Soma-notes - User contributions [en]

SystemsSec 2018W Lecture 11

2018-02-14T15:07:57Z

Yannick: /* Notes */

==Audio==

[https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec11-12Feb2017.m4a Lecture 11 Audio]

==Notes==
=== HTTPS ===
- How to set it up?
- Get your public/private key pair signed by a respected authority
- You can also self-sign but may encounter errors

- Current certificate is expired (Feb 2014)

- Need to get new certificate
- New thing called “Let’s encrypt” that offers free certificates (only for 90 days)
- Recommends downloading CertBot
- Might already come with Linux distribution

=== Certbot ===
- Default commands provide useful instructions
- Need to enter the webroot and url
- This is to prove to Certbot that we have control of the server
- Used to generate challenges that Certbot will verify

- Update the server’s configuration file with the newly generated certificates
- In this case used symbolic links
- Restart the server

=== Buffer overflows===
- Make a classic C program
- Typing over the buffer length
- Detected stack smashing
- ONLY after writing and reading the bytes
- Use of canary words to detect if stack has been modified
- If you were a real attacker you would try and target a buffer that wasn’t protected by it
- The heap is a prime target
- If we turn off the stack protection
- Received a SIGSEGV from the kernel and the core is dumped
- Kernel saying that you tried to access memory that was not given
- Process can intercept signal and choose to do something with it
- Default handler causes you to crash with segfault
- What is “core dumped”?
- Comes from core memory
- Means that it’s written memory out

Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute.
What tools can we use?
GDB to figure out what’s happening with memory

“Stack Smashing for Fun and Profit”
Basic idea is you find the address and then overwrite the address
Might have to turn off address space randomization

SystemsSec 2018W Lecture 11

2018-02-14T15:05:27Z

Yannick: /* Notes */

==Audio==

[https://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec11-12Feb2017.m4a Lecture 11 Audio]

==Notes==
HTTPS
How to set it up?
Get your public/private key pair signed by a respected authority
You can also self-sign but may encounter errors

Current certificate is expired (Feb 2014)

Need to get new certificate
New thing called “Let’s encrypt” that offers free certificates (only for 90 days)
Recommends downloading CertBot
Might already come with Linux distribution

Certbot
Default commands provide useful instructions
Need to enter the webroot and url
This is to prove to Certbot that we have control of the server
Used to generate challenges that Certbot will verify

Update the server’s configuration file with the newly generated certificates
In this case used symbolic links
Restart the server

Buffer overflows
Make a classic C program
Typing over the buffer length
Detected stack smashing
ONLY after writing and reading the bytes
Use of canary words to detect if stack has been modified
If you were a real attacker you would try and target a buffer that wasn’t protected by it
The heap is a prime target
If we turn off the stack protection
Received a SIGSEGV from the kernel and the core is dumped
Kernel saying that you tried to access memory that was not given
Process can intercept signal and choose to do something with it
Default handler causes you to crash with segfault
What is “core dumped”?
Comes from core memory
Means that it’s written memory out

Modify C program to have a function called target in the binary but it’s never called. Goal is to make the code jump to the target function and execute.
What tools can we use?
GDB to figure out what’s happening with memory

“Stack Smashing for Fun and Profit”
Basic idea is you find the address and then overwrite the address
Might have to turn off address space randomization

SystemsSec 2018W Lecture 8

2018-01-31T17:31:09Z

Yannick: /* What’s the security problem? */

<!> Reminder to complete the experiences on time (before March 26th)

= Review of networking =

== What is the basis of the internet? ==

=== The IP packet ===
If you want to connect to the internet all you need to be able to do is send/receive packets to someone who is connected to the internet. Everyone along the line can forward or pass along packets. What about ethernet and wifi? It’s just ways of sending packets

=== What’s an ip packet? ===
Data structure
:Header
::Source IP
::Destination IP
::Checksum
::Etc.
:Payload
Most important fields are the '''source IP address''' and the '''destination IP address'''

<blockquote>''Note: Packets are unprotected! There’s no confidentiality, it’s all in the open. Everyone who touches it on the way gets to see (or change!) the entire packet. Example; NAT is changing the source and destination packets!''</blockquote>

=== What’s the security problem? ===
There is no security! How would you secure it? Certain fundamental problems about locking this down. What attacks can you perform on a set of IP packets?
; Eavesdropping
: '''Δ''' You can only encrypt the payload!
; Traffic analysis; rate of traffic, who’s talking to who, when they’re talking
: The only way to prevent traffic analysis is to encrypt the header and mask it

<blockquote>
; Pizza delivery attack
: Let’s say you’re a military organization, and you want to plan an attack but your employees are staying late? Oh look they ordered a pizza late at night, so now you have to order pizza all the time, keep the parking lot full, etc.
</blockquote>

'''Δ''' You can use a trusted intermediary service

'''Δ''' Can also use onion routing (Tor) at the cost of speed

It’s not that the designers weren’t smart, it’s that their decision had to factor in a tradeoff between functionality and security costs.

=== Key management ===
You're going to send these packets to arbitrary other machines. Let’s assume you're going to do proper security (authentication, encrypt, etc..), you need to be able to identify the destination, you need their '''public key'''.

; Where do I get the key? : Domain name system (DNS).

The DNS maps Hostnames to IP addresses. Every domain name technically ends with a ‘.’ which is defined as the root, from there it goes down a level to com, and again down to something like google, etc..

DNS is a bunch of public records, there’s no cryptographic protection in DNS. If you wanted to do that you would have to encrypt the entire mappings. Who would you trust to do that? Who has the authority to manage this? DNSSEC is an attempt to solve this and is currently being deployed but from a management’s perspective it is painful.

What protocols would we use to securely communicate? TLS/SSH, but this would only work for the payload. It gives us end-to-end protection, except that everyone can see that those two endpoints are communicating.

