diff --git a/Makefile b/Makefile index c7e61f4..03c4b76 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,7 @@ -SUBDIR= overview/ +SUBDIR+= intro +SUBDIR+= broken-abstractions +SUBDIR+= memory-management +SUBDIR+= malware SUBDIR+= stacksmashlab/ SUBDIR+= malwarelab/ diff --git a/broken-abstractions/.gitignore b/broken-abstractions/.gitignore new file mode 100644 index 0000000..30748df --- /dev/null +++ b/broken-abstractions/.gitignore @@ -0,0 +1,14 @@ +BobbyTables.png +__pycache__/ +aliascnt.sty +latexmkrc +slides.pdf +slides.pytxcode +procmem.jpg +pythontex-files-slides/ + +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ + diff --git a/overview/Makefile b/broken-abstractions/Makefile similarity index 65% rename from overview/Makefile rename to broken-abstractions/Makefile index 4c8c423..ffb9dc0 100644 --- a/overview/Makefile +++ b/broken-abstractions/Makefile @@ -1,9 +1,9 @@ LATEXFLAGS+= -shell-escape .PHONY: all -all: overview-slides.pdf overview-notes.pdf +all: slides.pdf notes.pdf -SRC= overview-content.tex abstract.tex overview.bib +SRC= contents.tex abstract.tex bibliography.bib SRC+= jail.py SRC+= combine.c SRC+= echo.sh echofix.sh @@ -13,10 +13,10 @@ SRC+= login.c DEPENDS+= latexmkrc -overview-slides.pdf overview-notes.pdf: ${SRC} ${DEPENDS} +slides.pdf notes.pdf: ${SRC} ${DEPENDS} -overview-slides.pdf: overview-slides.tex -overview-notes.pdf: overview-notes.tex llncs +slides.pdf: slides.tex +notes.pdf: notes.tex procmem.jpg: wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg @@ -24,12 +24,13 @@ procmem.jpg: BobbyTables.png: wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png -.PHONY: clean-depends -clean-depends: +.PHONY: clean-depends distclean +clean-depends distclean: ${RM} procmem.jpg BobbyTables.png .PHONY: clean clean: + ${RM} notes.pdf slides.pdf ${RM} -R __pycache__ _minted-* INCLUDE_MAKEFILES=../makefiles diff --git a/broken-abstractions/README.md b/broken-abstractions/README.md new file mode 100644 index 0000000..707d721 --- /dev/null +++ b/broken-abstractions/README.md @@ -0,0 +1,5 @@ +[![Video: Broken abstractions][img]][vid] + +[vid]: https://youtu.be/GZ9pgfQ77Kg +[img]: https://img.youtube.com/vi/GZ9pgfQ77Kg/hqdefault.jpg + diff --git a/overview/abstract.tex b/broken-abstractions/abstract.tex similarity index 100% rename from overview/abstract.tex rename to broken-abstractions/abstract.tex diff --git a/overview/overview.bib b/broken-abstractions/bibliography.bib similarity index 100% rename from overview/overview.bib rename to broken-abstractions/bibliography.bib diff --git a/overview/combine.c b/broken-abstractions/combine.c similarity index 100% rename from overview/combine.c rename to broken-abstractions/combine.c diff --git a/broken-abstractions/contents.tex b/broken-abstractions/contents.tex new file mode 100644 index 0000000..78975a7 --- /dev/null +++ b/broken-abstractions/contents.tex @@ -0,0 +1,224 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Broken Abstractions} + +\subsection{File System Paths} + +\begin{frame}[fragile] + \inputminted{python}{jail.py} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[./jail.py ../../etc/passwd] + \begin{pycode} +import jail +jail.main(["jailopen", "../../etc/passwd"]) + \end{pycode} + \end{example} +\end{frame} + +\begin{frame} + \pyc[variable]{import os} + \begin{alertblock}{The Problem: Abstraction of paths} + \begin{itemize} + \item We had \pyb[variable]{JAIL_PATH = os.environ["HOME"]}. + \item We let \pyb[variable]{filename = "../../etc/passwd"}. + \item Thus the file we open is \pyb[variable]{JAIL_PATH + "/" + filename} + which results in \pyc[variable]{print(JAIL_PATH + "/" + filename)}. + \item Hence we actually read /etc/passwd. + \end{itemize} + \end{alertblock} +\end{frame} + +\begin{frame} + \begin{itemize} + \item Fine, we ban the string \mintinline{python}{"../"}. + + \item Then what about \mintinline{python}{"..\%c0\%af.."}? + + \end{itemize} +\end{frame} + +\subsection{Character Encoding} + +\begin{frame} + \begin{itemize} + \item All character representations in the computer comes in the form of + different encodings, e.g.\ UTF-8 encoding. + + \item The decoders might be programmed differently, some takes into account + the errors in different encoders to compensate -- and this can be + exploited. + + \item Where the encoding and decoding is done can also be exploited. + + \end{itemize} +\end{frame} + +\begin{frame} + \begin{block}{UTF-8} + \begin{itemize} + \item A character encoding standard. + \item Uses variable length code words: from one byte. + \item First bit indicates if next byte is part of the same code word. + \end{itemize} + \end{block} + + \begin{table} + \begin{tabular}{rrllll} + \textbf{Bytes} & \textbf{Avail bits} & \textbf{Byte 1} + & \textbf{Byte 2} + & \textbf{Byte 3} + & \textbf{Byte 4} \\ + \toprule + 1 & 7 & 0xxxxxxx & & & \\ + 2 & 11 & 110xxxxx & 10xxxxxx & & \\ + 3 & 16 & 1110xxxx & 10xxxxxx & 10xxxxxx & \\ + 4 & 21 & 11110xxx & 10xxxxxx & 10xxxxxx & 10xxxxxx \\ + \bottomrule + \end{tabular} + \end{table} +\end{frame} + +% XXX add more details on UTF-8 coding + +\subsection{Integer Overflows} + +% XXX add more examples on integer overflows +\begin{frame}[fragile] + \inputminted{C}{combine.c} +\end{frame} + +\begin{frame} + \begin{alertblock}{The Problem: Abstraction of integers} + \begin{itemize} + \item Let \mintinline{C}{len2} be very long, say \(2^{32} - 1\), i.e.\ + \mintinline{C}{len2 = 0xffffffff}. + + \item Now we have + \begin{align*} + \text{\mintinline{C}{len1}} + \text{\mintinline{C}{len2}} + + 1 \pmod{2^{32}} + &= \text{\mintinline{C}{len1}} + 2^{32} - 1 + 1 \pmod{2^{32}} \\ + &= \text{\mintinline{C}{len1}} \pmod{2^{32}} \\ + &< \text{\mintinline{C}{sizeof(buf)}}. + \end{align*} + + \item Thus we pass the test, although we shouldn't. + \end{itemize} + \end{alertblock} +\end{frame} + +\begin{frame} + \begin{remark} + This is worse if we use \emph{signed} integers \dots + \end{remark} +\end{frame} + +% XXX add more details and other examples of composition +\subsection{Data and Code} + +\begin{frame}[fragile] + \begin{example}[echo.sh "-E test\textbackslash ning"] + \inputminted{sh}{echo.sh} + \begin{pycode}[echo.sh] +import subprocess +proc = subprocess.Popen(["./echo.sh", "-E test\\ning"], \ +stdout=subprocess.PIPE) +print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ +"\\end{verbatim}") + \end{pycode} + \end{example} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[echofix.sh "-E test\textbackslash ning"] + \inputminted{sh}{echofix.sh} + \begin{pycode}[echofix.sh] +import subprocess +proc = subprocess.Popen(["./echofix.sh", "-E test\\ning"], \ +stdout=subprocess.PIPE) +print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ +"\\end{verbatim}") + \end{pycode} + \end{example} +\end{frame} + +\begin{frame} + \begin{itemize} + \item The login(1) and rlogin(1) composition bug was found in Linux and AIX + systems which didn't check the syntax of the username. + + \item The syntax of login(1) is \mintinline{sh}{login [-p] [-h host] [[-f] + user]}. + + \item The