SystemsSec 2018W Lecture 12: Difference between revisions

From Soma-notes
Bradley (talk | contribs)
No edit summary
Bradley (talk | contribs)
Line 6: Line 6:


Potential Assignment Topics:
Potential Assignment Topics:
Crypto
*Crypto
What does it buy you?
**What does it buy you?
What can’t it do?  
**What can’t it do?  
Obfuscation
*Obfuscation
Memory corruption
*Memory corruption
Logic errors
*Logic errors
Back doors
*Back doors
Certificates
*Certificates


SQL Injections
SQL Injections
Query is unsanitized  
*Query is unsanitized  


In the browser what interpreters do we have?
In the browser what interpreters do we have?
Javascript
*Javascript
HTML
*HTML
CSS
*CSS


What does it mean to exploit it?  
What does it mean to exploit it?  
To use a vulnerability to your advantage
*To use a vulnerability to your advantage


In the webpage, there are all kinds of content.  There are advertisements, search bars, twitter feeds, facebook like buttons, etc.   
In the webpage, there are all kinds of content.  There are advertisements, search bars, twitter feeds, facebook like buttons, etc.   
Line 35: Line 35:


Sammy Attack:
Sammy Attack:
Happened during the days of myspace
*Happened during the days of myspace
Forces users to send samy a friend request
*Forces users to send samy a friend request
Harmless
*Harmless


In the comment section, there is a possibility of malicious code.  
In the comment section, there is a possibility of malicious code.  


CSRF
CSRF
Have the victim visit a random webpage  
*Have the victim visit a random webpage  
Have the ability to make your web browser do all sorts of network traffic  
*Have the ability to make your web browser do all sorts of network traffic  


You can pull any arbitrary content over the internet and stick it into a webpage.  
You can pull any arbitrary content over the internet and stick it into a webpage.  


Cookies:
Cookies:
Stored on the web browser  
*Stored on the web browser  
Remembers information about the person browsing the website
*Remembers information about the person browsing the website


Some websites let you stay logged in for a long time.  Some don’t.  
Some websites let you stay logged in for a long time.  Some don’t.  
Line 56: Line 56:


Why did microsoft do this?  
Why did microsoft do this?  
Outlook client access  
*Outlook client access  


What people want to do with the web impacts security design.  
What people want to do with the web impacts security design.  
Line 65: Line 65:


How can we minimize people from running code on your web browser?
How can we minimize people from running code on your web browser?
Idea of least privilege
*Idea of least privilege


Same Origin Policy  
Same Origin Policy  
The only person that is allowed to get access to your web browser is the origin server.  
*The only person that is allowed to get access to your web browser is the origin server.  


CSP
CSP
Prevents stuff from coming from arbitrary sources
*Prevents stuff from coming from arbitrary sources
It does not help with you visiting untrusted sources  
*It does not help with you visiting untrusted sources  
Keeps a list of who is trusted and who is not trusted  
*Keeps a list of who is trusted and who is not trusted  


Web browsers -> The modern operating system  
Web browsers -> The modern operating system  
Line 82: Line 82:


Phone operating systems:
Phone operating systems:
Deal with similar threat model to the web  
*Deal with similar threat model to the web  


IOS strategy for dealing with threats:
IOS strategy for dealing with threats:
Sandbox the hell out of everything  
*Sandbox the hell out of everything  


Android Model:
Android Model:
Access control using capabilities list  
*Access control using capabilities list  


Everytime you install an app on android, it would need to do a security analysis.  You would get questions regarding your current location, camera access, microphone access, etc.  Why does it do that?  For advertisement content.  
Everytime you install an app on android, it would need to do a security analysis.  You would get questions regarding your current location, camera access, microphone access, etc.  Why does it do that?  For advertisement content.  


Snaps and flat packs
Snaps and flat packs
Standards for packaging linux applications to run on systems.  
*Standards for packaging linux applications to run on systems.  
They also include sandboxing
*They also include sandboxing


If you want to run skype on your linux system, you can get a “snap” for it.  But you have to install it on classic mode.  
If you want to run skype on your linux system, you can get a “snap” for it.  But you have to install it on classic mode.  


How are you going to make sure that you are going to be provided with safety while running untrusted code?
How are you going to make sure that you are going to be provided with safety while running untrusted code?
Access control
*Access control
Sandboxing
*Sandboxing


Usability of security systems  
Usability of security systems  


Questions:
Questions:
What can we do to restrict people from putting arbitrary code onto the website you are visiting?  
*What can we do to restrict people from putting arbitrary code onto the website you are visiting?  
What is browser exploit? How do we prevent it?
*What is browser exploit? How do we prevent it?
What is the program with fine grained permissions?
*What is the program with fine grained permissions?

Revision as of 18:12, 15 February 2018

Insert non-formatted text here==Audio==

Lecture 12 Audio

Notes

Potential Assignment Topics:

  • Crypto
    • What does it buy you?
    • What can’t it do?
  • Obfuscation
  • Memory corruption
  • Logic errors
  • Back doors
  • Certificates

SQL Injections

  • Query is unsanitized

In the browser what interpreters do we have?

  • Javascript
  • HTML
  • CSS

What does it mean to exploit it?

  • To use a vulnerability to your advantage

In the webpage, there are all kinds of content. There are advertisements, search bars, twitter feeds, facebook like buttons, etc.

Everything on a webpage has access to the document object model.

Setuid programs -> How much do you have to trust?

Anyone that you allow to become root can do way too much.

Sammy Attack:

  • Happened during the days of myspace
  • Forces users to send samy a friend request
  • Harmless

In the comment section, there is a possibility of malicious code.

CSRF

  • Have the victim visit a random webpage
  • Have the ability to make your web browser do all sorts of network traffic

You can pull any arbitrary content over the internet and stick it into a webpage.

Cookies:

  • Stored on the web browser
  • Remembers information about the person browsing the website

Some websites let you stay logged in for a long time. Some don’t.

XML HTTP Request -> Developed by microsoft

Why did microsoft do this?

  • Outlook client access

What people want to do with the web impacts security design.

Can you embed arbitrary html in facebook? -> No

Either you filter out the bad things, or you escape the bad things.

How can we minimize people from running code on your web browser?

  • Idea of least privilege

Same Origin Policy

  • The only person that is allowed to get access to your web browser is the origin server.

CSP

  • Prevents stuff from coming from arbitrary sources
  • It does not help with you visiting untrusted sources
  • Keeps a list of who is trusted and who is not trusted

Web browsers -> The modern operating system

Web browsers have a different trust model than the operating system does.

Web browsers sandboxes code

Phone operating systems:

  • Deal with similar threat model to the web

IOS strategy for dealing with threats:

  • Sandbox the hell out of everything

Android Model:

  • Access control using capabilities list

Everytime you install an app on android, it would need to do a security analysis. You would get questions regarding your current location, camera access, microphone access, etc. Why does it do that? For advertisement content.

Snaps and flat packs

  • Standards for packaging linux applications to run on systems.
  • They also include sandboxing

If you want to run skype on your linux system, you can get a “snap” for it. But you have to install it on classic mode.

How are you going to make sure that you are going to be provided with safety while running untrusted code?

  • Access control
  • Sandboxing

Usability of security systems

Questions:

  • What can we do to restrict people from putting arbitrary code onto the website you are visiting?
  • What is browser exploit? How do we prevent it?
  • What is the program with fine grained permissions?