SystemsSec 2018W Lecture 9: Difference between revisions
Create page and add notes section |
No edit summary |
||
Line 1: | Line 1: | ||
==Audio== | |||
[http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec09-05Feb2018.m4a Lecture 9 Audio] | |||
==Notes== | ==Notes== | ||
Latest revision as of 04:24, 7 February 2018
Audio
Notes
Software Vulnerabilities ====== Sandboxing: [ dangerous ] safe (untrusted) (trusted) Firewalls: [ safe ] dangerous What else? Access control? Conceptually, a software vulnerability is when the barriers (trust boundaries) are bypassed. How do we detect when trust boundaries are defied? - classic example, logging ("Hey that's an IP from Eastern Europe") Classic Attack Vectors (not related to vulns) - insider attacks - social engineering Mobile phone threat modeling ====== How can an attacker get access to your device? The web. Your phone in this example is not listening on any ports, but it is easy to get bits onto your phone. Send the victim an email. Buy targeted ads. etc. i.e. get them to talk to you. Now that the bits are on the device, how will they "escape"? There are classficiations like: - remote code execution - priviledge escalation - etc. I/O devices (bit entrypoints) ====== - removable storage - network - video/audio input (webcam, microphone) - peripherals (mouse, keyboard, touch screen) - mobile specific inputs (accelerometer, gyroscope, compass, barometer, GPS) What are all these things, at their core? [ a device ] <-> [ driver ] <-> [ kernel ] <-> [ process ] [ CPU and memory ] <- Spectre and Meltdown live here Each step along the chain is a potential place to attack. How can each step (software) fail? Rough categories: - memory corruption (buffer overruns) (more hard nowadays) - "interpreter" abuse - logic errors - race condition (TOCTTOU: time of check to time of use) - information leak (people can hear you through the wall, but can't otherwise get through it)