'''Δ''' There is a VOIP attack, in which you can figure out the words being said simply by examining the size of the packets being sent.

=== What does a VPN give you? ===
'''Δ''' What part of the traffic is encrypted and how is it authenticated?
With a VPN the whole packet is being encrypted, but it’s encapsulated in another header directed to the VPN gateway. Anyone observing your traffic would only see communication between you and the gateway.

All you’ve done is move the problem, so why use it? It can help you against attackers close to you in the network space. If they have to compromise a VPN system further away that’s better maintained, it can (in principle) be harder to compromise.

=== What is your path of trust? ===
You cannot trust hostnames because DNS can be messed with. You can’t trust IP address as those can be changed. You can only trust the encryption in the payload.

=== How do you authenticate to a classic website? ===
Download a certificate and it is vouched for by a built-in authority. But how does the site authenticate with you? You can have a public key (and a private key) to identify yourself to the organization. Example is the Yubikey; an external thumb drive to store your key.

=== Why not give everyone a key pair? ===
Hard to explain it to the everyone, and what happens when the cryptography becomes obsolete.

At the end of the day, we can only really work with end-to-end and secure it on either end and hope that both ends are the correct ends.

SystemsSec 2018W Lecture 8

2018-01-31T17:30:16Z

Yannick:

<!> Reminder to complete the experiences on time (before March 26th)

= Review of networking =

== What is the basis of the internet? ==

=== The IP packet ===
If you want to connect to the internet all you need to be able to do is send/receive packets to someone who is connected to the internet. Everyone along the line can forward or pass along packets. What about ethernet and wifi? It’s just ways of sending packets

=== What’s an ip packet? ===
Data structure
:Header
::Source IP
::Destination IP
::Checksum
::Etc.
:Payload
Most important fields are the '''source IP address''' and the '''destination IP address'''

<blockquote>''Note: Packets are unprotected! There’s no confidentiality, it’s all in the open. Everyone who touches it on the way gets to see (or change!) the entire packet. Example; NAT is changing the source and destination packets!''</blockquote>

=== What’s the security problem? ===
There is no security! How would you secure it? Certain fundamental problems about locking this down. What attacks can you perform on a set of IP packets?
; Eavesdropping
: '''Δ''' You can only encrypt the payload!
; Traffic analysis; rate of traffic, who’s talking to who, when they’re talking
: The only way to prevent traffic analysis is to encrypt the header and mask it

<blockquote>
; Pizza delivery attack
: Let’s say you’re a military organization, and you want to plan an attack but your employees are staying late? Oh look they ordered a pizza late at night, so now you have to order pizza all the time, keep the parking lot full, etc.
</blockquote>

'''Δ''' You can use a trusted intermediary service
Δ Can also use onion routing (Tor) at the cost of speed

It’s not that the designers weren’t smart, it’s that their decision had to factor in a tradeoff between functionality and security costs.

=== Key management ===
You're going to send these packets to arbitrary other machines. Let’s assume you're going to do proper security (authentication, encrypt, etc..), you need to be able to identify the destination, you need their '''public key'''.

; Where do I get the key? : Domain name system (DNS).

The DNS maps Hostnames to IP addresses. Every domain name technically ends with a ‘.’ which is defined as the root, from there it goes down a level to com, and again down to something like google, etc..

DNS is a bunch of public records, there’s no cryptographic protection in DNS. If you wanted to do that you would have to encrypt the entire mappings. Who would you trust to do that? Who has the authority to manage this? DNSSEC is an attempt to solve this and is currently being deployed but from a management’s perspective it is painful.

What protocols would we use to securely communicate? TLS/SSH, but this would only work for the payload. It gives us end-to-end protection, except that everyone can see that those two endpoints are communicating.

'''Δ''' There is a VOIP attack, in which you can figure out the words being said simply by examining the size of the packets being sent.

=== What does a VPN give you? ===
'''Δ''' What part of the traffic is encrypted and how is it authenticated?
With a VPN the whole packet is being encrypted, but it’s encapsulated in another header directed to the VPN gateway. Anyone observing your traffic would only see communication between you and the gateway.

All you’ve done is move the problem, so why use it? It can help you against attackers close to you in the network space. If they have to compromise a VPN system further away that’s better maintained, it can (in principle) be harder to compromise.

=== What is your path of trust? ===
You cannot trust hostnames because DNS can be messed with. You can’t trust IP address as those can be changed. You can only trust the encryption in the payload.

=== How do you authenticate to a classic website? ===
Download a certificate and it is vouched for by a built-in authority. But how does the site authenticate with you? You can have a public key (and a private key) to identify yourself to the organization. Example is the Yubikey; an external thumb drive to store your key.

=== Why not give everyone a key pair? ===
Hard to explain it to the everyone, and what happens when the cryptography becomes obsolete.

At the end of the day, we can only really work with end-to-end and secure it on either end and hope that both ends are the correct ends.

SystemsSec 2018W Lecture 8

2018-01-31T17:11:56Z

Yannick: Created page with "<!> Reminder to complete the experiences on time (before March 26th) Review of networking What is the basis of the internet? IP packet, if you want to connect to the internet..."

<!> Reminder to complete the experiences on time (before March 26th)

Review of networking
What is the basis of the internet?
IP packet, if you want to connect to the internet all you need it to be able to send/receive packets to someone who is connected to the internet
Everyone along the line can forward or pass along packets
What about ethernet and wifi? It’s just ways of sending packets

What’s an ip packet?
Data structure
Header
Source IP
Destination IP
Checksum
Etc.
Payload
Most important fields; source IP address and destination IP address

<!> Packets are unprotected! There’s no confidentiality, it’s all in the open. Everyone who touches it on the way gets to see (or change!) the entire packet. Example; NAT is changing the source and destination packets!