syntax of rlogin(1) is \mintinline{sh}{rlogin [-l user] machine}. + + \item rlogin(1) connects to the machine and runs \mintinline{sh}{login user + machine}. + + \item However, the user could be chosen to be \enquote{-froot}. + \end{itemize} +\end{frame} + +% XXX add canonical representations +%\subsection{Canonical Representations} +% +%\begin{frame} +%\end{frame} + +% XXX add better description of scripting vuln + +\begin{frame}[fragile] + \begin{minted}{sh} + cat ${1} | mail ${2} + \end{minted} + \begin{itemize} + \item What happens with the address + \mintinline{sh}{"foo@bar.org | rm -Rf /"}? + \end{itemize} +\end{frame} + +% XXX add better description and examples of SQL injection + +\begin{frame}[fragile] + \begin{minted}[startinline]{php} + $sql = "SELECT * FROM client WHERE name = '$name'" + \end{minted} + + \pause + + \begin{itemize} + \item Insert the name \mintinline[startinline]{php}{Eve' OR 1=1--}. + \item This will get a totally different meaning. + \end{itemize} + + \pause + + \begin{minted}[startinline]{sql} + SELECT * FROM client WHERE name = 'Eve' OR 1=1-- + \end{minted} +\end{frame} + +\begin{frame} + \begin{figure} + \centering + \includegraphics[width=\textwidth]{BobbyTables.png} + \caption{% + XKCD's Exploits of a Mom. + Image: \cite{BobbyTables}. + } + \end{figure} +\end{frame} + diff --git a/overview/echo.sh b/broken-abstractions/echo.sh similarity index 100% rename from overview/echo.sh rename to broken-abstractions/echo.sh diff --git a/overview/echofix.sh b/broken-abstractions/echofix.sh similarity index 100% rename from overview/echofix.sh rename to broken-abstractions/echofix.sh diff --git a/overview/jail.py b/broken-abstractions/jail.py similarity index 100% rename from overview/jail.py rename to broken-abstractions/jail.py diff --git a/overview/login.c b/broken-abstractions/login.c similarity index 100% rename from overview/login.c rename to broken-abstractions/login.c diff --git a/broken-abstractions/notes.tex b/broken-abstractions/notes.tex new file mode 100644 index 0000000..777b007 --- /dev/null +++ b/broken-abstractions/notes.tex @@ -0,0 +1,44 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\title{% + Broken abstractions +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\mode{% + \begin{frame} + \titlepage + \end{frame} +} +\mode
{% + \maketitle +} + +\mode* + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography +\end{document} diff --git a/broken-abstractions/preamble.tex b/broken-abstractions/preamble.tex new file mode 100644 index 0000000..2d5e960 --- /dev/null +++ b/broken-abstractions/preamble.tex @@ -0,0 +1,97 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[swedish,british]{babel} +\usepackage{url} +\usepackage{color} +\usepackage{multicol} +\usepackage{xparse} +\usepackage{graphicx} +\usepackage{booktabs} + +\usepackage{amsmath} +\usepackage{amssymb} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage{pythontex} +\usepackage{minted} +\setminted{% + linenos=true, + tabsize=2, + texcomments=true, + python3=true, + frame=lines, + autogobble=true, + stripall=true, + breaklines=true, + fontsize=\small +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{Protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + diff --git a/broken-abstractions/questions.tex b/broken-abstractions/questions.tex new file mode 100644 index 0000000..71fb9e0 --- /dev/null +++ b/broken-abstractions/questions.tex @@ -0,0 +1,43 @@ +\question[3]\label{q:software} +% tags: software:A +Can a files such as images (e.g.\ JPEGs) and other data be dangerous? + +\begin{solution} + Yes, they can contain machine code which can be executed if there is e.g.\ + a buffer overrun vulnerability in the software that reads the data. +\end{solution} + + +\question[3]\label{q:software} +% tags: software:E:C +We have talked about how the users' mental models of how a program (and +computer) works can endanger the users' security when the mental model and +reality are not aligned. +This is true also for developers (we mentioned this when we talked about +software security), give an example of how the developers' mental models are +relevant for software security. + +\begin{solution} + Gollmann talked about broken abstractions. + One example is characters: usually we abstract away the encoding and decoding + parts, we see them as characters and not bytes. + So encodings like UTF-8 can cause problems since the same character can be + represented by several byte sequences. + + Another is the finite precision arithmetic that we work with in computers, + usually congruences modulo \(2^{32}\) or \(2^{64}\). +\end{solution} + + +\question[3]\label{q:software} +% tags: software:E:C:A +Give an example where \enquote{data} can be mistaken for \enquote{code}. + +\begin{solution} + Shell scripting is an easy example. + Here you can store part of the code in variables, the simply substitute them. + Consider the following \texttt{/bin/echo -e \$\{1\}}. + The variable \texttt{\$\{1\}} will be substituted and the result will be + interpreted as code. +\end{solution} + diff --git a/broken-abstractions/slides.tex b/broken-abstractions/slides.tex new file mode 100644 index 0000000..bf6d891 --- /dev/null +++ b/broken-abstractions/slides.tex @@ -0,0 +1,74 @@ +%\documentclass[handout]{beamer} +\documentclass{beamer} + +\input{preamble.tex} + +\mode{% + \usetheme{Berlin} + \setbeamertemplate{footline}{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}% + \usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill\insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } + \setbeamercovered{transparent} + \setbeamertemplate{bibliography item}[text] +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!30,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \IfValueTF{#1}{% + \begin{block}{\translate{Exercise}: #1} + }{% + \begin{block}{\translate{Exercise}} + } +}{% + \end{block} +} + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} +\title{% + Broken abstractions +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} +\end{document} diff --git a/intro/.gitignore b/intro/.gitignore new file mode 100644 index 0000000..30748df --- /dev/null +++ b/intro/.gitignore @@ -0,0 +1,14 @@ +BobbyTables.png +__pycache__/ +aliascnt.sty +latexmkrc +slides.pdf +slides.pytxcode +procmem.jpg +pythontex-files-slides/ + +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ + diff --git a/intro/Makefile b/intro/Makefile new file mode 100644 index 0000000..958a14c --- /dev/null +++ b/intro/Makefile @@ -0,0 +1,31 @@ +LATEXFLAGS+= -shell-escape + +.PHONY: all +all: slides.pdf notes.pdf + +SRC= contents.tex abstract.tex bibliography.bib + +DEPENDS+= latexmkrc + +slides.pdf notes.pdf: ${SRC} ${DEPENDS} + +slides.pdf: slides.tex +notes.pdf: notes.tex + +procmem.jpg: + wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg + +BobbyTables.png: + wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png + +.PHONY: clean-depends distclean +clean-depends distclean: + ${RM} procmem.jpg BobbyTables.png + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + ${RM} -R __pycache__ _minted-* + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/intro/README.md b/intro/README.md new file mode 100644 index 0000000..e75bd7f --- /dev/null +++ b/intro/README.md @@ -0,0 +1,5 @@ +[![Intro software security][img]][vid] + +[vid]: https://youtu.be/KblmdFCrp-o +[img]: https://img.youtube.com/vi/KblmdFCrp-o/hqdefault.jpg + diff --git a/intro/abstract.tex b/intro/abstract.tex new file mode 100644 index 0000000..e64da36 --- /dev/null +++ b/intro/abstract.tex @@ -0,0 +1,28 @@ +Perhaps the part of security most people intuitively associate with security, +and computer security in particular, is software security. +This part of computer security treats vulnerabilities in software, e.g.