Final Exam Review

Common Attack Techniques

• Stack overflow– Basic version– Advanced versions

• Mitigations– Canary– W^X page– ASLR

Quiz

• Which one of the mitigations can be circumvented by the advanced version of stack overflow?

A. Canary B. W^X C. ASLR 1. indirect jump 2. return into libc3. ROP

Basic Cryptography

• Four primitives– Cryptographic hash– Symmetric encryption– Asymmetric encryption– Digital signature

Quiz

• Which property of cryptographic hash ensures that if password hash matches the one stored on the system, the password is the correct one?

• Which property of cryptographic hash ensures that the stored hash does not jeopardize the secrecy of passwords

Authentication

• Password-based authentication– How is authentication state stored– How is verification done– Attacks and mitigation

Quiz

• Adversary obtains authentication state from the system and conduct brute-force attacks. If the authentication state is salted, would the attack be more difficult than if it is not?

Authentication Protocol

• Challenge-response– Why need it?

• Example ones using the various cryptographic primitives– MAC– Encryption– Digital signature

Quiz

• Using symmetric encryption for authentication. Alice sends m to Bob, Bob encrypts m using shared key K and send it back to Alice, Alice decrypts it and send Bob the plaintext. Bob verifies that the plaintext is the same as m.– Can Alice authenticates to Bob using this?

UNIX Protection Basics

• File system protection• Setuid

Quiz

• What is the security problem you can see?

-rwsr-xrwx 1 simon fac 13589 Jul 30 20:08 getscore

Secure Operating System

• Mandatory Access Control– Complete Mediation: all security-sensitive ops– Tamperproof: untrusted processes cannot modify

access enforcement system– Verifiable: small TCB

Concrete OS Examples

• SELinux– Only need to understand the basic protection

concept.– Policy language not required

• Android– Basic security architecture– Security problems

Security Models

• Bell LaPadula (Secrecy)

• Biba (Integrity)

Trusted Infrastructure

• TPM– Root of trust for storage– Root of trust for reporting– Root of trust for measurement*

• Measured boot

DNS Security

• DNS poisoning problem– How the attack is carried out– Consequence of a successful attack

• DNSSEC– Basic concepts– How this will address the insecurity problem of

DNS