What’s the security problem? There is no security!

How would you secure it? Certain fundamental problems about locking this down. What attacks can you perform on a set of IP packets?
Eavesdropping
<!> You can only encrypt the payload!
Traffic analysis; rate of traffic, who’s talking to who, when they’re talking
The only way to prevent traffic analysis is to encrypt the header and mask it

<!> Pizza delivery attack
Let’s say you’re a military organization, and you want to plan an attack but your employees are staying late? Oh look they ordered a pizza late at night, so now you have to order pizza all the time, keep the parking lot full, etc.

<!> You can use a trusted intermediary service
<!> Can also use onion routing (Tor) at the cost of speed

It’s not that the designers weren’t smart, it’s that their decision had to factor in a tradeoff between functionality and security costs.

Key management
I’m going to send these packets to arbitrary other machines. Let’s assume we’re going to do proper security (authentication, encrypt, etc..), I need to be able to identify the destination, I need their public key.

Where do I get the key? Domain name system (DNS).
Every domain name ends with a ‘.’
Starts from root, goes to com, goes to google, etc..
Hostname => IP address

DNS is a bunch of records, there’s no cryptographic protection in DNS. You have to encrypt the entire mappins, who do you trust to do that? Who has the authority to manage this? DNSSEC is an attempt to solve this and is currently being deployed but from a management’s perspective is painful.

What protocols would we use to securely communicate? TLS/SSH, but this would only work for the payload. Gives us end-to-end protection, except that everyone can see that those two endpoints are communicating.

<!> VOIP attack, you can figure out the words being said simply by examining the size of the packets being sent.

What does a VPN give you?
<!> What part of the traffic encrypted and how is it authenticated?
The whole packet is being encrypted, but it’s encapsulated in another header directed to the VPN gateway. Anyone observing your traffic would only see communication between you and the gateway.

All you’ve done is move the problem, so why use it? It can help you against attackers close to you in the network space. If they have to compromise a VPN system further away that’s better maintained, it can in principle be harder to compromise.

What is your path of trust?
You cannot trust hostnames because DNS can be messed with. You can’t trust IP address as those can be changed. You can only trust the encryption in the payload.

How do you authenticate to a classic website?
Download a certificate and it is vouched for by a built-in authority. But how does the site authenticate with you? You can have a public key (and a private key) to identify yourself to the organization. Example is the Yubikey; an external thumb drive to store your key.

Why not give everyone a key pair?
Hard to explain it to the everyone, and what happens when the cryptography becomes obsolete.

At the end of the day, we can only really work with end-to-end and secure it on either end and hope that both ends are the correct ends.

Computer Systems Security (Winter 2018)

2018-01-31T17:11:27Z

Yannick: /* January 31, 2018 */

==Course Outline==

[[Computer Systems Security: Winter 2018 Course Outline|Course Outline]]

==Experiences==

You are required to complete 9 experiences throughout the semester.

* [[Computer Systems Security: Winter 2018 Experiences|List of Experiences]]

==Assignments==

Assignments will be posted here as they become available

* [[Computer Systems Security: Winter 2018 Assignment 1|Assignment 1]]
* Assignment 2
* Assignment 3
* Assignment 4

==Resources==

Here are some resources you may find useful:

* [http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/comp4108-2018w.ova A Virtualbox OVF image for Ubuntu 17.10.1]
* [https://openstack.scs.carleton.ca The SCS openstack cluster]. Note that you can only access this from the Carleton network. To access from elsewhere, [https://carleton.ca/its/help-centre/remote-access/ VPN in] to the university. (On Linux you can also use openconnect rather than the Cisco software provided by Carleton.)

If you cannot access openstack, try [http://www.scs.carleton.ca/webacct changing your SCS password].

==Schedule==

===January 8, 2018===

[[SystemsSec 2018W Lecture 1|Introduction]]

===January 10, 2018===

[[SystemsSec 2018W Lecture 2|Threat Modelling]]

===January 15, 2018===

[[SystemsSec 2018W Lecture 3|Common tools]]

===January 17, 2018===

[[SystemsSec 2018W Lecture 4|passwd]]

===January 22, 2018===

[[SystemsSec 2018W Lecture 5|Networks 1]]

===January 24, 2018===

[[SystemsSec 2018W Lecture 6|Virtual machines 1]]

===January 29, 2018===

[[SystemsSec 2018W Lecture 7|Cryptography 1]]

===January 31, 2018===

Assignment 1 due

[[SystemsSec 2018W Lecture 8|Networking]]

===February 14, 2018===

Assignment 2 due

===February 19 & 21, 2018===

Winter break, no classes

===February 26, 2018===

Mid-term review

===February 28, 2018===

Mid-term Exam

===March 19, 2018===

Assignment 3 due

===April 4, 2018===

Assignment 4 due

===April 9, 2018===

Last day of class

SystemsSec 2018W Lecture 3

2018-01-19T23:50:38Z

Yannick: /* 3rd Era (Networking) */

= Notes =
Class 3, January 15

== 1st Era (Time Sharing Systems) ==
Computing originated from cracking codes during WWII and initial computer security came from physical security measures put in place to limit physical access to the machine.

; Mainframes
: Large, powerful computers. Early models of which implemented no implicit security. It was based on access to the system.
: Batch Processing: Processing written programs in batches. Programs were written offline then queued to be ran one after the other.
: Programmers didn't actually interact with the computer, the code went through Operators.
: Switched to time sharing which allowed many users to access the same machine concurrently through multiple terminals.

Eventually people started wanting more time and resources with the computer and this caused the organization (HR) to start creating '''policy''' to manage the mainframe. Creating these policies lead to the computer getting the power to say 'No' to operations, which is the early creation of software based access control.
; Access control
: Users, Groups
: Permissions
: ACLs (Access control list)

However the number of people with knowledge about these systems was limited and all of them could easily circumvent the policy.