\ buffer +overruns or code injections. +This is a very important part of security, because although the design is +flawless, its implementation might have vulnerabilities. +As an example, most phones are designed to keep the user and applications +unpriviledged, thus all applications will run with the principle of least +priviledges and compartmentalized from each other. +However, software bugs in the operating system can allow malicious apps to gain +priviledges to e.g.\ monitor other apps. + +After this session you should be able to +\begin{itemize} + \item \emph{understand} the need to consider software security in software + development. + \item \emph{evaluate} the software security requirements for different + sitations. +\end{itemize} + +Gollmann treats this area in Chapter 10 of his book, +\citetitle{Gollmann2011cs}~\cite{Gollmann2011cs}. +The recommended exercises to do after reading this material are 10.1, 10.3 and +10.4 in~\cite{Gollmann2011cs}. +Anderson also treats this subject --- in Chapter 4.4 and Chapter 18 of +\citetitle{Anderson2008sea}~\cite{Anderson2008sea} --- albeit with less +technical details. +We also treat the results of \citetitle{BSIMMFindings}~\cite{BSIMMFindings}. diff --git a/intro/bibliography.bib b/intro/bibliography.bib new file mode 100644 index 0000000..b1eaea4 --- /dev/null +++ b/intro/bibliography.bib @@ -0,0 +1,64 @@ +@book{Anderson2008sea, + author={Anderson, Ross J.}, + title={Security Engineering}, + subtitle={A guide to building dependable distributed systems}, + publisher={Wiley}, + address={Indianapolis, IN}, + year={2008}, + edition={2}, + ISBN={978-0-470-06852-6 (hbk.)}, + URL={http://www.cl.cam.ac.uk/~rja14/book.html}, + keywords={IT-s{\"a}kerhet}, +} + +@book{Gollmann2011cs, + author={Gollmann, Dieter}, + title={Computer Security}, + publisher={Wiley}, + address={Chichester, West Sussex, U.K.}, + year={2011}, + edition={3}, + ISBN={9780470741153 (pbk.)}, + keywords={IT-s{\"a}kerhet}, +} + +@article{ieeespectrum2014usb, + author={Schneider, David}, + title={USB Flash Drives Are More Dangerous Than You Think}, + journal={IEEE Spectrum}, + month={8}, + year={2014}, + URL={http://spectrum.ieee.org/tech-talk/computing/embedded-systems/usb-flash-drives-are-more-dangerous-than-you-think}, +} + +@online{BobbyTables, + author={XKCD}, + title={Exploits of a Mom}, + URL={http://xkcd.com/327/}, +} + +@ARTICLE{BSIMMFindings, + author={G. McGraw}, + journal={Computer}, + title={Four Software Security Findings}, + month={Jan}, + year={2016}, + volume={49}, + number={1}, + pages={84-87}, + abstract={Analyzing data from 78 firms using the Building Security In + Maturity Model (BSIMM) revealed four truths about software security that + will help firms protect and secure their assets. Software security + continues to grow and evolve, currently accounting for more than 10 + percent of global IT security revenue worldwide. On the surface, it + seems obvious that we must make software systems secure from the start, + but opinions vary as to implementation. Through a multiyear process of + observing and measuring security initiatives, we can move beyond + opinion into the realm of fact. WHAT follows are four indic}, + keywords={security of data;BSIMM;building security in maturity model;data + analysis;global IT security revenue;software security + findings;BSIMM;Cybertrust;building security + in;cybersecurity;software;software security}, + doi={10.1109/MC.2016.30}, + ISSN={0018-9162}, +} diff --git a/intro/contents.tex b/intro/contents.tex new file mode 100644 index 0000000..d7889bf --- /dev/null +++ b/intro/contents.tex @@ -0,0 +1,83 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Introduction} + +\subsection{Security and Reliability} + +\begin{frame} + \begin{remark} + \begin{itemize} + \item As long as our computer is offline, used only by ourselves, and we + don't add any accessories (e.g.\ USB devices~\cite{ieeespectrum2014usb}), + then we don't have any problems. + + \pause + + \item Problems start to occur when other users start using our software (in + some way), then input to our programs isn't necessarily what we expect. + + \end{itemize} + \end{remark} +\end{frame} + +\begin{frame} + \begin{description} + \item[Software reliability] This concerns software quality in the sense of + accidental failures, i.e.\ the assumption that input is benign. + + \pause{} + + \item[Software security] This concerns software quality in the sense of + intentional failures, i.e.\ the assumption that input is malign. + \end{description} +\end{frame} + +\begin{frame} + \begin{question} + \begin{itemize} + \item Test-driven development? C'est la mode. + \end{itemize} + \end{question} + + \pause + + \begin{solution}[BSIMM\footfullcite{BSIMMFindings}] + \begin{itemize} + \item Do code review. + \item Have a Software Security Group (SSG). + \item Integrate SSG into the organization (have a satellite). + \end{itemize} + \end{solution} +\end{frame} + +\subsection{Changes} + +% XXX add better storyline to changes + +\begin{frame} + \begin{remark}[Changes \dots] + \begin{itemize} + \item There are systems which are designed to be secure, and actually are + secure, but then \dots + + \item Upgrades needed, or, not needed but wanted. + + \item This might come in the form of updating a component or utilizing the + system in an environment it wasn't designed for. + + \end{itemize} + \end{remark} +\end{frame} + + diff --git a/intro/notes.tex b/intro/notes.tex new file mode 100644 index 0000000..1a92a96 --- /dev/null +++ b/intro/notes.tex @@ -0,0 +1,35 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\maketitle + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography +\end{document} diff --git a/overview/overview-preamble.tex b/intro/preamble.tex similarity index 98% rename from overview/overview-preamble.tex rename to intro/preamble.tex index fb686d6..0986758 100644 --- a/overview/overview-preamble.tex +++ b/intro/preamble.tex @@ -11,7 +11,7 @@ \usepackage{amssymb} \usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} -\addbibresource{overview.bib} +\addbibresource{bibliography.bib} \usepackage{pythontex} \usepackage{minted} diff --git a/intro/questions.tex b/intro/questions.tex new file mode 100644 index 0000000..bc8419e --- /dev/null +++ b/intro/questions.tex @@ -0,0 +1,20 @@ +\question[3]\label{q:software} +% tags: software:E:C +We have talked about how the users' mental models of how a program (and +computer) works can endanger the users' security when the mental model and +reality are not aligned. +This is true also for developers (we mentioned this when we talked about +software security), give an example of how the developers' mental models are +relevant for software security. + +\begin{solution} + Gollmann talked about broken abstractions. + One example is characters: usually we abstract away the encoding and decoding + parts, we see them as characters and not bytes. + So encodings like UTF-8 can cause problems since the same character can be + represented by several byte sequences. + + Another is the finite precision arithmetic that we work with in computers, + usually congruences modulo \(2^{32}\) or \(2^{64}\). +\end{solution} + diff --git a/overview/overview-slides.tex b/intro/slides.tex similarity index 78% rename from overview/overview-slides.tex rename to intro/slides.tex index aac1943..d631f41 100644 --- a/overview/overview-slides.tex +++ b/intro/slides.tex @@ -1,7 +1,7 @@ %\documentclass[handout]{beamer} \documentclass{beamer} -\input{overview-preamble.tex} +\input{preamble.tex} \mode{% \usetheme{Berlin} @@ -46,5 +46,28 @@ } \begin{document} -\input{overview-content.tex} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} \end{document} diff --git a/malware/.gitignore b/malware/.gitignore new file mode 100644 index 0000000..3b7f25d --- /dev/null +++ b/malware/.gitignore @@ -0,0 +1,15 @@ +BobbyTables.png +__pycache__/ +aliascnt.sty +latexmkrc +slides.pdf +slides.pytxcode +procmem.jpg +pythontex-files-slides/ +slides.tex + +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ + diff --git a/malware/Makefile b/malware/Makefile new file mode 100644 index 0000000..958a14c --- /dev/null +++ b/malware/Makefile @@ -0,0 +1,31 @@ +LATEXFLAGS+= -shell-escape + +.PHONY: all +all: slides.pdf notes.pdf + +SRC= contents.tex abstract.tex bibliography.bib + +DEPENDS+= latexmkrc + +slides.pdf notes.pdf: ${SRC} ${DEPENDS} + +slides.pdf: slides.tex +notes.pdf: notes.tex + +procmem.jpg: + wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg + +BobbyTables.png: + wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png + +.PHONY: clean-depends distclean +clean-depends distclean: + ${RM} procmem.jpg BobbyTables.png + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + ${RM} -R __pycache__ _minted-* + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/overview/README.md b/malware/README.md similarity index 100% rename from overview/README.md rename to malware/README.md diff --git a/malware/abstract.tex b/malware/abstract.tex new file mode 100644 index 0000000..e64da36 --- /dev/null +++ b/malware/abstract.tex @@ -0,0 +1,28 @@ +Perhaps the part of security most people intuitively associate with security, +and computer security in particular, is software security. +This part of computer security treats vulnerabilities in software, e.g.\ buffer +overruns or code injections. +This is a very important part of security, because although the design is +flawless, its implementation might have vulnerabilities. +As an example, most phones are designed to keep the user and applications +unpriviledged, thus all applications will run with the principle of least +priviledges and compartmentalized from each other. +However, software bugs in the operating system can allow malicious apps to gain +priviledges to e.g.\ monitor other apps. + +After this session you should be able to +\begin{itemize} + \item \emph{understand} the need to consider software security in software + development. + \item \emph{evaluate} the software security requirements for different + sitations. +\end{itemize} + +Gollmann treats this area in Chapter 10 of his book, +\citetitle{Gollmann2011cs}~\cite{Gollmann2011cs}. +The recommended exercises to do after reading this material are 10.1, 10.3 and +10.4 in~\cite{Gollmann2011cs}. +Anderson also treats this subject --- in Chapter 4.4 and Chapter 18 of +\citetitle{Anderson2008sea}~\cite{Anderson2008sea} --- albeit with less +technical details. +We also treat the results of \citetitle{BSIMMFindings}~\cite{BSIMMFindings}. diff --git a/malware/bibliography.bib b/malware/bibliography.bib new file mode 100644 index 0000000..b1eaea4 --- /dev/null +++ b/malware/bibliography.bib @@ -0,0 +1,64 @@ +@book{Anderson2008sea, + author={Anderson, Ross J.}, + title={Security Engineering}, + subtitle={A guide to building dependable distributed systems}, + publisher={Wiley}, + address={Indianapolis, IN}, + year={2008}, + edition={2}, + ISBN={978-0-470-06852-6 (hbk.)}, + URL={http://www.cl.cam.ac.uk/~rja14/book.html}, + keywords={IT-s{\"a}kerhet}, +} + +@book{Gollmann2011cs, + author={Gollmann, Dieter}, + title={Computer Security}, + publisher={Wiley}, + address={Chichester, West Sussex, U.K.}, + year={2011}, + edition={3}, + ISBN={9780470741153 (pbk.)}, + keywords={IT-s{\"a}kerhet}, +} + +@article{ieeespectrum2014usb, + author={Schneider, David}, + title={USB Flash Drives Are More Dangerous Than You Think}, + journal={IEEE Spectrum}, + month={8}, + year={2014}, + URL={http://spectrum.ieee.org/tech-talk/computing/embedded-systems/usb-flash-drives-are-more-dangerous-than-you-think}, +} + +@online{BobbyTables, + author={XKCD}, + title={Exploits of a Mom}, + URL={http://xkcd.com/327/}, +} + +@ARTICLE{BSIMMFindings, + author={G. McGraw}, + journal={Computer}, + title={Four Software Security Findings}, + month={Jan}, + year={2016}, + volume={49}, + number={1}, + pages={84-87}, + abstract={Analyzing data from 78 firms using the Building Security In + Maturity Model (BSIMM) revealed four truths about software security that + will help firms protect and secure their assets. Software security + continues to grow and evolve, currently accounting for more than 10 + percent of global IT security revenue worldwide. On the surface, it + seems obvious that we must make software systems secure from the start, + but opinions vary as to implementation. Through a multiyear process of + observing and measuring security initiatives, we can move beyond + opinion into the realm of fact. WHAT follows are four indic}, + keywords={security of data;BSIMM;building security in maturity model;data + analysis;global IT security revenue;software security + findings;BSIMM;Cybertrust;building security + in;cybersecurity;software;software security}, + doi={10.1109/MC.2016.30}, + ISSN={0018-9162}, +} diff --git a/malware/contents.tex b/malware/contents.tex new file mode 100644 index 0000000..f9239d3 --- /dev/null +++ b/malware/contents.tex @@ -0,0 +1,100 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Malware} + +% XXX add better storyline to malware +\subsection{Background} + +\begin{frame} + \begin{itemize} + \item Comes from \emph{malicious software} and means software with + a malicious intent. + + \item In the early days they were mostly experiments or pranks. + + \item Today they are mostly used for special purposes: + \begin{itemize} + \item steal personal, financial or business information, + \item cripple competition, + \item etc. + \end{itemize} + + \end{itemize} +\end{frame} + +\begin{frame} + \begin{itemize} + \item There are many types of malware. + + \item Their classification depends on the largest threat vector. + + \end{itemize} +\end{frame} + +\subsection{Malware Types} + +\begin{frame}[allowframebreaks] + \begin{description} + \item[Computer Virus] + A form of malware which has self-replicating code. + It \emph{infects} other programs by inserting itself into their program + code, and in turn when these programs are run the virus payload is run to + replicate even further. + + \item[Worm] + A form of malware which replicates itself, not by infection, but by + copying itself to different disks, via networks, or even emailing itself + automatically to everyone in the user's contact list. + + \item[Trojan Horse] + A form of malware which acts as a legitimate program but has hidden + features which are malicious, e.g.