Lecture 24: Secure Communications

Today's lecture focused primarily on the topic of Secure Communications. We started by discussing why hackers generally break into organizations from the outside: because they are seeking a challenge, they are seeking fame, monetary interests, or ideological reasons. However, most hackers are internal to the network they are trying to hack. We were informed of some basic network security threats, including interception, impostors, remotely logging in as the root user, and threats against content. We then were given some detail on a popular type of attack called a "Replay Attack", where an attacker intercepts a message, and then "replays" that message, potentially resending login information and gaining unauthorized access. A simple way to protect against this type of attack is to implement a time stamp into each message. We were also told of some popular denial of service attacks, including transmission failure, connection flooding, and distributed denial of service. VPNs are also a security concern, given the nature of what they do. We went over a few topics on how VPNs work. Also, quite a large portion of this lecture was spent discussing IPsec, which basically is a form of IP security which allows for secure transmission of information over IP networks. This is necessary because normal IP has no security. The lecture concluded with mentioning that network security is only one piece of the puzzle--many other areas of vulnerability should be addressed to achieve the coveted state of being "totally secure".

Overview Session

We will have an overview session on Wednesday, May 5 at 12pm.

Lecture 18: Access Control

This lecture began with Nathan talking about Trojan horse and background insertion. He talked about what a Trojan horse was. It is a secret, undocumented routine embedded within a useful program. Some of the functions of a Trojan are to screen capture, steel data, and file modification. A Trojan horse can’t replicate itself. He then went on to background insertion. Background insertion is when you can bypass normal authentication, security, and access routines.

After Nathan presented we spent most of the class reviewing operating systems. We went over memory and address protection. This is when the so prevents programs from corruption other programs or data. Often the so can exploit hardware support for this protection. We then went over some protection techniques. For example fence register protects operating systems from user programs. Then there is tagged architecture. This is when each memory word has one or more extra bits that identify access rights to words. We then went over segmentation. Segmentation is when each program has multiple address spaces. Some advantages are users can share access to a segment with potentially different access rights, and users cannot access an unpermitted segment. We then went over paging. And how it is done and used in operating systems. Some advantages of paging are users cannot access an unpermitted page and users can share access to a page with potentially different access rights.

After the review we went over Access Control. We did not make it very far into this topic. We only covered 5 slides. We discussed what the three goals of access control are. These goals are to check every access, enforce least privilege, and verify acceptable use. We then talked about the issues with access control. Some issues are the list becomes too large if many shared objects are accessible to all users, another issue is multiple permissions. This is as far as we got on the slides for this day.

Lecture 23: Network Threats

Today's presentation by Troy covered the WEP (Wired-Equivalent Privacy) cryptosystem for wireless networks. The system used a flawed encryption method and revealed too much information in the packets it creates. Cracking the cryptosystem requires the use of thousands of snooped packets, but this can be collected in little time, and after the collection period, key cracking takes very litle time.

Today's lecture covered network security.

Networks and particularly internet-based networks are particularly vulnerable to attacks. Networks afford anonymity of attackers, plenty of points of attack, easier access, and potentially more security holes if computers with different security systems or OSes are part of the network. The protocol used in a network can also be a weak point if it has vulnerabilities.

There are many aspects to possible attackson a network. All attacks first need some sort of information gathering. Reconnaissance on the vulnerabilities of a network is generally easy. Port scans gather the ports which a computer is listening to. People involved in the network are generally good sources of information if a little social engineering is used.

Eavesdropping on a network tends to be simple. Wired connections can usually be wiretapped stealthily. Wireless connections are even easier to eavesdrop.

Impersonation attacks involve pretending to be some member of a network. This involves either obtaining a password or exploiting vulnerabilities in rights management systems.

Spoofing attacks involve a weaker form of impersonation, but is applicable to more than just users. For example, a phishing attack involves the attacker spoofing a website to look just like another website, with a convincing address to add to the illusion. Spoofing attacks also cover session hijacks and man-in-the-middle attacks.

Session hijacking is a spoofing attack where an attacker hijacks a TCP connection or HTTP session and inserts malicious data or obtains private information. Man-in-the-middle attacks are similar, but instead of masquerading as an endpoint, the attacker becomes an intermediate node, possibly masquerading as both endpoints at once. It may also allow the attacker to alter packets as they move around the network.

Attackers may also attack the topology of the network by poisoning DNS caches, creating "evil twins", or creating "black holes" which attract packets and drops them.

In some cases, the existence of communication alone can be an important information, and traffic flow analysis tries to detect these covert conversations.