== 2nd Era (Personal Computers) ==
Computers for personal use. Peer to peer file sharing (via floppy disks, etc...). This era of personal computers is all about copy protection and piracy as files could now be shared among peers and copied onto their own computer.

; Copy protection
: any effort designed to prevent the reproduction of software, films, music, and other media, usually for copyright reasons.
: essentially telling a personal computer not to do what it was made to do.

; Piracy : the unauthorized use or reproduction of another's work.

Mostly driven by people's desire to share games with their friends, the widespread sharing of software from unknown sources allowed for "malicious" programs to spread. When you introduce file-sharing between computers you get the invention of computer viruses (malicious software) and anti-virus software (added policy to protect resources).

== 3rd Era (Networking) ==
Once you start networking computers together, both the previous era problems are now combined and become much more important. As computers are now interconnected, attacks are possible through the internet. An example is the [https://en.wikipedia.org/wiki/Morris_worm Morris Worm] that was a combination of various software bugs used to circumvent access controls. Although it had no malicious intent behind the creation, a bug in the code made it continue to duplicate itself and crash the system.

It was determined that more complicated security measures were necessary.
; Attackers perspective
: find exploits
: infect systems
; Defenders perspective
: find exploits before they're used
: patch them
: or patch exploits after they're used.

; Unix Directory System
: Labels for processes, files, directories, read/write/execute permissions.
: Users: UID
: Groups: GID
: Designed for multi-user systems. Works for single user systems as some processes require more permissions than others. Still in place due to legacy systems. Is considered robust due to evolution.

; Military : The military and intelligence organizations cared about security from the beginning. Developed their own systems to enforce classification levels. Was convoluted and is no longer in use.

You can understand any mechanism by looking at where it came from and what problem it was designed to solve.
"The internet today is a result of evolution."

= E1 results =
9 Firewall
8 Windows Defender
5 Windows Firewall
5 https
5 Google Authenticator
4 SSL
4 Passwords
3 VPN
3 uBlock Origin
3 SSH
3 KeePass
3 firewall
3 Cryptography
3 Antivirus
3 2FA
2 Wireshark
2 vpn
2 Virtual Machines
2 Valve Anti Cheat
2 traceroute
2 password
2 OpenVPN
2 netstat
2 Netcat
2 md5sum
2 Malwarebytes Anti-Malware
2 Malwarebytes
2 HTTPS
2 Filevault
2 encryption
2 Anti-virus
2 antivirus
2 access control

SystemsSec 2018W Lecture 3

2018-01-19T23:35:53Z

Yannick: /* 2nd Era (Personal Computers) */

= Notes =
Class 3, January 15

== 1st Era (Time Sharing Systems) ==
Computing originated from cracking codes during WWII and initial computer security came from physical security measures put in place to limit physical access to the machine.

; Mainframes
: Large, powerful computers. Early models of which implemented no implicit security. It was based on access to the system.
: Batch Processing: Processing written programs in batches. Programs were written offline then queued to be ran one after the other.
: Programmers didn't actually interact with the computer, the code went through Operators.
: Switched to time sharing which allowed many users to access the same machine concurrently through multiple terminals.

Eventually people started wanting more time and resources with the computer and this caused the organization (HR) to start creating '''policy''' to manage the mainframe. Creating these policies lead to the computer getting the power to say 'No' to operations, which is the early creation of software based access control.
; Access control
: Users, Groups
: Permissions
: ACLs (Access control list)

However the number of people with knowledge about these systems was limited and all of them could easily circumvent the policy.

== 2nd Era (Personal Computers) ==
Computers for personal use. Peer to peer file sharing (via floppy disks, etc...). This era of personal computers is all about copy protection and piracy as files could now be shared among peers and copied onto their own computer.

; Copy protection
: any effort designed to prevent the reproduction of software, films, music, and other media, usually for copyright reasons.
: essentially telling a personal computer not to do what it was made to do.

; Piracy : the unauthorized use or reproduction of another's work.

Mostly driven by people's desire to share games with their friends, the widespread sharing of software from unknown sources allowed for "malicious" programs to spread. When you introduce file-sharing between computers you get the invention of computer viruses (malicious software) and anti-virus software (added policy to protect resources).

== 3rd Era (Networking) ==
Computers are now interconnected, attacks are possible through the internet. See [https://en.wikipedia.org/wiki/Morris_worm Morris Worm]

More complicated security measures necessary. From an attackers perspective: find exploits, infect systems. From a defenders perspective: find exploits before they're used, patch them, or patch exploits after they're used.

"The internet today is a result of evolution."

''' Unix Directory System '''
** Labels for processes, files, directories, read/write/execute permissions.
*** Users: UID
*** Groups: GID
* Designed for multi-user systems. Works for single user systems as some processes require more permissions than others. Still in place due to legacy systems. Is considered robust due to evolution.

''' Military '''
The military and intelligence organizations cared about security from the beginning. Developed their own systems to enforce classification levels. Was convoluted and is no longer in use.

= E1 results =
9 Firewall
8 Windows Defender
5 Windows Firewall
5 https
5 Google Authenticator
4 SSL
4 Passwords
3 VPN
3 uBlock Origin
3 SSH
3 KeePass
3 firewall
3 Cryptography
3 Antivirus
3 2FA
2 Wireshark
2 vpn
2 Virtual Machines
2 Valve Anti Cheat
2 traceroute
2 password
2 OpenVPN
2 netstat
2 Netcat
2 md5sum
2 Malwarebytes Anti-Malware
2 Malwarebytes
2 HTTPS
2 Filevault
2 encryption
2 Anti-virus
2 antivirus
2 access control

SystemsSec 2018W Lecture 3

2018-01-19T23:34:48Z

Yannick: /* 2nd Era (Personal Computers) */

= Notes =
Class 3, January 15

== 1st Era (Time Sharing Systems) ==
Computing originated from cracking codes during WWII and initial computer security came from physical security measures put in place to limit physical access to the machine.

