SystemsSec 2018W Lecture 9
Jump to navigation
Jump to search
Audio
Notes
Software Vulnerabilities
======
Sandboxing: [ dangerous ] safe
(untrusted) (trusted)
Firewalls: [ safe ] dangerous
What else? Access control?
Conceptually, a software vulnerability is when the barriers (trust boundaries) are bypassed.
How do we detect when trust boundaries are defied?
- classic example, logging ("Hey that's an IP from Eastern Europe")
Classic Attack Vectors (not related to vulns)
- insider attacks
- social engineering
Mobile phone threat modeling
======
How can an attacker get access to your device?
The web.
Your phone in this example is not listening on any ports, but it is easy to get bits onto your phone. Send the victim an email. Buy targeted ads. etc. i.e. get them to talk to you.
Now that the bits are on the device, how will they "escape"?
There are classficiations like:
- remote code execution
- priviledge escalation
- etc.
I/O devices (bit entrypoints)
======
- removable storage
- network
- video/audio input (webcam, microphone)
- peripherals (mouse, keyboard, touch screen)
- mobile specific inputs (accelerometer, gyroscope, compass, barometer, GPS)
What are all these things, at their core?
[ a device ] <-> [ driver ] <-> [ kernel ] <-> [ process ]
[ CPU and memory ] <- Spectre and Meltdown live here
Each step along the chain is a potential place to attack.
How can each step (software) fail? Rough categories:
- memory corruption (buffer overruns) (more hard nowadays)
- "interpreter" abuse
- logic errors
- race condition (TOCTTOU: time of check to time of use)
- information leak (people can hear you through the wall, but can't otherwise get through it)