\ a utility program which steals your + login credentials in the background or simply acts as a backdoor. + Usually used in combination of social engineering. + + \item[Rootkit] + A piece of software designed to provide access that would otherwise be + restricted. + It also keeps well-hidden and is notoriously difficult to detect and + remove. + Usually this comes from modifying the operating system. + + \item[Spyware] + This software simply tries to gather information about a target without + their knowledge. + Usually the collected information is sent to a third party. + + Keylogging falls under this category. + + \item[Adware] + This is simply a type of malware that presents advertisements to the user + of the infected system. + Obviously staying undetected is not an option, so making itself difficult + to remove is the strategy of choice. + + \item[Scareware] + This is a type of malware that uses social engineering to trick users to + buy unwanted software, e.g.\ fake antivirus software. + + \item[Ransomware] + This is a type of malware that restricts the users access to the system. + A common technique is to encrypt all the user's files. + Then the user is presented with the option of buying the decryption key + for bitcoins. + + They typically propagate as trojans. + + \end{description} +\end{frame} + diff --git a/malware/notes.tex b/malware/notes.tex new file mode 100644 index 0000000..882abd2 --- /dev/null +++ b/malware/notes.tex @@ -0,0 +1,44 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\mode{% + \begin{frame} + \titlepage + \end{frame} +} +\mode
{% + \maketitle +} + +\mode* + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography +\end{document} diff --git a/malware/preamble.tex b/malware/preamble.tex new file mode 100644 index 0000000..0986758 --- /dev/null +++ b/malware/preamble.tex @@ -0,0 +1,96 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[swedish,british]{babel} +\usepackage{url} +\usepackage{color} +\usepackage{multicol} +\usepackage{xparse} +\usepackage{graphicx} + +\usepackage{amsmath} +\usepackage{amssymb} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage{pythontex} +\usepackage{minted} +\setminted{% + linenos=true, + tabsize=2, + texcomments=true, + python3=true, + frame=lines, + autogobble=true, + stripall=true, + breaklines=true, + fontsize=\small +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{Protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + diff --git a/overview/questions.tex b/malware/questions.tex similarity index 100% rename from overview/questions.tex rename to malware/questions.tex diff --git a/malware/slides.tex b/malware/slides.tex new file mode 100644 index 0000000..03ece96 --- /dev/null +++ b/malware/slides.tex @@ -0,0 +1,77 @@ +%\documentclass[handout]{beamer} +\documentclass{beamer} + +\input{preamble.tex} + +\mode{% + \usetheme{Berlin} + \setbeamertemplate{footline}{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}% + \usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill\insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } + \setbeamercovered{transparent} + \setbeamertemplate{bibliography item}[text] +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!30,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \IfValueTF{#1}{% + \begin{block}{\translate{Exercise}: #1} + }{% + \begin{block}{\translate{Exercise}} + } +}{% + \end{block} +} + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + +\begin{abstract} + \mode{\input{abstract.tex}} +\end{abstract} + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} +\end{document} diff --git a/memory-management/.gitignore b/memory-management/.gitignore new file mode 100644 index 0000000..30748df --- /dev/null +++ b/memory-management/.gitignore @@ -0,0 +1,14 @@ +BobbyTables.png +__pycache__/ +aliascnt.sty +latexmkrc +slides.pdf +slides.pytxcode +procmem.jpg +pythontex-files-slides/ + +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ + diff --git a/memory-management/Makefile b/memory-management/Makefile new file mode 100644 index 0000000..4dfdfe4 --- /dev/null +++ b/memory-management/Makefile @@ -0,0 +1,33 @@ +LATEXFLAGS+= -shell-escape + +.PHONY: all +all: slides.pdf notes.pdf + +SRC= contents.tex abstract.tex bibliography.bib +SRC+= procmem.jpg +SRC+= login.c + +DEPENDS+= latexmkrc + +slides.pdf notes.pdf: ${SRC} ${DEPENDS} + +slides.pdf: slides.tex +notes.pdf: notes.tex + +procmem.jpg: + wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg + +BobbyTables.png: + wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png + +.PHONY: clean-depends distclean +clean-depends distclean: + ${RM} procmem.jpg BobbyTables.png + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + ${RM} -R __pycache__ _minted-* + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/memory-management/README.md b/memory-management/README.md new file mode 100644 index 0000000..d52111b --- /dev/null +++ b/memory-management/README.md @@ -0,0 +1,5 @@ +[![Video: Memory management][img]][vid] + +[vid]: https://youtu.be/ZUrZgsDurnQ +[img]: https://img.youtube.com/vi/ZUrZgsDurnQ/hqdefault.jpg + diff --git a/memory-management/abstract.tex b/memory-management/abstract.tex new file mode 100644 index 0000000..e64da36 --- /dev/null +++ b/memory-management/abstract.tex @@ -0,0 +1,28 @@ +Perhaps the part of security most people intuitively associate with security, +and computer security in particular, is software security. +This part of computer security treats vulnerabilities in software, e.g.\ buffer +overruns or code injections. +This is a very important part of security, because although the design is +flawless, its implementation might have vulnerabilities. +As an example, most phones are designed to keep the user and applications +unpriviledged, thus all applications will run with the principle of least +priviledges and compartmentalized from each other. +However, software bugs in the operating system can allow malicious apps to gain +priviledges to e.g.