; Mainframes
: Large, powerful computers. Early models of which implemented no implicit security. It was based on access to the system.
: Batch Processing: Processing written programs in batches. Programs were written offline then queued to be ran one after the other.
: Programmers didn't actually interact with the computer, the code went through Operators.
: Switched to time sharing which allowed many users to access the same machine concurrently through multiple terminals.

Eventually people started wanting more time and resources with the computer and this caused the organization (HR) to start creating '''policy''' to manage the mainframe. Creating these policies lead to the computer getting the power to say 'No' to operations, which is the early creation of software based access control.
; Access control
: Users, Groups
: Permissions
: ACLs (Access control list)

However the number of people with knowledge about these systems was limited and all of them could easily circumvent the policy.

== 2nd Era (Personal Computers) ==
Computers for personal use. Peer to peer file sharing (via floppy disks, etc...). This era of personal computers is all about copy protection and piracy as files could now be shared among peers and copied onto their own computer.

; Copy protection
: any effort designed to prevent the reproduction of software, films, music, and other media, usually for copyright reasons.
: essentially telling a personal computer not to do what it was made to do.

; Piracy : the unauthorized use or reproduction of another's work.

Mostly driven by people's desire to share games with their friends, the widespread sharing of software from unknown sources allowed for "malicious" programs to spread. When you introduce networking you get the invention of computer viruses (malicious software) and anti-virus software (added policy to protect resources).

== 3rd Era (Networking) ==
Computers are now interconnected, attacks are possible through the internet. See [https://en.wikipedia.org/wiki/Morris_worm Morris Worm]

More complicated security measures necessary. From an attackers perspective: find exploits, infect systems. From a defenders perspective: find exploits before they're used, patch them, or patch exploits after they're used.

"The internet today is a result of evolution."

''' Unix Directory System '''
** Labels for processes, files, directories, read/write/execute permissions.
*** Users: UID
*** Groups: GID
* Designed for multi-user systems. Works for single user systems as some processes require more permissions than others. Still in place due to legacy systems. Is considered robust due to evolution.

''' Military '''
The military and intelligence organizations cared about security from the beginning. Developed their own systems to enforce classification levels. Was convoluted and is no longer in use.

= E1 results =
9 Firewall
8 Windows Defender
5 Windows Firewall
5 https
5 Google Authenticator
4 SSL
4 Passwords
3 VPN
3 uBlock Origin
3 SSH
3 KeePass
3 firewall
3 Cryptography
3 Antivirus
3 2FA
2 Wireshark
2 vpn
2 Virtual Machines
2 Valve Anti Cheat
2 traceroute
2 password
2 OpenVPN
2 netstat
2 Netcat
2 md5sum
2 Malwarebytes Anti-Malware
2 Malwarebytes
2 HTTPS
2 Filevault
2 encryption
2 Anti-virus
2 antivirus
2 access control

SystemsSec 2018W Lecture 3

2018-01-19T23:28:00Z

Yannick: /* 1st Era (Time Sharing) */

= Notes =
Class 3, January 15

== 1st Era (Time Sharing Systems) ==
Computing originated from cracking codes during WWII and initial computer security came from physical security measures put in place to limit physical access to the machine.

; Mainframes
: Large, powerful computers. Early models of which implemented no implicit security. It was based on access to the system.
: Batch Processing: Processing written programs in batches. Programs were written offline then queued to be ran one after the other.
: Programmers didn't actually interact with the computer, the code went through Operators.
: Switched to time sharing which allowed many users to access the same machine concurrently through multiple terminals.

Eventually people started wanting more time and resources with the computer and this caused the organization (HR) to start creating '''policy''' to manage the mainframe. Creating these policies lead to the computer getting the power to say 'No' to operations, which is the early creation of software based access control.
; Access control
: Users, Groups
: Permissions
: ACLs (Access control list)

However the number of people with knowledge about these systems was limited and all of them could easily circumvent the policy.

== 2nd Era (Personal Computers) ==
Computers for personal use. Peer to peer file sharing (via floppy disks, etc...).

The era of personal computers introduced copy protection and piracy as files could now be shared among peers and copied onto their own computer.

; Copy protection
: any effort designed to prevent the reproduction of software, films, music, and other media, usually for copyright reasons.
: essentially telling a personal computer not to do what it was made to do.

; Piracy : the unauthorized use or reproduction of another's work.

Sharing software from unknown sources allowed for "malicious" programs to spread. The invention of computer viruses and therefore anti-virus software.

== 3rd Era (Networking) ==
Computers are now interconnected, attacks are possible through the internet. See [https://en.wikipedia.org/wiki/Morris_worm Morris Worm]

More complicated security measures necessary. From an attackers perspective: find exploits, infect systems. From a defenders perspective: find exploits before they're used, patch them, or patch exploits after they're used.

"The internet today is a result of evolution."

''' Unix Directory System '''
** Labels for processes, files, directories, read/write/execute permissions.
*** Users: UID
*** Groups: GID
* Designed for multi-user systems. Works for single user systems as some processes require more permissions than others. Still in place due to legacy systems. Is considered robust due to evolution.

''' Military '''
The military and intelligence organizations cared about security from the beginning. Developed their own systems to enforce classification levels. Was convoluted and is no longer in use.

