CPS110: General securityIntro: general securitySecurity abstractionsBuilding up from the hardwareSlide 5Authentication: who are you?Password authenticationCryptographic hashesSlide 9Weak passwordsSlide 11Slide 12Physical token authenticationBiometric authenticationReal-world authenticationAuthorization: what can you do?Access control listsSlide 18Frighteningly commonSlide 20Data breachWhat to do?Identifying sensitive filesSlide 24Download entropy scoresCapabilitiesSlide 27Slide 28RevocationDealing with securityReducing the trusted baseCommon attacksHidden channelsHidden channels: tenexBuffer overflowTrojan horseWhy security is so hardLogin backdoorConfickerConficker and DNSSlide 41Coming upCPS110: General securityLandon CoxIntro: general securityHardware realityProcessor, memory, disks, NICComponents can be used by anyoneOS abstractionControlled access to hardwareSecurity abstractionsWhat HW primitives exist for access control?Processor mode bit (kernel/user mode)Protected instructions (I/O instructions, halt)Protected data (page tables, interrupt vector)Want to build two abstractions on theseIdentity (authentication) Who are you?Security policy (authorization)What are you allowed to do?Building up from the hardwareOne of the themes of this classThreadsAtomic test&set, interrupt enable/disableTransactionsSingle disk sector writeReliable communicationAtomic packet sendBuilding up from the hardwareAlready built on top of HW security primitivesSecure sharing of physical memoryUse protection between address spaces(fault on unauthorized access)Secure sharing of kernel servicesUse system calls to safely transition to privileged mode(trap after syscall instruction)Authentication: who are you?Prove your identity to the OSMany ways to authenticate1. Passwords2. Physical tokens3. BiometricsPassword authenticationPasswordShared secret between you and the OSSeveral weaknessesHow should we store passwords?Cryptographic hashes (MD5, SHA)Hashes are one-way functionsCheck that hash(input) = hash(password)Cryptographic hashesInfeasible to reverse (even for the system!)I.e. cannot compute plaintext from digestCollision-resistant hash functionProbability (collision) < probability (HW error)Extremely useful tool in lots of domainsCan be used as a shorthand for naming objects (e.g. files)SHA1 hashSHA1 hash160 bitsArbitrarily large“Hash digest”Password authenticationWhat’s the weakest link in password systems?People!People choose short passwords(brute force attacks take less time)People choose easy-to-remember passwords(narrows the search space: dictionary attack)People choose the same password for everything(break the weakest web site, gain access to the strongest)How could you use cryptographic hashes to solve this?User remembers one password, systems sends Hash(pass + site name)Weak passwordsConsider an 8-character password256^8 possible passwords2^64 ~ 16 * billion * billionIf you only choose lower-case letters26^8 ~ 200 billionIf you choose a word from the dictionary320,000 words in Webster’s unabridged1000/second find a password in 5 minutesResearchers ran an attack on Michigan passwordsRecovered thousands; some of the most popular: “beer”, “hockey”Similar result at Berkeley CS in the 80s: “gandolph”Physical token authenticationRequire something physicalE.g. a ticket to a dance performanceWhat if your token is stolen/forged?Require a physical token + passwordE.g. your ATM card + PINBiometric authenticationEssentially a physical tokenOne that should be hard to steal/forgeExamplesThumbprint, retina scan, signatureMost have accuracy problemsFalse positives (accept invalid person)False negatives (reject valid person)Real-world authenticationHow to authenticate to your credit card company?Give them your social security numberThey ask over the phone and checkHow is this vulnerable?Company has my SSN, so they can pretend to be me(or someone who breaks into them can pretend to be me)Phone line snoop can pretend to be meAuthorization: what can you do?Fundamental structureAccess control matrixRows = authentication domainsColumns = objectsTwo approaches to storing data: Access control lists and capabilitiesFile 1 File 2 File 3User 1 RW RW RWUser 2 -- R RWAccess control listsStandard for file systemsAt each objectStore who can access the objectStore how the object can be accessedOn each accessCheck that the user has proper permissionsUse groups to make things more convenientE.g. forbes, chase, and lpcox are all in group “prof”Access control listsHow can you defeat ACL authorization?Villain convinces the OS it is someone elseExampleSendmail runs as root (full privileges)Attacker compromises sendmail processCan now run arbitrary code under root IDThis is what you will be doing in Project 3What if you get the ACL wrong?Frighteningly common“Usability and privacy: a study of Kazaa…”Good and Krekelberg, SigCHI 2003In 12 hours, found 150 inboxes on KazaaObserved people downloading themMany other examples: web, NFS, etcPeople don’t understand software interactionsAffects even diligent users …Data breachAliceBobDespite her best efforts, Alice’s data is only as secure as her least competent confidant.SnoopWhat to do?Two goals1. Identify sensitive files2. Infer who is allowed to view themMany more constraints1. Don’t impact performance2. Don’t bother the user3. Remain backwards-compatibleIdentifying sensitive filesApproach: identify the common caseI download sensitive docs from many sourcesmail.cs.duke.eduWhat do the examples have in common?Encryption!Identifying sensitive filesApproach: identify the common caseI download sensitive docs from many sourcesInsight: data is often encrypted for a reasonIn our examples, servers allow clients to cache sensitive fileTo protect those files in the network, communication is encryptedHow can we tell if network communication is encrypted?Use the port (e.g., 443 is used for HTTPS)Ciphertext exhibits high “entropy” or randomnessEntropy = information density, measured in bits/byteCan inexpensively measure the entropy of every socketIf data stream exhibits high
View Full Document