate flaw CS52600 7 Problems with Penetration Testing Nonrigorous Dependent on insight (and whim) of testers No good way of evaluating when complete How do we make it systematic? Try all classes of likely flaws But what are these? Vulnerability Classification! CS52600 8 2010 Chris Clifton 4

CS18000: Programming I Vulnerability Classification Goal: describe spectrum of possible flaws Enables design to avoid flaws Improves coverage of penetration testing Helps design/develop intrusion detection How do we classify? By how they are exploited? By where they are found? By the nature of the vulnerability? CS52600 9 Example flaw: xterm log xterm runs as root Generates a log file Appends to log file if file exists Problem: ln /etc/passwd log_file Solution if (access( log_file, W_OK) == 0) fd = open( log_file, O_WRONLY O_APPEND) What can go wrong? CS52600 10 2010 Chris Clifton 5

CS18000: Programming I Example: Finger Daemon (exploited by Morris worm) finger sends name to fingerd fingerd allocates 512 byte buffer on stack Places name in buffer Retrieves information (local finger) and returns Problem: If name > 512 bytes, overwrites return address Exploit: Put code in name, pointer to code in bytes 513+ Overwrites return address CS52600 11 Vulnerability Classification: Generalize xterm: race condition between validation and use fingerd: buffer overflow on the stack Can we generalize to cover all possible vulnerabilities? CS52600 12 2010 Chris Clifton 6

CS18000: Programming I Research Into Secure Operating Systems (RISOS) Seven Classes 1. Incomplete parameter validation 2. Inconsistent parameter validation 3. Implicit sharing of privileged / confidential data 4. Asynchronous validation / inadequate serialization 5. Inadequate identification / authentication / authorization 6. Violable prohibition / limit 7. Exploitable logic error Evaluated several operating systems CS52600 13 Protection Analysis Model Pattern-directed protection evaluation Methodology for finding vulnerabilities Applied to several operating systems Discovered previously unknown vulnerabilities Resulted in two-level hierarchy of vulnerability classes Ten classes in all CS52600 14 2010 Chris Clifton 7

CS18000: Programming I PA flaw classes 1. Improper protection domain initialization and enforcement a. domain: Improper choice of initial protection domain b. exposed representations: Improper isolation of implementation detail c. consistency of data over time: Improper change d. naming: Improper naming e. residuals: Improper deallocation or deletion 2. validation of operands, queue management dependencies: Improper validation 3. Improper synchronization a. interrupted atomic operations: Improper indivisibility b. serialization: Improper sequencing 4. critical operator selection errors: Improper choice of operand or operation CS52600 15 NRL Taxonomy Three classification schemes Type of flaw When was it created Where is it Type of Flaw Intentional Malicious Nonmalicious Trapdoor Trojan horse Logic/time bomb Covert channel Other Nonreplicating Replicating Timing Storage CS52600 17 2010 Chris Clifton 8

CS18000: Programming I NRL Taxonomy: Time Time of introduction Development Maintenance Operation Requirement specification design Source code Object code CS52600 18 NRL Taxonomy: Location Location Operating System Software Application Hardware Support System initialization Process management / scheduling File Management Other / Unknown Memory Management Device management Identification / Authentication Privileged Utilities Unprivileged Utilities CS52600 19 2010 Chris Clifton 9

CS18000: Programming I Aslam s Model Attempts to classify faults unambiguously Decision procedure to classify faults Coding Faults Synchronization errors Timing window Improper serialization Condition validation errors Bounds not checked Access rights ignored Input not validated Authentication / Identification failure Emergent Faults Configuration errors Wrong install location Wrong configuration information Wrong permissions Environment Faults CS52600 20 Common Vulnerabilities and Exposures (cve.mitre.org) Captures specific vulnerabilities Standard name Cross-reference to CERT, etc. Entry has three parts Unique ID Description References Name CVE-1999-0965 Description Race condition in xterm allows local users to modify arbitrary files via the logging option. References CERT:CA-93.17 XF:xterm CS52600 21 2010 Chris Clifton 10

CS18000: Programming I Flow-based Penetration Analysis (Gupta and Gligor 91) Goal: Systematic approach to penetration analysis Verifiable properties Amenable to automation Assumes set of design properties will produce secure system Captures properties using state-transition model Entity may be altered/viewed/invoked only if preconditions validated in atomic sequence CS52600 23 Assumptions Security Objective: Provide Controlled Access Penetration: Obtain access outside controls Penetration Goals: Gain unauthorized access Denial of service to authorized users Bypass system accountability CS52600 24 2010 Chris Clifton 11

CS18000: Programming I Hypothesis of Penetration- Resistant Systems System secure if it adheres to design properties System Isolation (Tamperproof) Parameter checking at system interface User/system address space separation System cell selection and transfer of control System Noncircumventability All references mediated Consistency of Validation Checks Invariant assertions Timing consistency of checks Elimination of Undesirable System/User Dependencies Inter-user dependencies or system depends on user CS52600 25 Noncircumventability, Timing, Dependency examples CS52600 26 2010 Chris Clifton 12

CS18000: Programming I Panic example CS52600 27 Hypothesis of Penetration Patterns Flaws can be identified in source code Patterns of incorrect/absent validation-check statements Integrated flows that violate design/code specifications CS52600 28 2010 Chris Clifton 13

CS18000: Programming I It s Real: Implementation Implemented for C to analyze Unix-style OS Source code converted to PROLOG facts Flow-based integration tool generates all possible execution path records information flows function calls/returns validation conditions Passed to flaw detection module CS52600 29 System Overview CS52600 30 2010 Chris Clifton 14

CS18000: Programming I Code to Execution Tree example CS52600 31 Flow Checking CS52600 32 2010 Chris Clifton 15

CS18000: Programming I Modeling Abstract cell set system entities that hold information Function set All user-invokable functions Includes subset involving time delays System condition set All parameter checks Information flow set All possible flows between pairs of cells Alter set, View set Set of cell, condition pairs Also critical function set, entry point set Altered, Viewed, invoked sets condition, entry point, sequence of flows/conditions CS52600 33 Penetration Resistant Definition For all states (c,e,p) in altered (viewed invoked) set: Conditions associated with e are subset of conditions checked in p Conditions associated with c are subset of those checked in p There is a subsequence of p leading to the end of p that covers conditions of c and does not contain (f,g) where f and g are in time delay set State transitions: alter, view cell; invoke function Adds (c,e,p) to altered cell set if conditions met CS52600 34 2010 Chris Clifton 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information