= E1 results =
9 Firewall
8 Windows Defender
5 Windows Firewall
5 https
5 Google Authenticator
4 SSL
4 Passwords
3 VPN
3 uBlock Origin
3 SSH
3 KeePass
3 firewall
3 Cryptography
3 Antivirus
3 2FA
2 Wireshark
2 vpn
2 Virtual Machines
2 Valve Anti Cheat
2 traceroute
2 password
2 OpenVPN
2 netstat
2 Netcat
2 md5sum
2 Malwarebytes Anti-Malware
2 Malwarebytes
2 HTTPS
2 Filevault
2 encryption
2 Anti-virus
2 antivirus
2 access control

SystemsSec 2018W Lecture 3

2018-01-19T23:15:34Z

Yannick: /* Notes */

= Notes =
Class 3, January 15

== 1st Era (Time Sharing) ==
Computing originated from cracking codes during WWII.

Initial computer security came from physical security. Security measures were put in place to limit physical access.

; Mainframes : Large, powerful computers. Early models of which implemented no implicit security. It was based on access to the system.
; Batch Processing: Processing written programs in batches. Programs were written offline then queued to be ran one after the other.
; Time Sharing :An environment option for Mainframes. They allowed many users to access the same machine concurrently.

This caused a need for computer systems security. Policies were developed (more organizational policies than strict security), early creation of software based access control.
; Access control
: Users, Groups
: Permissions
: ACLs (Access control list)

== 2nd Era (Personal Computers) ==
Computers for personal use. Peer to peer file sharing (via floppy disks, etc...).

The era of personal computers introduced copy protection and piracy as files could now be shared among peers and copied onto their own computer.

; Copy protection
: any effort designed to prevent the reproduction of software, films, music, and other media, usually for copyright reasons.
: essentially telling a personal computer not to do what it was made to do.

; Piracy : the unauthorized use or reproduction of another's work.

Sharing software from unknown sources allowed for "malicious" programs to spread. The invention of computer viruses and therefore anti-virus software.

== 3rd Era (Networking) ==
Computers are now interconnected, attacks are possible through the internet. See [https://en.wikipedia.org/wiki/Morris_worm Morris Worm]

More complicated security measures necessary. From an attackers perspective: find exploits, infect systems. From a defenders perspective: find exploits before they're used, patch them, or patch exploits after they're used.

"The internet today is a result of evolution."

''' Unix Directory System '''
** Labels for processes, files, directories, read/write/execute permissions.
*** Users: UID
*** Groups: GID
* Designed for multi-user systems. Works for single user systems as some processes require more permissions than others. Still in place due to legacy systems. Is considered robust due to evolution.

''' Military '''
The military and intelligence organizations cared about security from the beginning. Developed their own systems to enforce classification levels. Was convoluted and is no longer in use.

= E1 results =
9 Firewall
8 Windows Defender
5 Windows Firewall
5 https
5 Google Authenticator
4 SSL
4 Passwords
3 VPN
3 uBlock Origin
3 SSH
3 KeePass
3 firewall
3 Cryptography
3 Antivirus
3 2FA
2 Wireshark
2 vpn
2 Virtual Machines
2 Valve Anti Cheat
2 traceroute
2 password
2 OpenVPN
2 netstat
2 Netcat
2 md5sum
2 Malwarebytes Anti-Malware
2 Malwarebytes
2 HTTPS
2 Filevault
2 encryption
2 Anti-virus
2 antivirus
2 access control

SystemsSec 2018W Lecture 1

2018-01-17T22:50:03Z

Yannick: /* The material covered today: */

= Notes =
Class 1, January 8

== About the course: ==
Attendance is strongly recommended as lectures will not be posted online (only the wiki notes will be posted online).

In order to succeed, you need to come to class. Things will be discussed, and you need to be present.

=== Grading Criteria ===
* 20% Midterm
* 30% Final
* 10% Participation
* 20% Experiences
* 20% Assignments (4)

==== Midterm & Final ====
Short answer questions, possibly a few long-answer questions.

==== Participation ====
Being present in the classroom, taking notes for the class, raising your hand, discussing things. There is also a slack instance ([https://join.slack.com/t/cucomp4108/shared_invite/enQtMjk2OTM0MTUwNjI0LTQ2MDExODYwMjliOTAxZWFjZjU0ZmM3M2U4NjFlYjRjY2UzZTgyM2QyNmQ5MTBiNTU1ZDVmOGFiNzYxMGNiOTc click here to join]) that you can participate in.

If for some reason participation will be a problem for you, email the professor now to work it out.

==== Experiences ====
There are 2 portions to the experiences section, reading and tools.

'''Readings''' – Make a diligent effort to understand the reading before coming to class. Not a summary. What was your interaction with the reading? What are your thoughts about the material covered? Did you have any difficulties following along?

'''Tools''' – Computer Systems Security is fundamentally an applied field. It is tied to tools. Applied learning is important. Some exercises will be provided, but other things you will come across yourself (ie, try to set up a firewall, or play around with iptables, you don’t have to succeed). Write a tool response. Plan on sitting down a couple of times and doing some hacking. It is important to get your hands dirty. To start, pick something that you can handle, and maybe ramp it up as the term goes along.

==== Assignments ====
The assignments will be in the style of the midterm and final, and will let you know how prepared you are for the exams. There will be two assignments before the midterm and two more after the midterm. They will be submitted through CULearn.

== The material covered today: ==
In the news recently: Meltdown and Spectre security flaws

[[File:xkcd_meltdown_and_spectre.png|thumb|right|Source ''[https://m.xkcd.com/1938/ xkcd]'']]

Meltdown in the Intel version, Spectre is the more general version. Basically every modern CPU that has high performance is affected, stems from a problem with processor design in which the strategy used to increase performance in modern processors allows for information leakage.

Inherently, software programs and processes don't trust each other (and they shouldn't), but this flaw means that the barriers between them aren't fixed and that you can potentially read across them.