Websites have their own sets of vulnerabilities, mostly involving the interaction with a server trying to generate web pages. Some exploits include modified state information, cross-site scripting, buffer overflows, etc. Some vulnerabilities involve the server asking the client to run a certain piece of code (for example, Java applets), and this can be exploited by attackers to harm the user.

(Distributed) Denial of Service attacks a network's availability. This can be done by disrupting physical connections, flooding connection attempts via SYN flooding, ping floods via smurf attacks, etc. Attackers may use botnets to perform these attacks, since they tend to require huge amounts of resources.

All of these attacks are doable with easy-to-get, convenient programs.

Lecture 21 : Trusted Operating System

Lecture # 21 on Monday, April 14th began with a presentation by Gabriel about Non-Malicious Program errors. These are the classic errors that have enabled many recent security breaches. He referred three types of Non-Malicious program errors: Buffer Overflows, Incomplete Mediation & Time-of-Check to Time-of-Use Errors. After mentioning importance of stack, basic ways how buffer can be overflowed were also explained with the help of basic little program. EBP is the address at the beginning of the stack. He explained stack overrun attack with the help of basic algorithm. He concluded the presentation after mentioning some methods to prevent buffer overflow, those are: Non-executable stack, Static Analysis, Dynamic runtime protection, & Use safer versions.
Then, Dr. Gunes gave us an overview of Lecture # 20 during which he talked about trusted operating system design and different security design principles. He highlighted an idea,” after designing a trusted OS how it will complicate the things further”. On one hand he stated an ordinary operating system functions & its security features however on other hand he mentioned a trusted operating system functions and its security features. Further, he mentioned, the kernel is a part of an OS that performs lowest level functions whereas the security kernel is responsible for enforcing security mechanisms for the entire OS. The kernel generally performs 6 functions and those are coverage, separation, unity, modifiability, compactness, and verifiability.
Then, Dr. Gunes moved on to lecture # 21 topics & started with the term reference monitor which is the portion of a security kernel that controls the accesses to objects, in short it acts as a gate keeper. Hardware, processes, primitive files, protected memory & inter-process communication are the system elements on which security enforcement depends. He remarked that a piece of hardware is harder to tamper with, compared to a software. Next, he explained a typical division into TCB & non-TCB sections with the help of a diagram & then he described four basic interactions which TCB monitors & those are: process activation, execution domain switching, memory protection & I/O operation.
Further, he described a combined security kernel/operating system architecture as well as separate security kernel architecture. Physical, temporal, cryptographic & logical are the four ways to separate one process from others. Then, he drew our attention to the concept of virtualization, virtual machine as well as the layered OS design with modules operating in different layers. There are 3 ways to assure that a model, design, & implementations are correct & those are: testing, verification, & validation.
Furthermore, Dr. Gunes moved on to a new chapter & he started with the term security policies. He noted that Military security policy is a hierarchical policy & he emphasized an idea of compartments & sensitivity levels also. He went through classification & clearance concepts. Finally, Dr. Gunes concluded the lecture after describing 4 different security models in brief & those are: Lattice model, Bell-La Padula model, Harrison Ruzzo Ullman model & Take Grant model.

Lab assignment on Trusted Computing

I have uploaded the second lab assignment. The deadline is Tuesday, Apr 27 at 11:00 am.

You may post questions or comments under this blog entry.

Lecture 20 Trusted Operating System

The lecture began today with a presentation by Spencer Dawson on Rainbow Tables and there use to crack passwords. A rainbow table is a lookup table that offers a time-memory tradeoff used in recovering the plain text password from a password hash. The table contains a hash for all possible inputs up to a character limit. These tables have both advantages and limitations. The advantages include the fact that they are built once, and used many times, they make looking for a password faster as the lookup becomes a table search problem, and they are perfect for cracking weak hashes. The limitations on these tables are that they are generated always in the worst case time complexity. They are very large, a table for 8 characters is 134.6 GB, and they become infeasible when passwords are salted.

After the presentation, we continued with a lecture on Trusted Operating Systems. The operating system is a complex system, that is very difficult design and this complexity added with the securities issues makes it a very difficult design problem. By following the path of listing requirements, designing, and then testing the creation of the system can be done. There are several security design principles. These principles include privileges, permissions, separation of privileges, and ease of use. The feature normally included in an ordinary OS include authentication of users, protection of memory, File I/O and location and access control to general objects. Security features in ordinary OS include enforcement of sharing, fair service, and protection of OS protection data. There are more features that are included in an trusted OS including, identifcation and authentication, mandatory access control, object reuse protection, trusted path, accountability and audit, and intrusion detection.

The kernel is part of the OS that performs lowest level functions and the security kernel is responsible for security mechanisms for the entire OS. The kernel is responsible for 6 functions coverage, separation, unity, modifiability, compactness, and verifiability.