SoftwareSecurity_Whatisit_,HistoryandSignificanceCPRE556_

1、Software Security: What is it?, History and SignificanceCPRE 556: Lecture 6, January 26, 2006Electrical and Computer Engineering Dept. Iowa State University1Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedCurrent Views on SecurityVulnerability = malicious functionality that extends pr

2、imary, intended design.Vulnerabilities may remain invisible until they are exploited.Software security = risk managementManagement = administrative policies + patch security holes + testing + auditing2Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedWhy is security a challengeComplexit

3、y of systems and software.Security is a cross-cutting concern pervading the entire system and its software.Lack of proactive techniques.One may say that it is better to design for security from scratch not possible in practice because:Significant investment in existing systems and software, practica

4、l realities rule out new replacements starting from scratch.Security standards and knowledge about security are still in evolutionary stage for building new systems.Software experts are not security experts. 3Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedManaging Security Risk Manag

5、ement = administrative policies + patch security holes + testing (current view) + auditing.Administrative policies (often amount restrictions on access) address only a subset of problems and leave other doors open for different types of attacks. For example, a password protected computer can be high

6、jacked by causing a buffer overflow.Patching is a reactive approach. Expensive damage can occur before patching. Testing is a proactive approach it has inherent limitations (we will elaborate and talk more about it later.)Auditing (often manual) is a proactive approach new improvements are needed fo

7、r automating and improving the quality of audits. 4Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedSecurity: Software Problem Most people tend to think of security as a network problemThe truth: Security is often a software problem5Lecture Notes Copyright 2006 S. C. Kothari, All right

8、s reservedSecurity: When is it software problemWe can distinguish security problems by the mechanisms requiring changes to eliminate the vulnerability. Network Problem: requires changing networking mechanisms such as network protocols.OS Problem: requires changing OS mechanisms such OS resource mana

9、gement policies.Software Problem: requires changing software implementation or design 6Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedSome ObservationsNote that in some cases:It may be a hybrid problem requiring more than one type of change.A change in a mechanism such as protocols m

10、ay be implemented in software or hardware.It may be possible to eliminate a problem by making a fundamental change in the processor hardware such as the stack mechanism for implementing subroutine calls.7Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedSANS Top 10 Security Vulnerabilit

11、iesWindows: #1 - IISFailure to handle unanticipated requestsBuffer overflows: Code Red, NimdaPoor Defaults: Sample applicationsUnix: # 8 SendmailBuffer OverflowsInsecure defaultsSANS: /top20/top10.php8Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedSecurity Bugs Can Be ExpensiveBuffer

12、 overflow in IISEstimated cost: $3.26 billionBuffer overflow in SQL ServerEstimated cost: $1.2 billion 9Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedWhat Entrances Do the Hackers UseHackers exploit interactions with:Operating SystemUser InterfacesFile SystemLibraries10Lecture Notes

13、 Copyright 2006 S. C. Kothari, All rights reserved11Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedExample of an AttackBuffer Overflow Attack (BOA): Deadly attack underlying many computer highjackings in the past.12Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedBuffer

14、 Overflow AttackThe idea is simple: enter long strings into input fields, could be APIs/exposed internal objectsThis is an important bug because:copy/paste into inputs fields is a fairly common practiceBuffer overflow may be exploitable by a hacker to get arbitrary code to run on a system.13Lecture

15、Notes Copyright 2006 S. C. Kothari, All rights reservedDemonstration of Buffer Overflow Next we will see a brief demonstration.The demonstration will illustrate the buffer overflow attack as a high-level concept.Note that the demo makes simplifications and does not cover complex and subtle mechanism

16、 employed by BOA. These will be covered in a later lecture.The demo developed with NSF support is available at: /bom/ 14Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedExpected Work After the LectureYou will often find more information on lectures through papers and resources listed o

17、n the web. You should look for those, scan several, and read a few in more depth. You should report your interesting findings in class or by sending me an email. If you send email, identify the lecture number and your last name in the subject line (e.g. Lecture1-Smith) and also within your message.

18、Give proper references for each of your findings.This will be considered as a part of class participation. 15Lecture Notes Copyright 2006 S. C. Kothari, All rights reservedReferencesThese are a few additional references from CPRE 556 website that are related to this lecture:CERT Coordination Center, /Open Source Vulnerability Database, http:/ Linux Security, /content/view/101892/155/ Microsoft Security Bulletins, /technet/security/default.mspx Exploiting Software: The Achilles Heel of Cyber Defense, by Gary McGraw and Greg Hoglund, Cyber Defense Magazine, June 2004, /home/lieber/course