Soma-notes - User contributions [en]

Computer Systems Security (Winter 2016)

2016-02-22T00:35:20Z

Willforrest: /* Lectures and Exams */

==Course Outline==

[[Computer Systems Security: Winter 2016 Course Outline|Here]] is the course outline.

==Hacking Opportunities==

The [[SystemsSec 2016W Hacking Opportunities|Hacking Opportunities]] page lists potential hacking opportunities that you can attempt for your hacking journal. If you attempt but do not successfully accomplish one of them, be sure to document what you tried. As you learn more, you may come back to them and try again.

==Resources==

===Readings===

* For the first part of the course we will be reading selections from Trent Jaeger's [http://www.morganclaypool.com/doi/abs/10.2200/S00126ED1V01Y200808SPT001 Operating Systems Security] textbook. You can download the PDF [http://www.morganclaypool.com.proxy.library.carleton.ca/doi/abs/10.2200/S00126ED1V01Y200808SPT001 through Carleton's library]. In the reading assignments this text will be referred to as "Jaeger".
* An excellent but dated text on browser security is Michal Zalewski's [https://code.google.com/p/browsersec/wiki/Main Browser Security Handbook].

===Other Courses===

* Dan Boneh ran an excellent course at Stanford in Spring 2015 on [https://crypto.stanford.edu/cs155/ Computer and Network Security]. This course has many interesting readings that we will not be covering. Also, the assignments are very good sources for hacking opportunities.
* The assignments from the Winter 2015 run of COMP 4108 [https://www.ccsl.carleton.ca/~askillen/COMP4108/ are available]. They are a reasonable start for several hacking opportunities.

==Lectures and Exams==

<table style="width: 100%;" border="1" cellpadding="4" cellspacing="0">
<tr valign="top">
<th>
Date
</th>
<th>
Topic
</th>
<th>
Readings
</th>
</tr>
<tr>
<td>
Jan. 7

</td>
<td>
[[SystemsSec 2016W Lecture 1|Introduction]]

</td>
<td>Jaeger, Chapter 1 (Introduction)</td></tr>
<tr>
<td>
Jan. 12

</td>
<td>
[[SystemsSec 2016W Lecture 2|Access Control, Security Hacking 101]]

</td>
<td>Jaeger, Chapter 2 (Access Control Fundamentals)</td></tr>
<tr>
<td>
Jan. 14

</td>
<td>
[[SystemsSec 2016W Lecture 3|Multics, UNIX, and Windows]]

</td>
<td>Jaeger, Chapter 3 (Multics) and Chapter 4 (UNIX & Windows) </td></tr>
<tr>
<td>
Jan. 19

</td>
<td>
[[SystemsSec 2016W Lecture 4|Secure OSs, theory and practice]]

</td>
<td>Jaeger, Chapter 6 (Security Kernels) and Chapter 7 (Securing Commercial Operating Systems)</td></tr>
<tr>
<td>
Jan. 21

</td>
<td>
[[SystemsSec 2016W Lecture 5|LSM, SELinux, & Capabilities]]

</td>
<td>Jaeger, Chapter 9 (LSM & SELinux) and Chapter 10 (Secure Capability Systems)</td></tr>
<tr>
<td>
Jan. 26

</td>
<td>
[[SystemsSec 2016W Lecture 6|Secure Virtual Machines, Systems Assurance]]

</td>
<td>Jaeger, Chapter 11 (Secure Virtual Machine Systems) and Chapter 12 (System Assurance)</td></tr>
<tr>
<td>
Jan. 28

</td>
<td>
[[SystemsSec 2016W Lecture 7|Lecture 7]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 2

</td>
<td>
[[SystemsSec 2016W Lecture 8|Lecture 8]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 4

</td>
<td>
[[SystemsSec 2016W Lecture 9|Lecture 9]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 9

</td>
<td>
[[SystemsSec 2016W Lecture 10|Lecture 10]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 11