\ monitor other apps. + +After this session you should be able to +\begin{itemize} + \item \emph{understand} the need to consider software security in software + development. + \item \emph{evaluate} the software security requirements for different + sitations. +\end{itemize} + +Gollmann treats this area in Chapter 10 of his book, +\citetitle{Gollmann2011cs}~\cite{Gollmann2011cs}. +The recommended exercises to do after reading this material are 10.1, 10.3 and +10.4 in~\cite{Gollmann2011cs}. +Anderson also treats this subject --- in Chapter 4.4 and Chapter 18 of +\citetitle{Anderson2008sea}~\cite{Anderson2008sea} --- albeit with less +technical details. +We also treat the results of \citetitle{BSIMMFindings}~\cite{BSIMMFindings}. diff --git a/memory-management/bibliography.bib b/memory-management/bibliography.bib new file mode 100644 index 0000000..b1eaea4 --- /dev/null +++ b/memory-management/bibliography.bib @@ -0,0 +1,64 @@ +@book{Anderson2008sea, + author={Anderson, Ross J.}, + title={Security Engineering}, + subtitle={A guide to building dependable distributed systems}, + publisher={Wiley}, + address={Indianapolis, IN}, + year={2008}, + edition={2}, + ISBN={978-0-470-06852-6 (hbk.)}, + URL={http://www.cl.cam.ac.uk/~rja14/book.html}, + keywords={IT-s{\"a}kerhet}, +} + +@book{Gollmann2011cs, + author={Gollmann, Dieter}, + title={Computer Security}, + publisher={Wiley}, + address={Chichester, West Sussex, U.K.}, + year={2011}, + edition={3}, + ISBN={9780470741153 (pbk.)}, + keywords={IT-s{\"a}kerhet}, +} + +@article{ieeespectrum2014usb, + author={Schneider, David}, + title={USB Flash Drives Are More Dangerous Than You Think}, + journal={IEEE Spectrum}, + month={8}, + year={2014}, + URL={http://spectrum.ieee.org/tech-talk/computing/embedded-systems/usb-flash-drives-are-more-dangerous-than-you-think}, +} + +@online{BobbyTables, + author={XKCD}, + title={Exploits of a Mom}, + URL={http://xkcd.com/327/}, +} + +@ARTICLE{BSIMMFindings, + author={G. McGraw}, + journal={Computer}, + title={Four Software Security Findings}, + month={Jan}, + year={2016}, + volume={49}, + number={1}, + pages={84-87}, + abstract={Analyzing data from 78 firms using the Building Security In + Maturity Model (BSIMM) revealed four truths about software security that + will help firms protect and secure their assets. Software security + continues to grow and evolve, currently accounting for more than 10 + percent of global IT security revenue worldwide. On the surface, it + seems obvious that we must make software systems secure from the start, + but opinions vary as to implementation. Through a multiyear process of + observing and measuring security initiatives, we can move beyond + opinion into the realm of fact. WHAT follows are four indic}, + keywords={security of data;BSIMM;building security in maturity model;data + analysis;global IT security revenue;software security + findings;BSIMM;Cybertrust;building security + in;cybersecurity;software;software security}, + doi={10.1109/MC.2016.30}, + ISSN={0018-9162}, +} diff --git a/memory-management/contents.tex b/memory-management/contents.tex new file mode 100644 index 0000000..52d92d0 --- /dev/null +++ b/memory-management/contents.tex @@ -0,0 +1,72 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Memory Management} + +\subsection{Memory Structure} + +\begin{frame} + \includegraphics[height=\textheight]{procmem.jpg} +\end{frame} + +\subsection{Overruns} + +% XXX add more description of buffer overruns +\begin{frame} + \begin{itemize} + \item Buffer overruns + \begin{itemize} + \item Stack overruns + \item Heap overruns + \end{itemize} + + \item All variables in a program use storage from either the stack or heap. + \end{itemize} +\end{frame} + +\begin{frame}[fragile] + \inputminted{C}{login.c} +\end{frame} + +\begin{frame} + \begin{columns}[b] + \begin{column}{0.5\textwidth} + \inputminted[fontsize=\tiny]{C}{login.c} + \end{column} + \begin{column}{0.5\textwidth} + \includegraphics[height=\textheight]{procmem.jpg} + \end{column} + \end{columns} +\end{frame} + +% XXX add figure for previous example + +% XXX add more examples of overruns + +%\subsection{Double-Free Vulnerabilities} +% +%\begin{frame} +%\end{frame} + +\subsection{Type Confusion} + +% XXX clarify slide on type confusion +\begin{frame} + \begin{itemize} + \item There are some problems in object-oriented languages too. + \item Trick the system to point to a different memory location. + \item Thus a write using one type actually modifies something believed to + be of another type somewhere else. + \end{itemize} +\end{frame} + diff --git a/memory-management/login.c b/memory-management/login.c new file mode 100644 index 0000000..ec8c996 --- /dev/null +++ b/memory-management/login.c @@ -0,0 +1,13 @@ +int +login( void ) +{ + char correct_password[] = "swordfish"; + char user_password[16] = {0}; + + printf( "user password: "); + fscanf( "\%s", user_password ); + + if ( !strcmp( correct_password, user_password ) ) + return 0; + return 1; +} diff --git a/memory-management/notes.tex b/memory-management/notes.tex new file mode 100644 index 0000000..1ffa1a5 --- /dev/null +++ b/memory-management/notes.tex @@ -0,0 +1,44 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\title{% + Memory management +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\mode{% + \begin{frame} + \titlepage + \end{frame} +} +\mode
{% + \maketitle +} + +\mode* + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography +\end{document} diff --git a/memory-management/preamble.tex b/memory-management/preamble.tex new file mode 100644 index 0000000..0986758 --- /dev/null +++ b/memory-management/preamble.tex @@ -0,0 +1,96 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[swedish,british]{babel} +\usepackage{url} +\usepackage{color} +\usepackage{multicol} +\usepackage{xparse} +\usepackage{graphicx} + +\usepackage{amsmath} +\usepackage{amssymb} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage{pythontex} +\usepackage{minted} +\setminted{% + linenos=true, + tabsize=2, + texcomments=true, + python3=true, + frame=lines, + autogobble=true, + stripall=true, + breaklines=true, + fontsize=\small +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{Protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + diff --git a/memory-management/questions.tex b/memory-management/questions.tex new file mode 100644 index 0000000..f727bdc --- /dev/null +++ b/memory-management/questions.tex @@ -0,0 +1,9 @@ +\question[3]\label{q:software} +% tags: software:A +Can a files such as images (e.g.\ JPEGs) and other data be dangerous? + +\begin{solution} + Yes, they can contain machine code which can be executed if there is e.g.