OSWebSec: Midterm Study Guide
Operating system and web security
Tuesday October 16, 2012
protection tutorial – mechanisms for enforcing these boundaries (reference monitor - orange book - verifying buffer overflows, return-oriented programming – breaking the boundaries – program taking in data / acting bizarre – randomization (different behaviour on any instance you run) – input validation diversity – two systems behave differently (but behavior is constant for each) ASLR, ISR – protection barriers XSS Noncespaces, subspace, Mashup OS – what runs inside browser and rest of system, protection system on page (browser sandbox (more rigid) and same origin policy) microkernels, exokernels.
Protection boundaries Randomization input validation (failures) trusted code base – reference monitors kernels browser implementation What is the part of the code that enforces the security policy? If that's compromised, it's invalidated. Authentication Access control > these mean nothing if the others' are broken. It's just more features. That's the icing on the cake, that's the stuff on top, stuff that makes everything else possible.
Randomization can shore up the defenses if the other ones fail. Is this all security?
Moores' law – how much more powerful are computers from that time? Computers that sit in your pockets can wipe the floor with all of the computers from the 70s.
Path of least resistance – when you make a web application is to make it crazy insecure when you accept user input. When making code in c is to make it susceptible to buffer overflows all over the place. Much of the mechanisms here – programmers are going to be lazy, I don't want your buggy program messing with my code / data. Protection boundaries are for separation, assumption that code is going to be bad. Make it easy to do things that are useful, and when abused are hurtful. We keep trying to do this right, but it's about usability for programmers – enabling programmers to do the things they want to do with the resources they have. What do you mean I need a permission I don't have.
Nothing is going to be trusted. Lets make the trusted code base as small as humanly possible. If I never walk outside my door.
Lose all benefits of civilization.
Negotiating trust – I'm going to trust and say exactly. Fine grained access control on what kinds of information to exchanged. Remember what happened in the past. Make risk assessments as we go and they are history dependant.
What are good questions?
Target it on details – very specific details in very specific places- here's a list of details that you are supposed to have learned. Which ones of these do you know?
Preference is to have more intricate questions, things that bring more details together. Give me a critique of one of the papers of the class. Some constraints of what you could say. Interesting juxtapositions. Have certain similarities and do a compare and a contrast.
- Exokernel vs microkernel
- noncespaces vs. ISR vs. ASLR
- What is XSS
- XSS vs. Bufferoverflow
- orange book: certification A1 vs. C2
- buffer overflow: stages, outline
- return to libc
- to what extent could a web browser os be C2 certified or A1, why it's unrealistic?
- Protection mechanisms vs. attacks