</td>
<td>
[[SystemsSec 2016W Lecture 11|Modeling a potential attack/ Midterm FAQ]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 23

</td>
<td>
[[SystemsSec 2016W Lecture 12|Midterm Review]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 25

</td>
<td>
Midterm (in class)

</td>
<td></td></tr>
<tr>
<td>
Mar. 1

</td>
<td>
[[SystemsSec 2016W Lecture 13|Lecture 13]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 3

</td>
<td>
[[SystemsSec 2016W Lecture 14|Lecture 14]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 8

</td>
<td>
[[SystemsSec 2016W Lecture 15|Lecture 15]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 10

</td>
<td>
[[SystemsSec 2016W Lecture 16|Lecture 16]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 15

</td>
<td>
[[SystemsSec 2016W Lecture 17|Lecture 17]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 17

</td>
<td>
[[SystemsSec 2016W Lecture 18|Lecture 18]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 22

</td>
<td>
[[SystemsSec 2016W Lecture 19|Lecture 19]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 24

</td>
<td>
[[SystemsSec 2016W Lecture 20|Lecture 20]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 29

</td>
<td>
[[SystemsSec 2016W Lecture 21|Lecture 21]]

</td>
<td></td></tr>
<tr>
<td>
Mar. 31

</td>
<td>
[[SystemsSec 2016W Lecture 22|Lecture 22]]

</td>
<td></td></tr>
<tr>
<td>
Apr. 5

</td>
<td>
[[SystemsSec 2016W Lecture 23|Lecture 23]]

</td>
<td></td></tr>
<tr>
<td>
April 7

</td>
<td>
[[SystemsSec 2016W Lecture 24|Lecture 24]]

</td>
<td></td></tr>
<tr>
<td>
April 19, 9 AM

</td>
<td>
Final Exam

</td>
<td></td></tr>
</table>

==Assignments==
<table style="width: 100%;" border="1" cellpadding="4" cellspacing="0">
<tr valign="top">
<th>
Due Date
</th>
<th>
Assignments
</th>
</tr>
<tr>
<td>
Jan. 30

</td>
<td>
[[SystemsSec 2016W: Assignment 1|Assignment 1]]

</td>
</tr>
<tr>
<td>
Feb. 22

</td>
<td>
[[SystemsSec 2016W: Assignment 2|Assignment 2]]

</td>
</tr>
<tr>
<td>
Mar. 19

</td>
<td>
[[SystemsSec 2016W: Assignment 3|Assignment 3]]

</td>
</tr>
<tr>
<td>
April 4

</td>
<td>
[[SystemsSec 2016W: Assignment 4|Assignment 4]]

</td>
</tr>
</table>

==Lecture Notes Guidelines==

Part of your participation mark is doing notes for at least one of the lectures. Here are the guidelines for those notes.

The class TA Borke (BorkeObadaObieh at cmail.carleton.ca) will be handling course notes. Please contact her to schedule your class to take notes.

Borke or Anil will set you up with an account on this wiki. You'll enter your initial draft notes here and then work with Borke to make sure they are of sufficient quality. This may require a few rounds of revisions; however, if you follow the guidelines below it shouldn't be too bad.

You should plan on organizing your notes as follows:
* Organize them in at least the following sections: Topics & Readings and Notes.
* The Topics & Readings section lists the main topics covered in the class, e.g. "buffer overflows". Please use an unordered bulleted list (using *'s in wiki markup). In this section also list readings relevant to the lecture that were mentioned in class.
* Put your notes in the Notes section.

Use (nested) lists if appropriate for the notes; however, please have some text that isn't bulleted. Please try to make the notes even if you did not attend lecture; however, you don't need to cover every small bit of information that was covered. In particular the notes do not need to include digressions into topics only tangentially related to the course. Complete sentences are welcome but not required.