\ + a buffer overrun vulnerability in the software that reads the data. +\end{solution} + diff --git a/memory-management/slides.tex b/memory-management/slides.tex new file mode 100644 index 0000000..689106e --- /dev/null +++ b/memory-management/slides.tex @@ -0,0 +1,73 @@ +%\documentclass[handout]{beamer} +\documentclass{beamer} + +\input{preamble.tex} + +\mode{% + \usetheme{Berlin} + \setbeamertemplate{footline}{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}% + \usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill\insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } + \setbeamercovered{transparent} + \setbeamertemplate{bibliography item}[text] +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!30,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \IfValueTF{#1}{% + \begin{block}{\translate{Exercise}: #1} + }{% + \begin{block}{\translate{Exercise}} + } +}{% + \end{block} +} + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} +\title{% + Memory management +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} +\end{document} diff --git a/overview/.gitignore b/overview/.gitignore deleted file mode 100644 index 80f1e77..0000000 --- a/overview/.gitignore +++ /dev/null @@ -1,20 +0,0 @@ -BobbyTables.png -__pycache__/ -aliascnt.sty -latexmkrc -llncs.cls -llncs2e.zip -overview-slides.pdf -overview-slides.pytxcode -procmem.jpg -pythontex-files-overview-slides/ -remreset.sty -slides.tex -splncs03.bst -sprmindx.sty - -overview-notes.pdf -overview-notes.pytxcode -overview-slides.pdf.xoj -pythontex-files-overview-notes/ - diff --git a/overview/overview-content.tex b/overview/overview-content.tex deleted file mode 100644 index 8139868..0000000 --- a/overview/overview-content.tex +++ /dev/null @@ -1,503 +0,0 @@ -\title{% - Software Security -} -\author{% - Daniel Bosk -} -\institute[MIUN IKS]{% - Department of Information and Communication Systems,\\ - Mid Sweden University, SE-851\,70 Sundsvall -} -\date{\today} - -\mode{% - \begin{frame} - \titlepage - \end{frame} -} -\mode
{% - \maketitle -} - -\mode* - -\begin{abstract} - \input{abstract.tex} -\end{abstract} - -% Since this a solution template for a generic talk, very little can -% be said about how it should be structured. However, the talk length -% of between 15min and 45min and the theme suggest that you stick to -% the following rules: - -% - Exactly two or three sections (other than the summary). -% - At *most* three subsections per section. -% - Talk about 30s to 2min per frame. So there should be between about -% 15 and 30 frames, all told. - - -\section{Introduction} - -\subsection{Security and Reliability} - -\begin{frame} - \begin{remark} - \begin{itemize} - \item As long as our computer is offline, used only by ourselves, and we - don't add any accessories (e.g.\ USB devices~\cite{ieeespectrum2014usb}), - then we don't have any problems. - - \pause - - \item Problems start to occur when other users start using our software (in - some way), then input to our programs isn't necessarily what we expect. - - \end{itemize} - \end{remark} -\end{frame} - -\begin{frame} - \begin{description} - \item[Software reliability] This concerns software quality in the sense of - accidental failures, i.e.\ the assumption that input is benign. - - \pause{} - - \item[Software security] This concerns software quality in the sense of - intentional failures, i.e.\ the assumption that input is malign. - \end{description} -\end{frame} - -\begin{frame} - \begin{question} - \begin{itemize} - \item Test-driven development? C'est la mode. - \end{itemize} - \end{question} - - \pause - - \begin{solution}[BSIMM\footfullcite{BSIMMFindings}] - \begin{itemize} - \item Do code review. - \item Have a Software Security Group (SSG). - \item Integrate SSG into the organization (have a satellite). - \end{itemize} - \end{solution} -\end{frame} - -\subsection{Changes} - -% XXX add better storyline to changes - -\begin{frame} - \begin{remark}[Changes \dots] - \begin{itemize} - \item There are systems which are designed to be secure, and actually are - secure, but then \dots - - \item Upgrades needed, or, not needed but wanted. - - \item This might come in the form of updating a component or utilizing the - system in an environment it wasn't designed for. - - \end{itemize} - \end{remark} -\end{frame} - - -\section{Broken Abstractions} - -\subsection{File System Paths} - -\begin{frame}[fragile] - \inputminted{python}{jail.py} -\end{frame} - -\begin{frame}[fragile] - \begin{example}[./jail.py ../../etc/passwd] - \begin{pycode} -import jail -jail.main(["jailopen", "../../etc/passwd"]) - \end{pycode} - \end{example} -\end{frame} - -\begin{frame} - \pyc[variable]{import os} - \begin{alertblock}{The Problem: Abstraction of paths} - \begin{itemize} - \item We had \pyb[variable]{JAIL_PATH = os.environ["HOME"]}. - \item We let \pyb[variable]{filename = "../../etc/passwd"}. - \item Thus the file we open is \pyb[variable]{JAIL_PATH + "/" + filename} - which results in \pyc[variable]{print(JAIL_PATH + "/" + filename)}. - \item Hence we actually read /etc/passwd. - \end{itemize} - \end{alertblock} -\end{frame} - -\begin{frame} - \begin{itemize} - \item Fine, we ban the string \mintinline{python}{"../"}. - - \item Then what about \mintinline{python}{"..\%c0\%af.."}? - - \end{itemize} -\end{frame} - -\subsection{Character Encoding} - -\begin{frame} - \begin{itemize} - \item All character representations in the computer comes in the form of - different encodings, e.g.\ UTF-8 encoding. - - \item The decoders might be programmed differently, some takes into account - the errors in different encoders to compensate -- and this can be - exploited. - - \item Where the encoding and decoding is done can also be exploited. - - \end{itemize} -\end{frame} - -\begin{frame} - \begin{block}{UTF-8} - \begin{itemize} - \item A character encoding standard. - \item Uses variable length code words: from one byte. - \item First bit indicates if next byte is part of the same code word. - \end{itemize} - \end{block} -\end{frame} - -% XXX add more details on UTF-8 coding - -\subsection{Integer Overflows} - -% XXX add more examples on integer overflows -\begin{frame}[fragile] - \inputminted{C}{combine.c} -\end{frame} - -\begin{frame} - \begin{alertblock}{The Problem: Abstraction of integers} - \begin{itemize} - \item Let \mintinline{C}{len2} be very long, say \(2^{32} - 1\), i.e.\ - \mintinline{C}{len2 = 0xffffffff}. - - \item Now we have - \begin{align*} - \text{\mintinline{C}{len1}} + \text{\mintinline{C}{len2}} - + 1 \pmod{2^{32}} - &= \text{\mintinline{C}{len1}} + 2^{32} - 1 + 1 \pmod{2^{32}} \\ - &= \text{\mintinline{C}{len1}} \pmod{2^{32}} \\ - &< \text{\mintinline{C}{sizeof(buf)}}. - \end{align*} - - \item Thus we pass the test, although we shouldn't. - \end{itemize} - \end{alertblock} -\end{frame} - -\begin{frame} - \begin{remark} - This is worse if we use \emph{signed} integers \dots - \end{remark} -\end{frame} - -% XXX add more details and other examples of composition -\subsection{Data and Code} - -\begin{frame}[fragile] - \begin{example}[echo.sh "-E test\textbackslash ning"] - \inputminted{sh}{echo.sh} - \begin{pycode}[echo.sh] -import subprocess -proc = subprocess.Popen(["./echo.sh", "-E test\\ning"], \ -stdout=subprocess.PIPE) -print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ -"\\end{verbatim}") - \end{pycode} - \end{example} -\end{frame} - -\begin{frame}[fragile] - \begin{example}[echofix.sh "-E test\textbackslash