Computer Security, VV 19533, SS 2014

General information on the place and time where the course takes place can be found in the Vorlesungsverzeichnis. Beware that the Vorlesungsverzeichnis does not allow timely updates of information and may be out of date. The lecturer is Prof. Volker Roth and the teaching assistant is Jan-Ole Malchow, see also the web pages of the Secure Identity Research Group.

Description

This course motivates the need for computer security and introduces central concepts of computer security such as security objectives, threats, threat analysis, security policy and mechanism, assumptions and trust, and assurance. We discuss authentication mechanisms, followed by various security models and show which security related questions can be answered in these models. The models we discussed include the Access Control Matrix Model, the Take-Grant Protection Model, the Bell-LaPadula and related models, the Chinese Wall Model, the Lattice Model of Information Flow. Subsequently, we cover principles of security architectures and go through design approaches for secure systems e.g., capability based systems and hardware protection mechanism concepts such as protection rings. Based on the learned, we may look at selected case studies of existing systems. In the remainder of the course, we cover exploitation techniques for specific implementation vulnerabilities such as race conditions, stack and heap overflows, integer overflows, and return oriented programming. Optional topics include a discussion of insider threats, insider recruitment and social engineering attacks. If time permits, we continue to look at the problems that arise when humans interface with security e.g., password habits and password entry mechanisms, human responses to security prompts, incentives and distractors for better security, or reverse Turing tests.

Prerequisites

Knowledge in compiler construction, C, assembler, computer architecture is a plus. It is expected that particiants do extensive literature research and read primary sources. Essential reading is ch. 1-11 in [1] and ch. 4-5 in [2] and all cited literature on hacking and exploitation.

Grading

The grade for the course is the grade of the exam. Active participation requires successful completion of homework assignments and projects and is graded on a pass / no pass basis. At least 50% of the cumulative score is required to pass.

Homework

Homework assignments and their due dates will be posted below.

Exam (Update!)

The exam will take place on

• Thursday July 24, 2014, from 12h - 14h

Lecture topics

Introduction

• Motivation
• Overview, ch. 1-3 of [1]

User authentication

• Password use, management and cracking, [3], [4], [5], [6], [7]
• Password meters, security questions, [8], [9]

Access control theory

• State transition security model, ch. 9 of [1]
• Access control matrix model, ch. 4.7.1-4.7.3 of [2], [10], [11]
• Take-grant protection model, ch. 4.7.4 of [2], [12], [13]
• Mandatory access control models, [14], [15], [16], [17]
• Trojan Horses and Covert Channels, [18], [19], [20]

Introduction to information flow control

• Lattice model of information flow, ch.5.1 of [2], [21], [22]
• Execution-based information flow control mechanisms, ch.5.3 of [2]
• Compiler-based information flow control mechanisms, ch.5.4 of [2]
• Program verification with security requirements, ch.5.5-5.6 of [2], [23]

Reference monitors

• Hardware protection mechanisms
• Inline reference monitors

Hacking, exploitation and mitigation

• Buffer overflows, [24]
• Format string vulnerabilities, [25]
• Heap and integer overflows, [26], [27], [28], [29]
• Return oriented programming, [30], [31]
• TOCTOU attacks, [32], [33]

Attacks on humans

• Insider recruitment and coersion
• Social engineering
• Phishing

Literature

1. Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold, 1988.
2. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
3. Oechslin, P. Making a Faster Cryptanalytic Time-Memory Trade-Off. In Proc. CRYPTO 2003.
4. A. Narayanan, V. Shmatikov. Fast dictionary attacks on passwords using time-space tradeoff. In Proc. CCS 2005.
5. M.~Weir, S.~Aggarwal, B.~de~Medeiros, and B.~Glodek. Password cracking using probabilistic context-free grammars. In Proc. IEEE Symposium on Security and Privacy, pages 391--405, 2009.
6. H. Bojinov, E. Bursztein, X. Boyen, and D. Boneh. Kamouflage: Loss-resistant password management. In Proc. ESORICS, pages 286--302, 2010.
7. A. Juels and R.L. Rivest. Honeywords: Making password-cracking detectable. In Proc. CCS, pages 145--160, 2013.
8. S. Schechter, A. J. B. Brush, and S. Egelman. It's no secret. measuring the security and reliability of authentication via ``secret'' questions. In Proc. IEEE Symposium on Security and Privacy, pages 375--390, 2009.
9. B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L. F. Cranor. How does your password measure up? the effect of strength meters on password creation. In Proc. USENIX Security Symposium, 2012.
10. B. Lampson. Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24.
11. Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. 1976. Protection in operating systems. Commun. ACM 19, 8 (Aug. 1976), 461-471.
12. Snyder, L. 1981. Formal Models of Capability-Based Protection Systems. IEEE Trans. Comput. 30, 3 (Mar. 1981), 172-181.
13. Snyder, L. 1977. On the synthesis and analysis of protection systems. Proc. ACM Symposium on Operating Systems Principles (SOSP). pp. 141-150.
14. David E. Bell and Leonard J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA 01730 (Mar. 1976); also ESD-TR-75-306, rev. 1, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731.
15. David Elliott Bell, Looking Back at the Bell-La Padula Model, Proc. ACSAC, pp.337-351, 2005
16. Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324]
17. Brewer, D., Nash, M., The Chinese Wall security policy. IEEE Symposium on Security and Privacy, pp. 206-214, Oakland, May 1989
18. Thompson, K. 1984. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761-763.
19. Lampson, B. W. 1973. A note on the confinement problem. Commun. ACM 16, 10 (Oct. 1973), 613-615.
20. Lipner, S. B. 1975. A Comment on the Confinement Problem. ACM Operating Systems Review 9(5):192-196
21. Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (May. 1976), 236-243.
22. Jones, A. K. and Lipton, R. J. 1975. The enforcement of security policies for computation. In Proceedings of the Fifth ACM Symposium on Operating Systems Principles (Austin, Texas, United States, November 19 - 21, 1975). SOSP '75. ACM, New York, NY, 197-206.
23. Myers, A. C. 1999. JFlow: practical mostly-static information flow control. Proc. Symposium on Principles of Programming Languages. 1999, 228-241.
24. Aleph One, 1996. Smashing the stack for fun and profit. Phrack Magazine No. 49, Nov. 1996.
25. Scut, 2001. Exploiting Format String Vulnerabilities.
26. Anonymous, 2001. Once upon a free().... Phrack Magazine 57, 9.
27. Blexim, 2002. Basic Integer Overflows. Phrack Magazine 11, 60.
28. Mark Dowd, 2008. Application-Specific Attacks: Leveraging the Action Script Virtual Machine. IBM Global Technology Services Whitepaper, April 2008.
29. Eric Chien, Peter Szor, 2002. Blended Attacks: Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses. Virus Bulletin Conference Sep. 2002, New Orleans, USA, 1-35.
30. Ryan Roemer, Erik Buchanan, Hovav Shacham and Stefan Savage, 2009. Return-Oriented Programming: Systems, Languages, and Applications. In review.
31. Ralf Hund, Thorsten Holz, Felix C. Freiling, 2009. Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. Proc. USENIX Security Symposium, 2009.
32. Dan Tsafrir, Tomer Hertz, David Wagner, Dilma Da Silva, 2008. Portably Solving File TOCTTOU Races with Hardness Amplification. FAST, pp. 189-206.
33. Xiang Cai, Yuwei Gui, Rob Johnson, 2009. Exploiting Unix File-System Races via Algorithmic Complexity Attacks. IEEE S&P, Oakland, CA, pp.27-41.