1 / 25

Lecture 0. Course Introduction

COM850 Computer Hacking and Security. Lecture 0. Course Introduction. Prof. Taeweon Suh Computer Science Education Korea University. Course Information. Instructor Prof. Taeweon Suh Textbook HACKING – The Art of Exploitation, 2 nd Edition, Jon Erickson, 2008 Prerequisites

asta
Télécharger la présentation

Lecture 0. Course Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COM850 Computer Hacking and Security Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science Education Korea University

  2. Course Information • Instructor • Prof. TaeweonSuh • Textbook • HACKING – The Art of Exploitation, 2nd Edition, Jon Erickson, 2008 • Prerequisites • C-programming, Network Programming, Computer Architecture, Operating Systems • References • Practical Packet Analysis using Wireshark to Solve Real-world Network Problems, Chris Sanders, 2nd Edition, no starch press, 2011 • TCP/IP Protocol Suite, BehrouzForouzan, 4th Edition, McGraw-Hill, 2009 • TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley, 1994 • Office hours • After class as needed • By appointment at Lyceum 307 • Course materials will be posted on the course web at http://esca.korea.ac.kr/ • Contact Information • suhtw@korea.ac.kr • 02-3290-2397

  3. Hacking is Bad? • Most people associate hacking with breaking the law and assume that everyone who engages in hacking activities is a criminal • Hackers are outlaws, snooping, stealing, and spreading viruses. No one has good words for them • The essence of hacking is finding unintended or overlooked uses and applying them in a new and inventive ways • Hacked solutions follow the rules of the system, but they use those rules in counterintuitive ways

  4. Pioneers of Hacking • John Draper • Hacked telephone line to make free calls • Arrested on toll fraud charges in 1972 • Inspired 2 Steves Discovery Channel’s The History of Hacking http://video.google.com/videoplay?docid=5464925144369700635&q=hacking+documentary#

  5. Pioneers of Hacking • Steve Wozniack • Apple co-founder • Started revolution in computers • Kevin Mitnick • Hacked many computer systems • Convicted of various computer and communication-related crimes Discovery Channel’s The History of Hacking http://video.google.com/videoplay?docid=5464925144369700635&q=hacking+documentary#

  6. “My” Hacking Classification • Software hacking • Exploit vulnerabilities in software • Hardware Trojan • Implant malicious hardware inside a chip • Hybrid (hardware + software) • Software to trigger Hardware Trojans • Software based on the understanding of hardware details

  7. Abstractions in Computer Programming using APIs Provides APIs (Application Programming Interface) Operating Systems Assembly language or Machine language Instruction Set Architecture (ISA) Hardware Implementation

  8. Software Hacking • Exploit vulnerabilities in software • Classic buffer overflow • Heap-based overflow • Function pointer overflow … Layout of virtual address space on IA-32

  9. Software Hacking • Exploit weakness in network protocols and their implementation in software • Denial of Service (DoS): SYN flooding, Ping flooding, Ping of Death, Teardrop, Smurf and Fraggle attacks, Distributed DoS…

  10. Hardware Trojan • Relatively new and different attack method • Implant malicious logic into a chip Implantation during Design Phase HDL Implantation during fabrication Implantation via CAD tools IPs

  11. Hardware Trojan • Israel’s strike to nuclear plants in Syria (2007) • European chip maker recently built into its microprocessors a kill-switch that could be accessed remotely. French defense contractors have used the chips in military equipment • Time-bomb … • “The Hunt for The Kill Switch,” IEEE Spectrum, May 2008

  12. Hybrid • Certain conditions created by software trigger Hardware Trojans • Software hacks computer systems based on understanding of hardware details • Insecure hardware initialization by the BIOS • The BIOS didn’t lock remapping registers after configuration • Attackers reprogram these registers to map to TSEG • Corrupt SMI handlers with malicious code • “Hardware Security in Practice: Challenges and Opportunities,” HOST, 2011

  13. Objectives • Our focus is on software hacking and security • In-depth understanding of x86 processor, compiler outcome, networking, and hopefully OS • Understand vulnerabilites in software • Classic buffer overflow in stack • Denial of Service (DoS) attacks • TCP/IP Hijacking • … • Study countermeasures to prevent from attacks • As a side effect, get used to: • Linux system programming • x86-based assembly

  14. Lab Environment • Hardware: x86-based computers • Personal laptops are preferred • Software: 32-bit Linux • The textbook contain a CD you can play with • Or, experiment with the latest Linux, but recent OSs are patched against well-known security threats • GDB, Wireshark …

  15. Grading Policy • Midterm Exam: 30% • Final Exam: 30% • Class Presentations: 40% • Fail rule • You will be given an “F” if you are absent more than 3 times • 2 late show-ups will be counted as 1 absence

  16. Understand Computer? • How much do you “exactly” understand computers? • Answer to the following 2 questions

  17. 0.025 != 0.025 ?

  18. 0.07 != 0.07 ?

  19. a x b x c != b x c x a ?

  20. What Would You Get? #include <stdio.h> int main() { signed int sa = 7; signed int sb = -7; unsigned int ua = *((unsigned int *) &sa); unsigned int ub = *((unsigned int *) &sb); printf("sa = %d : ua = 0x%x\n", sa, ua); printf("sb = %d : ub = 0x%x\n", sb, ub); return 0; }

  21. What Would You Get? #include <stdio.h> int main() { float f1 = -58.0; unsigned int u1 = *((unsigned int *) &f1); printf("f1 = %f\n", f1); printf("f1 = %3.20f\n", f1); printf("u1 = 0x%X\n", u1); return 0; } What is this?

  22. What Would You Get? #include <stdio.h> int main() { double d1 = -58.0; unsigned long long u1 = *((unsigned long long *) &d1); printf("d1 = %lf\n", d1); printf("d1 = %3.20lf\n", d1); printf("u1 = 0x%llX\n", u1); return 0; } What is this?

  23. What Would You Get? #include <stdio.h> int main() { float f2 = -0.1; unsigned int u2 = *((unsigned int *) &f2); printf("f2 = %f\n", f2); printf("f2 = %3.20f\n", f2); printf("u2 = 0x%X\n", u2); return 0; } Why are these different? And What is this?

  24. What Would You Get? #include <stdio.h> int main() { float f3 = 0.7; unsigned int u3 = *((unsigned int *) &f3); printf("f3 = %f\n", f3); printf("f3 = %3.20f\n", f3); printf("u3 = 0x%X\n", u3); return 0; } Why are these different? What is this?

  25. Intel’s Core i7 (2nd Gen.) 2nd Generation Core i7 Sandy Bridge 995 million transistors in 216 mm2 with 32nm technology

More Related