1 / 47

Security Analysis

Security Analysis. What is it? Rapidly growing area of computer science. Concerned with whether or not a system and its communications are secure. Why do we study it? Difficult to say how a program will behave on a given system by simply looking at a program and the programmers intentions.

nimrod
Télécharger la présentation

Security Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Analysis • What is it? • Rapidly growing area of computer science. • Concerned with whether or not a system and its communications are secure. • Why do we study it? • Difficult to say how a program will behave on a given system by simply looking at a program and the programmers intentions. • Need formal methods for reasoning about the behaviour of systems.

  2. C I A • Confidentiality • Ability to hide data. (e.g. Encryption) • Most obvious security idea → Attacked most often. • Integrity • Ability to ensure that the data is accurate. (e.g. Quantum cryptography) • Availability • Data is accessible to authorised viewers at all times. • If its too inconvenient to use, it wont be! A widely used idea in Security Analysis. (Note : The ideas of security analysis go beyond encryption. )

  3. Types of Security Attacks. • Software Exploits. • Careless programming / obscure interactions. • Buffer overflows (Alex will be talking about these). • Insecure communications (e.g. FTP, American Satellite). • Timing Attacks. • Slow systems. • Password checking • SMART Cards • Denial of Service Attacks. • Aim is to crash target program / system. • Aimed at a particular piece of software • Repeated requests → Resource starvation.

  4. What are the solutions? • Better Programming. • Helps us to counter timing attacks. • Test the systems. • Formally using logics. • π-Calculus, λ-Calculus. • Brute force. • There isn’t always a solution / problems can take time to appear. • Needham-Schroeder was in use for 18 years

  5. Buffer Overflow.c (1) #include <stdio.h> /* global variables */ int count, address; int * ptr;

  6. Buffer Overflow.c (1) #include <stdio.h> /* global variables */ int count, address; int * ptr; void funct(void) { printf("This function is never called...\n"); }

  7. Buffer Overflow.c (2) void fill_buffer() { int buffer[10]; ptr = buffer; }

  8. Buffer Overflow.c (2) void fill_buffer() { int buffer[10]; ptr = buffer; for(count = 0; count < 12; count++) { *ptr = address; ptr++; } }

  9. Buffer Overflow.c (3) int main(void) { address = (int) &funct; fill_buffer(); return 0; }

  10. Buffer Overflow.c (3) int main(void) { address = (int) &funct; fill_buffer(); return 0; } Output: This function is never called... Segmentation Fault

  11. During a function call Stack organisation

  12. During a function call Stack organisation FFF Stack grows down-wards 000

  13. During a function call Stack organisation FFF Stack grows down-wards 000

  14. During a function call Stack organisation FFF Stack grows down-wards 000

  15. During a function call Stack organisation FFF Stack grows down-wards 000

  16. During a function call Stack organisation FFF Stack grows down-wards 000

  17. During a function call ptr Stack organisation FFF Stack grows down-wards 000 count = 0

  18. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 0

  19. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 1

  20. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 2

  21. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 3

  22. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 4

  23. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 5

  24. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 6

  25. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 7

  26. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 8

  27. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 9

  28. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 10

  29. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 11

  30. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 12

  31. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 12

  32. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 12

  33. During a function call ptr Stack organisation FFF FFF Stack grows down-wards Pointer (ptr) copies upwards 000 000 count = 12

  34. During a function call ptr Stack organisation FFF Pointer (ptr) copies upwards 000 return;

  35. During a function call ptr Stack organisation FFF Pointer (ptr) copies upwards 000 return;

  36. During a function call ptr Stack organisation FFF Pointer (ptr) copies upwards 000 return;

  37. During a function call ptr Stack organisation FFF Pointer (ptr) copies upwards 0x8048410 000 return;

  38. During a function call Stack organisation 0x8048410 return;

  39. During a function call Stack organisation 0x8048410 return;

  40. During a function call Stack organisation 0x8048410 return;

  41. During a function call Stack organisation 0x8048410 return;

  42. During a function call Stack organisation 0x8048410 return;

  43. During a function call Stack organisation void funct(void) { printf("This function is never called...\n"); } 0x8048410 return;

  44. Real Buffer Overflow Attacks • You can’t write the functions yourself! • strcpy() provides a similar opportunity • Provide an unsuitably long input string • Learn the stack organisation • Write malicious code into the buffer itself • Point the return address at your code • Program executes code, then crashes

  45. Solutions? • Various approaches exist • Security Analysis relatively successful • One successful technique uses “canaries” • But we’re not going to explain them here • See the project report for more information • Also, links available (now) on the website

  46. The End • Please ask lots of questions now... • Not about canaries though…

  47. A Badly Written Password Checker PassChecker(str given, str password){ If (length(given) != length(password)){ return 0; } for (i = 0; i < length(password); i++){ if{given[i] != password[i]){ return 0; } } return 1; }

More Related