This is a [https://en.wikipedia.org/wiki/Timing_attack timing attack], the basis of these attacks is that the time to compute depends on the data that you are computing. By knowing how long something takes to compute you can figure out what is being computed. There was previously a well known timing attack on public key encryption, which was solved by responding to all requests in the same constant time.

Meltdown and Spectre exploit branch predictors (ie, the processor speculates at which branch of the code will be run next and “runs ahead”. If it predicts correctly, there is a performance advantage). However, flaws were found that enabled kernel memory to be read, or a virtual machine to read data from another virtual machine running on the same processor. This particularly affects cloud computing.

These types of flaws come about because no one was thinking about the design from a security point of view.

System Security is difficult. Attackers find flaws, defenders try to fix them. This happens in real systems, with enormous complexity. Theoretically we can design perfectly secure systems, but attackers will keep finding flaws. This game, as it is today, is weighted towards attackers. Re-balancing the game would require radical ideas.

=== A (noncomprehensive) list of some security tools and methods: ===
The purpose of this list is to show what a vast area computer security is, not making a list of everything that will be covered.
*Firewalls
*Antivirus/Antimalware
*Network monitoring/NIDS
*Reverse engineering.
*Cryptography (encryption/digital signing) (for system security, encryption is a tool of last resort)
*Air gaps
*Social Engineering
*(D)DoS
*White list
*Black list
*One way info-gate
*Virtual machines
*Encapsulation
*Virtual memory
*Formal verification
*Randomization (ASLR)
*Passwords
*Captchas
*Biometrics
*Location monitoring
*Mandatory access control (ie SELinux, very inconvenient)
*Discretionary access control (traditional Unix, Windows…)
*Automatic memory management (garbage collection)
*Static analysis
*Dynamic analysis

Security can affect just about any area of computer science. If there is a branch that doesn’t appear to be affected by security, it's because someone just hasn’t thought about it for long enough. This course isn’t about a specific tool or method, although many will be touched on. Primarily, we want to look at how to think about problems so that you see security issues. What can I do as an attacker? What can I do as a defender.

There are always benefits and costs to any security decision, by strengthening security in one way, you can weaken it in another. This is important if you can’t risk lockouts and downtime, where having passwords could cause problems. For example, the US Air Force had all the nuke codes set to 0000000...

If you make usability too difficult, users can (and will) find ways to bypass your security measures. Security is always a secondary concern. The primary concerns of users are the tasks that they are using the computer systems to complete. The most secure system is one that is off, in a locked room in a secure facility. However, that system is also completely useless.

Even if you do not become a computer security professional, you will design systems and make decisions that have security implications.

=== Reverse Engineering ===
Picked from the list at random to discuss

*What is it?
**Normal engineering process would be Design -> code -> system.
**Reverse engineering is reversing that process. Looking at the system to figure out the code and the design.

*Who?
**Attackers
***analyzing defenses
****If you can figure out how it works, then you can find weaknesses and exploit them.
You become an expert safecracker by learning about safes. In order to find flaws in systems, you must have a deep knowledge of those systems. What an attacker wishes to attack he must master, and by finding the flaw, the attacker '''proves his knowledge'''. It is like solving a puzzle. That is what drives the people developing these attacks. The negative impacts are often secondary.

**Defenders
***Analyze defenses like attackers
***Analyze attacks
****(ie, figure out what a botnet does and how it works)
****Botnet – illegal cloud computing.

=== DRM – Digital Rights Management ===
*People have been using reverse engineering crack DRM since DRM was released
*Interesting thing about DRM – it works to protect the content from the legitimate user that you want to have the content.
*Most secure current DRM- iOS. It is currently very difficult to crack (or “jailbreak”). In fact, it may even be “effectively unbreakable” because the cost and time involved in breaking it isn’t worth it.
*Jailbreaking iOS used to be very popular, as it allowed users to use their iPhones in ways that Apple didn’t allow. However, it would also negatively impact the security of the device.
*The jailbreak community showed Apple where the security flaws in their devices were found. Apple could then fix the flaws. The community would find new flaws, and Apple would fix them.
*This evolution or “trial by fire” is the only way that security gets strong. No theoretical security can be trusted until it has had people try to crack it.

Today, attacks get put into usable software and distributed quickly. They spread fast.

Nation-states pay lots of people to reverse engineer systems and find the security holes. They do it in secret, but they can’t keep secrets, so the attacks they create get leaked.

The code of much modern malware that is causing problems has been written by
nation-states.

We cannot make any system perfectly secure, but we don’t build systems under that assumption. We build systems that store large amounts of important data (how much data does Facebook have? Google? Governments?). We assume that we can do this securely, but we can’t.

File:Xkcd meltdown and spectre.png

2018-01-17T22:37:07Z

Yannick:

SystemsSec 2018W Lecture 1

2018-01-17T21:11:24Z

Yannick: /* About the course: */

= Notes =
Class 1, January 8

== About the course: ==
Attendance is strongly recommended as lectures will not be posted online (only the wiki notes will be posted online).

In order to succeed, you need to come to class. Things will be discussed, and you need to be present.

=== Grading Criteria ===
* 20% Midterm
* 30% Final
* 10% Participation
* 20% Experiences
* 20% Assignments (4)

==== Midterm & Final ====
Short answer questions, possibly a few long-answer questions.

==== Participation ====
Being present in the classroom, taking notes for the class, raising your hand, discussing things. There is also a slack instance ([https://join.slack.com/t/cucomp4108/shared_invite/enQtMjk2OTM0MTUwNjI0LTQ2MDExODYwMjliOTAxZWFjZjU0ZmM3M2U4NjFlYjRjY2UzZTgyM2QyNmQ5MTBiNTU1ZDVmOGFiNzYxMGNiOTc click here to join]) that you can participate in.

If for some reason participation will be a problem for you, email the professor now to work it out.