ning"] - \inputminted{sh}{echofix.sh} - \begin{pycode}[echofix.sh] -import subprocess -proc = subprocess.Popen(["./echofix.sh", "-E test\\ning"], \ -stdout=subprocess.PIPE) -print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ -"\\end{verbatim}") - \end{pycode} - \end{example} -\end{frame} - -\begin{frame} - \begin{itemize} - \item The login(1) and rlogin(1) composition bug was found in Linux and AIX - systems which didn't check the syntax of the username. - - \item The syntax of login(1) is \mintinline{sh}{login [-p] [-h host] [[-f] - user]}. - - \item The syntax of rlogin(1) is \mintinline{sh}{rlogin [-l user] machine}. - - \item rlogin(1) connects to the machine and runs \mintinline{sh}{login user - machine}. - - \item However, the user could be chosen to be \enquote{-froot}. - \end{itemize} -\end{frame} - -% XXX add canonical representations -%\subsection{Canonical Representations} -% -%\begin{frame} -%\end{frame} - -% XXX add better description of scripting vuln - -\begin{frame}[fragile] - \begin{minted}{sh} - cat ${1} | mail ${2} - \end{minted} - \begin{itemize} - \item What happens with the address - \mintinline{sh}{"foo@bar.org | rm -Rf /"}? - \end{itemize} -\end{frame} - -% XXX add better description and examples of SQL injection - -\begin{frame}[fragile] - \begin{minted}[startinline]{php} - $sql = "SELECT * FROM client WHERE name = '$name'" - \end{minted} - \begin{itemize} - \item Insert the name \mintinline[startinline]{php}{Eve' OR 1=1--}. - \item This will get a totally different meaning. - \end{itemize} -\end{frame} - -\begin{frame} - \begin{figure} - \centering - \includegraphics[width=\textwidth]{BobbyTables.png} - \caption{% - XKCD's Exploits of a Mom. - Image: \cite{BobbyTables}. - } - \end{figure} -\end{frame} - - -\section{Memory Management} - -\subsection{Memory Structure} - -\begin{frame} - \includegraphics[height=\textheight]{procmem.jpg} -\end{frame} - -\subsection{Overruns} - -% XXX add more description of buffer overruns -\begin{frame} - \begin{itemize} - \item Buffer overruns - \begin{itemize} - \item Stack overruns - \item Heap overruns - \end{itemize} - - \item All variables in a program use storage from either the stack or heap. - \end{itemize} -\end{frame} - -\begin{frame}[fragile] - \inputminted{C}{login.c} -\end{frame} - -% XXX add figure for previous example - -% XXX add more examples of overruns - -%\subsection{Double-Free Vulnerabilities} -% -%\begin{frame} -%\end{frame} - -\subsection{Type Confusion} - -% XXX clarify slide on type confusion -\begin{frame} - \begin{itemize} - \item There are some problems in object-oriented languages too. - \item Trick the system to point to a different memory location. - \item Thus a write using one type actually modifies something believed to - be of another type somewhere else. - \end{itemize} -\end{frame} - - -%\section{Malware} -% -%% XXX add better storyline to malware -%\subsection{Background} -% -%\begin{frame} -% \begin{itemize} -% \item Comes from \emph{malicious software} and means software with -% a malicious intent. -% -% \item In the early days they were mostly experiments or pranks. -% -% \item Today they are mostly used for special purposes: -% \begin{itemize} -% \item steal personal, financial or business information, -% \item cripple competition, -% \item etc. -% \end{itemize} -% -% \end{itemize} -%\end{frame} -% -%\begin{frame} -% \begin{itemize} -% \item There are many types of malware. -% -% \item Their classification depends on the largest threat vector. -% -% \end{itemize} -%\end{frame} -% -%\subsection{Malware Types} -% -%\begin{frame}[allowframebreaks] -% \begin{description} -% \item[Computer Virus] -% A form of malware which has self-replicating code. -% It \emph{infects} other programs by inserting itself into their program -% code, and in turn when these programs are run the virus payload is run to -% replicate even further. -% -% \item[Worm] -% A form of malware which replicates itself, not by infection, but by -% copying itself to different disks, via networks, or even emailing itself -% automatically to everyone in the user's contact list. -% -% \item[Trojan Horse] -% A form of malware which acts as a legitimate program but has hidden -% features which are malicious, e.g.\ a utility program which steals your -% login credentials in the background or simply acts as a backdoor. -% Usually used in combination of social engineering. -% -% \item[Rootkit] -% A piece of software designed to provide access that would otherwise be -% restricted. -% It also keeps well-hidden and is notoriously difficult to detect and -% remove. -% Usually this comes from modifying the operating system. -% -% \item[Spyware] -% This software simply tries to gather information about a target without -% their knowledge. -% Usually the collected information is sent to a third party. -% -% Keylogging falls under this category. -% -% \item[Adware] -% This is simply a type of malware that presents advertisements to the user -% of the infected system. -% Obviously staying undetected is not an option, so making itself difficult -% to remove is the strategy of choice. -% -% \item[Scareware] -% This is a type of malware that uses social engineering to trick users to -% buy unwanted software, e.g.\ fake antivirus software. -% -% \item[Ransomware] -% This is a type of malware that restricts the users access to the system. -% A common technique is to encrypt all the user's files. -% Then the user is presented with the option of buying the decryption key -% for bitcoins. -% -% They typically propagate as trojans. -% -% \end{description} -%\end{frame} - - - -% XXX add defences to software security, perhaps inline -% XXX instead of separate section - -%\section{Defences} -% -%\subsection{Prevention} -% -%\subsection{Hardware} -% -%\begin{frame} -% \begin{itemize} -% \item Hardware -% %\item Modus Operandi -% \item Safer Functions -% \item Filtering -% \item Type Safety -% \end{itemize} -%\end{frame} -% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -% -%\subsection{Detection} -% -%\begin{frame} -% \begin{itemize} -% \item Canaries -% \item Code Inspection -% \item Testing -% \end{itemize} -%\end{frame} -% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -% -%\subsection{Mitigation} -% -%\begin{frame} -% \begin{itemize} -% \item Least privilege \dots -% \end{itemize} -%\end{frame} -% -%\subsection{Reaction} -% -%\begin{frame} -% \begin{itemize} -% \item Keep up to date \dots -% \end{itemize} -%\end{frame} - -%%%%%%%%%%%%%%%%%%%%%% - -\begin{frame} - \small - \printbibliography -\end{frame} diff --git a/overview/overview-notes.tex b/overview/overview-notes.tex deleted file mode 100644 index 0771175..0000000 --- a/overview/overview-notes.tex +++ /dev/null @@ -1,14 +0,0 @@ -\documentclass{llncs} -\pagestyle{plain} - -\usepackage[hyphens]{url} -\usepackage[hidelinks]{hyperref} - -\input{overview-preamble.tex} - -\usepackage[noamsthm,notheorems]{beamerarticle} -\setjobnamebeamerversion{overview-slides} - -\begin{document} -\input{overview-content.tex} -\end{document}