












Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A series of lecture notes from a computer and network security course taught by professor jaeger at penn state university in fall 2006. The notes cover topics such as the morris worm, engineering disasters, buffer overflows, and buffer overflow prevention. The morris worm is discussed in detail, including how it disabled the internet in 1988. Buffer overflows are also covered, with a focus on how they can be used to take over a host and install root kits, use as spam bots, or launch other attacks. The document also discusses buffer overflow prevention techniques such as stackguard.
Typology: Study notes
1 / 20
This page cannot be seen from the preview
Don't miss anything!













Robert Morris, a 23 doctoral student from Cornell
Wrote a small (99 line) program
November 3rd, 1988
Simply disabled the Internet
How it did it
Reads /etc/password, they tries the obvious choices and dictionary, /usr/dict words
Used local /etc/hosts.equiv, .rhosts, .forward to identify hosts that are related
Scanned local interfaces for network information
Covered its tracks (set is own process name to sh, prevented accurate cores, re-forked itself)
One means by which the bad guys take over a host
install root kits
use as SPAM bots
use as zombies
launch other attacks
There are many attacks, but this is most prevalent
It all starts with some programmer mistake
e.g., bad software TEXT DATA HEAP STACK 0x000.... 0xfff....
Stack frame
how local variables and program state is stored in most modern programming languages
The Attack
overwrite buffer on stack with new return pointer pointing to adversary code
Return from function lands program counter into bad guys downloaded code
Game over -- they now control that host SP ret a b buf myret evil evil evil evil
Function Pointers
Overwrite a local function pointer variable
Q: What can be done?
Heap overflow
Overflow a buffer on the heap
Integer Overflow
For signed 8-bit integers
Malformed Character Input
What does URL “
Type Safe Language
No buffer/heap/ptr overflows
No unsafe casts
Still have integer overflows?
Java Virtual Machine
Interpret bytecodes (or compile together)
Security Manager (reference monitor for JVM)
Q: What is the trust model of a Java application?
CSE543 Computer and Network Security - Fall 2006 - Professor Jaeger Page C Analysis
CSE543 Computer and Network Security - Fall 2006 - Professor Jaeger Page Source Code Analysis
What is it?
Simple security & -property
Why?
Leandro Aragoncillo, e.g.
Problem: Information release
Solution: Information Flow Control
Stronger enforcement than reference monitors {NUC, EUR, US} {NUC, EUR} {NUC, US} {EUR, US} {NUC} {EUR} {US} Access to all compartments Access to no compartments
Key:
tag data
monitor flows
RMs tag actual data
all data/processes have label
central security monitor checks op- erations, data access against policy
Security-typed languages use virtual tags
data types are labeled
type checker validates flows Label all data Monitor flows
Key insight: label types with security levels
Security-typing is compositional Example 1 int{high} h1,h2; int{low} l; l = 5; h2 = l; h1 = h2 + 10; l = h2 + l; Example 2 String{low} proc(Object{high} o); ... main() { Object{high} obj; String{low} s; s = proc_obj(obj); ... }
int Low mydata = 0; int Low mydata2 = 0; if (test High
mydata = 1; else mydata = 2; mydata2 = 0; print Low (mydata2); print Low (mydata); … Static (virtual) tagging Causes type error at compile-time mydata contains information about test so it can no longer be Low, but mydata2 is outside the conditional, so it is untainted by test
System-wide security
Certifying compilation
Abstraction-violating attacks
Dynamic policies
Practical issues
Variations of static analysis
“The inability to express or enforce end-to-end security policies is a serious problem with our current computing infrastructure, and language-based techniques appear to be essential to any solution to this problem.”