==== Experiences ====
There are 2 portions to the experiences section, reading and tools.

'''Readings''' – Make a diligent effort to understand the reading before coming to class. Not a summary. What was your interaction with the reading? What are your thoughts about the material covered? Did you have any difficulties following along?

'''Tools''' – Computer Systems Security is fundamentally an applied field. It is tied to tools. Applied learning is important. Some exercises will be provided, but other things you will come across yourself (ie, try to set up a firewall, or play around with iptables, you don’t have to succeed). Write a tool response. Plan on sitting down a couple of times and doing some hacking. It is important to get your hands dirty. To start, pick something that you can handle, and maybe ramp it up as the term goes along.

==== Assignments ====
The assignments will be in the style of the midterm and final, and will let you know how prepared you are for the exams. There will be two assignments before the midterm and two more after the midterm. They will be submitted through CULearn.

== The material covered today: ==
In the news recently: Meltdown and Spectre security flaws

Meltdown in the Intel version, Spectre is the more general version.

Basically every modern CPU that has high performance is affected

Problem with processor design.

Design strategy used to increase performance in modern processors allows for information leakage.

Software programs and processes don't trust each other (and they shouldn't), but this flaw means that the barriers between them aren't fixed, you can read across them.

It is a timing attack. The basis of timing attacks is that the time to compute depends on the data that you are computing. By knowing how long something takes to compute, you can figure out what is being computed.

There was previously a well known timing attack on public key encryption, which was solved by responding to all requests in the same constant time.

Meltdown and Spectre exploit branch predictors (ie, the processor speculates at which branch of the code will be run next and “runs ahead”. If it predicts correctly, there is a performance advantage). However, flaws were found that enabled kernel memory to be read, or a virtual machine to read data from another virtual machine running on the same processor. This particularly affects cloud computing.

These types of flaws come because no one was thinking about the design from a security point of view.

System Security is difficult. Attackers find flaws, defenders try to fix them. This happens in real systems, with enormous complexity. Theoretically we can design perfectly secure systems, but attackers will keep finding flaws. This game, as it is today, is weighted towards attackers. Rebalancing the game would require radical ideas.

=== A (noncomprehensive) list of some security tools and methods: ===
*The purpose of this list is to show what a vast area computer security is, not making a list of everything that will be covered.
**Firewalls
**Antivirus/Antimalware
**Network monitoring/NIDS
**Reverse engineering.
**Cryptography (encryption/digital signing) (for system security, encryption is a tool of last resort)
**Air gaps
**Social Engineering
**(D)DoS
**White list
**Black list
**One way info-gate
**Virtual machines
**Encapsulation
**Virtual memory
**Formal verification
**Randomization (ASLR)
**Passwords
**Captchas
**Biometrics
**Location monitoring
**Mandatory access control (ie SELinux, very inconvenient)
**Discretionary access control (traditional Unix, Windows…)
**Automatic memory management (garbage collection)
**Static analysis
**Dynamic analysis

Security can affect just about any area of computer science. If there is a branch that doesn’t appear to be affected by security, someone just hasn’t thought about it for long enough.

This course isn’t about a specific tool or method, although many will be touched on. Primarily, we want to look at how to think about problems so that you see security issues. What can I do as an attacker? What can I do as a defender.

There are always benefits and costs to any security decision, By strengthening security in one way, you can weaken it in another.

For example, if you can’t risk lockouts and downtime, having passwords could cause problems.

If you make usability too difficult, users can find ways to bypass your security measures. Security is always a secondary concern. The primary concerns of users are the tasks that they are using the computer systems to complete.

The most secure system is one that is off, in a locked room in a secure facility. However, that system is also completely useless.

Even if you do not become a computer security professional, you will design systems and make decisions that have security implications.

=== Reverse Engineering ===
Picked from the list at random to discuss

*What is it?
**Normal engineering process would be Design -> code -> system.
**Reverse engineering is reversing that process. Looking at the system to figure out the code and the design.

*Who?
**Attackers
***analyzing defenses
****If you can figure out how it works, then you can find weaknesses and exploit them.
You become an expert safecracker by learning about safes. In order to find flaws in systems, you must have a deep knowledge of those systems. What an attacker wishes to attack he must master, and by finding the flaw, the attacker '''proves his knowledge'''. It is like solving a puzzle. That is what drives the people developing these attacks. The negative impacts are often secondary.

**Defenders
***Analyze defenses like attackers
***Analyze attacks
****(ie, figure out what a botnet does and how it works)
****Botnet – illegal cloud computing.

=== DRM – Digital Rights Management ===
*People have been using reverse engineering crack DRM since DRM was released
*Interesting thing about DRM – it works to protect the content from the legitimate user that you want to have the content.
*Most secure current DRM- iOS. It is currently very difficult to crack (or “jailbreak”). In fact, it may even be “effectively unbreakable” because the cost and time involved in breaking it isn’t worth it.
*Jailbreaking iOS used to be very popular, as it allowed users to use their iPhones in ways that Apple didn’t allow. However, it would also negatively impact the security of the device.
*The jailbreak community showed Apple where the security flaws in their devices were found. Apple could then fix the flaws. The community would find new flaws, and Apple would fix them.
*This evolution or “trial by fire” is the only way that security gets strong. No theoretical security can be trusted until it has had people try to crack it.

Today, attacks get put into usable software and distributed quickly. They spread fast.

Nation-states pay lots of people to reverse engineer systems and find the security holes. They do it in secret, but they can’t keep secrets, so the attacks they create get leaked.

The code of much modern malware that is causing problems has been written by
nation-states.

We cannot make any system perfectly secure, but we don’t build systems under that assumption. We build systems that store large amounts of important data (how much data does Facebook have? Google? Governments?). We assume that we can do this securely, but we can’t.