Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or...
-
Upload
angelina-cannon -
Category
Documents
-
view
212 -
download
0
Transcript of Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or...
![Page 1: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/1.jpg)
Security Analysis
What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its
communications are secure.
Why do we study it? Difficult to say how a program will behave on a given
system by simply looking at a program and the programmers intentions.
Need formal methods for reasoning about the behaviour of systems.
![Page 2: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/2.jpg)
C I A Confidentiality
Ability to hide data. (e.g. Encryption) Most obvious security idea → Attacked most often.
Integrity Ability to ensure that the data is accurate. (e.g. Quantum cryptography)
Availability Data is accessible to authorised viewers at all times. If its too inconvenient to use, it wont be!
A widely used idea in Security Analysis. (Note : The ideas of security analysis go beyond encryption. )
![Page 3: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/3.jpg)
Types of Security Attacks. Software Exploits.
Careless programming / obscure interactions.• Buffer overflows (Alex will be talking about these).• Insecure communications (e.g. FTP, American Satellite).
Timing Attacks. Slow systems.
• Password checking• SMART Cards
Denial of Service Attacks. Aim is to crash target program / system.
• Aimed at a particular piece of software• Repeated requests → Resource starvation.
![Page 4: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/4.jpg)
What are the solutions? Better Programming.
Helps us to counter timing attacks. Test the systems.
Formally using logics.• π-Calculus, λ-Calculus.
Brute force. There isn’t always a solution / problems
can take time to appear. Needham-Schroeder was in use for 18 years
![Page 5: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/5.jpg)
Buffer Overflow.c (1)#include <stdio.h>
/* global variables */
int count, address;
int * ptr;
![Page 6: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/6.jpg)
Buffer Overflow.c (1)#include <stdio.h>
/* global variables */
int count, address;
int * ptr;
void funct(void)
{
printf("This function is never called...\n");
}
![Page 7: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/7.jpg)
Buffer Overflow.c (2)void fill_buffer()
{
int buffer[10];
ptr = buffer;
}
![Page 8: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/8.jpg)
Buffer Overflow.c (2)void fill_buffer()
{
int buffer[10];
ptr = buffer;
for(count = 0; count < 12; count++)
{
*ptr = address;
ptr++;
}
}
![Page 9: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/9.jpg)
Buffer Overflow.c (3)int main(void)
{
address = (int) &funct;
fill_buffer();
return 0;
}
![Page 10: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/10.jpg)
Buffer Overflow.c (3)int main(void)
{
address = (int) &funct;
fill_buffer();
return 0;
}
Output:
This function is never called...
Segmentation Fault
![Page 11: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/11.jpg)
Stack organisation
During a function call
??
![Page 12: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/12.jpg)
Stack organisation
During a function call
??
000
FFF
Stack grows down-wards
![Page 13: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/13.jpg)
Stack organisation
During a function call
??
Return address
000
FFF
Stack grows down-wards
![Page 14: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/14.jpg)
Stack organisation
During a function call
??
Return address
??
000
FFF
Stack grows down-wards
![Page 15: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/15.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
000
FFF
Stack grows down-wards
![Page 16: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/16.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000
FFF
Stack grows down-wards
![Page 17: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/17.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000
FFF
Stack grows down-wards
ptr
count = 0
![Page 18: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/18.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 0
![Page 19: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/19.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 1
![Page 20: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/20.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 2
![Page 21: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/21.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwardsptr
count = 3
![Page 22: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/22.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwardsptr
count = 4
![Page 23: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/23.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 5
![Page 24: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/24.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 6
![Page 25: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/25.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 7
![Page 26: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/26.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 8
![Page 27: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/27.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 9
![Page 28: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/28.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 10
![Page 29: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/29.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 11
![Page 30: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/30.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
??000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 12
![Page 31: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/31.jpg)
Stack organisation
During a function call
??
Return address
??
buffer[10]
000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 12
![Page 32: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/32.jpg)
Stack organisation
During a function call
??
Return address
??
000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 12
![Page 33: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/33.jpg)
Stack organisation
During a function call
??
Return address
000 000
FFFFFF
Stack grows down-wards
Pointer (ptr) copies upwards
ptr
count = 12
![Page 34: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/34.jpg)
Stack organisation
During a function call
??
Return address
000
FFF
Pointer (ptr) copies upwards
ptr
return;
![Page 35: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/35.jpg)
Stack organisation
During a function call
??
Return address
000
FFF
Pointer (ptr) copies upwards
ptr
return;
![Page 36: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/36.jpg)
Stack organisation
During a function call
??
Return address
000
FFF
Pointer (ptr) copies upwards
ptr
return;
![Page 37: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/37.jpg)
Stack organisation
During a function call
??
Return address
000
FFF
Pointer (ptr) copies upwards
ptr
return;
0x8048410
![Page 38: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/38.jpg)
Stack organisation
During a function call
??
Return address
return;
0x8048410
![Page 39: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/39.jpg)
Stack organisation
During a function callreturn;
0x8048410
![Page 40: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/40.jpg)
Stack organisation
During a function callreturn;
0x8048410
![Page 41: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/41.jpg)
Stack organisation
During a function callreturn;
0x8048410
![Page 42: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/42.jpg)
Stack organisation
During a function callreturn;
0x8048410
![Page 43: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/43.jpg)
Stack organisation
During a function callreturn;
0x8048410
void funct(void)
{
printf("This function is never called...\n");
}
![Page 44: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/44.jpg)
Real Buffer Overflow Attacks You can’t write the functions yourself! strcpy() provides a similar opportunity Provide an unsuitably long input string Learn the stack organisation Write malicious code into the buffer itself Point the return address at your code Program executes code, then crashes
![Page 45: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/45.jpg)
Solutions? Various approaches exist Security Analysis relatively successful One successful technique uses “canaries” But we’re not going to explain them here See the project report for more
information Also, links available (now) on the website
![Page 46: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/46.jpg)
The End Please ask lots of
questions now... Not about canaries
though…
![Page 47: Security Analysis What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do.](https://reader035.fdocuments.us/reader035/viewer/2022070323/56649da75503460f94a93cc1/html5/thumbnails/47.jpg)
A Badly Written Password Checker
PassChecker(str given, str password){
If (length(given) != length(password)){
return 0;
}
for (i = 0; i < length(password); i++){
if{given[i] != password[i]){
return 0;
}
}
return 1;
}