SystemsSec 2016W Lecture 11

2016-02-22T00:27:37Z

Willforrest:

==Sample Midterm Questions==

* What properties should a secure OS have? Why?
* Why are production operating systems not constructed like ones designed for security first? Be specific
* To what extent are security tools (for attack and defense) hard to use? Are these difficulties inherent to the technology or are other factors in play? Give examples from your personal experience.
* Describe three threat models and explain what entities these threat models apply to.

==Midterm Layout==

*Expect each question to be a small essay, that draws upon the information acquired through class, and through the readings to form a conclusion.
*Expect 3-5 questions on the midterm.
*This exam will be closed book. Email Anil if writing this midterm via computer is important to you.

==Model of a standard attack==

Let us look at a standard attack. An attacker will do the following:
*Identify a target: An attacker will select a system or individual to attack
*Surveillance: An attacker will study the target.
*Get access ("The Attack"): An attacker at some point will access or breach the system.
*Accomplish his goal: An attacker will gather what he came for (credit cards, passwords, bank transfer etc)
*Cover his tracks: An attacker will not want to be identified. They will try to destroy system logs, and any evidence that could point to the attack ever happening. In this sense, the news only reports failed attacks, as the intrusion was detected.

==Example attack Surveillance==

Let's say we are attacking an Ubuntu machine.

How do we monitor what's happening?

*IP addresses, Port checking, etc.: These are very noisy approaches, and will alert a system. An attacker will not do this more then absolutely necessary

*Monitoring the network: Is it possible to monitor this network from another machine?, An attacker may need to compromise another machine first!
**This can be done by Wireshark

*Physical Surveillance:
**Personnel, Administrators: Do they have social media that can be accessed, and guess the password from info? **Set up account on another site: Can they convince an employee to make an account, they may use same password.
**Forums: Have they posted about bugs or net problems?
**Wireless network: can they eavesdrop on a signal?

What we really want to know in Surveillance step: What code is running on the server.

==Example attack==

There's a tool called '''nmap''' which can figure out what operating system you're running. Let's say it is running WordPress (wahoo, it has known vulnerabilities), and we know the exact version. There are packaged tools like '''metaexploit''' which easily help you make the attack.

The next step? Set up the same WordPress version, and test the exploit on our own systems. We don't want to be caught on a failed attempt. We can engineer the exploit to do it's intended goal, and test it's success, without fear of detection.

If we are not detected, this brings us to another type of attack:

*Advanced Persistent Threats: Breaking in, and modifying the system to infiltrate as needed.

As we can see it takes a fair bit of work to infiltrate a target. So why do we protection? The end result is if someone doesn't want to be caught, they need another machine. Or many.

*The most common threat scenario:

**Being attacked, but you are not the target!
**Targets become very broad: Anyone with windows, anyone with an RBC account etc.
**Surveillance becomes less needed if you infect a trusted system.

Recently, some attackers stop at surveillance. They develop the exploits and keep them; in order to sell the vulnerability (not the exploit) or blackmail. Governments now keep exploit stacks.

==Countermeasures==

*We can't stop surveillence, but we can mitigate it. This is the purpose of firewalls, they reduce infomation that can be obtained from the outside.

*Having a custom OS would be very ideal, an attacker can't practice against a copy of your system. Live and noisy attacks become the only method of attacker. And the system targeted can attempt up it's security in response, or move data.

*Under ideal conditions, the reference monitor of a system cannot be broken into. An attacker has to deal with the reference monitor's restrictions. They have to attack people and use the methods they would use to edit data. As a result, every user is a possible attacker. The access of every user, including root, must be limited.

*Preventing an attacker from achieving their goals and covering their tracks are the most reliant countermeasures.
**Logs that can't be tampered with by being placed on another system, or uneditable.
**Information being withheld to even users

*One problem. We can't make a perfect reference monitor.
**The rest of the semester, we'll talk about the failure of reference monitor.

==Tools==

*NMAP: A tool designed to identify system and their versions, by analyzing the responses. Each system implements networks slightly differently, and this tool has a small database to compare to.

SystemsSec 2016W Lecture 11

2016-02-12T19:03:32Z

Willforrest:

==Sample Midterm Questions==

* What properties should a secure OS have? Why?
* Why are production operating systems not constructed like ones designed for security first? Be specific
* To what extent are security tools (for attack and defense) hard to use? Are these difficulties inherent to the technology or are other factors in play? Give examples from your personal experience.
* Describe three threat models and explain what entities these threat models apply to.

==Midterm Layout==

*Expect each question to be a small essay, that draws upon the information acquired through class, and through the readings to form a conclusion.
*Expect 3-5 questions on the midterm.
*This exam will be closed book. Email Anil if writing this midterm via computer is important to you.

==Under construction==

==Model of a standard attack==

Let us look at a standard attack. An attacker will do the following:
*Identify a target: An attacker will select a system or individual to attack
*Surveillence: An attacker will study the target.
*Get access ("The Attack"): An attacker at some point will access or breach the system.
*Accomplish his goal: An attacker will gather what he came for (credit cards, passwords, bank transfer etc)
*Cover his tracks: An attacker will not want to be identified. They will try to destroy system logs, and any evidence that could point to the attack ever happening. In this sense, the news only reports failed attacks, as the intrusion was detected.

==Example attack Surveillence==

Let's say we are attacking an Ubuntu machine.

What can we gather intelligence wise?

*Ip addresses, Port checking, etc.: These are very noisy approaches, and will alert a system. an attacker will not do this more then absolutely neccessary

*Webserver status:
**What code is running on the server?
**What version?
**Webserver will usually hand this out

*monitoring the network: Is it possible to monitor this network from another machine?, An attacker may need to compromise another machine first!

*Physical Surveillence:
**Personel, Administrators: Do they have social media that can be accessed, and guess the password from info? **Set up account on another site: Can they convince an employee to make an account, they may use same password.
**Forums: Have they posted about bugs or net problems?
**Wireless network: can they eavesdrop on a signal?

==Example attack==

Let's say we know someone is running wordpress (wahoo, many exploits), and we know the exact version. We can get an exploit to use online.

The next step? Set up the same wordpress version, and test the exploit on our own systems. We don't want to be caught on a failed attempt. We can engineer the exploit to do it's intended goal, and test it's success, without fear of detection.

If we are not detected, this brings us to another type of attack:

*Advanced Persistent threats: Breaking in, and modifying the system to infiltrate as needed.

As we can see it takes a fair bit of work to infiltrate a target. So why do we protection? The end result is if someone doesn't want to be caught, they need another machine. Or manay.

*The most common threat scenario:

**Being attacked, but you are not the target!
**Targets become very broad: Anyone with windows, anyone with an RBC account etc.
**Surveillence becomes less needed if you infect a trusted system.

==Countermeasures==

*We can't stop surveillence, but we can mitigate it. This is the purpose of firewalls, they reduce infomation that can be obtained from the outside.

*Having a custom OS would be very ideal, an attacker can't practice against a copy of your system. Live and noisy attacks become the only method of attacker. And the system targeted can attempt up it's security in response, or move data.

*Under ideal conditions, the reference monitor of a system cannot be broken into. An attacker has to deal with the reference monitor's restrictions. They have to attack people and use the methods they would use to edit data. As a result, every user is a possible attacker. The access of every user, including root, must be limited.

*Preventing an attacker from achieving their goals and covering their tracks are the most reliant countermeasures.
**Logs that can't be tampered with by being placed on another system, or uneditable.
**Information being withheld to even users

*One problem. We can't make a perfect reference monitor.

==Tools==

*NMAP: A tool designed to identify system and their versions, by analyzing the responses. Each system implements networks slightly differently, and this tool has a small database to compare to.

SystemsSec 2016W Lecture 11

2016-02-12T18:52:40Z

Willforrest:

SystemsSec 2016W Lecture 11

2016-02-11T15:28:39Z

Willforrest: /* Sample Midterm Questions */