From 87e1e9d69ee08ba48f812ea0aaf51e4a9123cbd1 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Thu, 23 Apr 2020 15:14:06 +0200 Subject: [PATCH 01/16] Updates overview to better format (repo structure) --- overview/.gitignore | 19 +++++++------------ overview/Makefile | 10 +++++----- overview/{overview.bib => bibliography.bib} | 0 .../{overview-content.tex => contents.tex} | 0 overview/notes.tex | 13 +++++++++++++ overview/overview-notes.tex | 14 -------------- .../{overview-preamble.tex => preamble.tex} | 2 +- overview/{overview-slides.tex => slides.tex} | 4 ++-- 8 files changed, 28 insertions(+), 34 deletions(-) rename overview/{overview.bib => bibliography.bib} (100%) rename overview/{overview-content.tex => contents.tex} (100%) create mode 100644 overview/notes.tex delete mode 100644 overview/overview-notes.tex rename overview/{overview-preamble.tex => preamble.tex} (98%) rename overview/{overview-slides.tex => slides.tex} (95%) diff --git a/overview/.gitignore b/overview/.gitignore index 80f1e77..3b7f25d 100644 --- a/overview/.gitignore +++ b/overview/.gitignore @@ -2,19 +2,14 @@ BobbyTables.png __pycache__/ aliascnt.sty latexmkrc -llncs.cls -llncs2e.zip -overview-slides.pdf -overview-slides.pytxcode +slides.pdf +slides.pytxcode procmem.jpg -pythontex-files-overview-slides/ -remreset.sty +pythontex-files-slides/ slides.tex -splncs03.bst -sprmindx.sty -overview-notes.pdf -overview-notes.pytxcode -overview-slides.pdf.xoj -pythontex-files-overview-notes/ +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ diff --git a/overview/Makefile b/overview/Makefile index 4c8c423..67c91dc 100644 --- a/overview/Makefile +++ b/overview/Makefile @@ -1,9 +1,9 @@ LATEXFLAGS+= -shell-escape .PHONY: all -all: overview-slides.pdf overview-notes.pdf +all: slides.pdf notes.pdf -SRC= overview-content.tex abstract.tex overview.bib +SRC= contents.tex abstract.tex bibliography.bib SRC+= jail.py SRC+= combine.c SRC+= echo.sh echofix.sh @@ -13,10 +13,10 @@ SRC+= login.c DEPENDS+= latexmkrc -overview-slides.pdf overview-notes.pdf: ${SRC} ${DEPENDS} +slides.pdf notes.pdf: ${SRC} ${DEPENDS} -overview-slides.pdf: overview-slides.tex -overview-notes.pdf: overview-notes.tex llncs +slides.pdf: slides.tex +notes.pdf: notes.tex procmem.jpg: wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg diff --git a/overview/overview.bib b/overview/bibliography.bib similarity index 100% rename from overview/overview.bib rename to overview/bibliography.bib diff --git a/overview/overview-content.tex b/overview/contents.tex similarity index 100% rename from overview/overview-content.tex rename to overview/contents.tex diff --git a/overview/notes.tex b/overview/notes.tex new file mode 100644 index 0000000..f5e0236 --- /dev/null +++ b/overview/notes.tex @@ -0,0 +1,13 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\input{contents.tex} +\end{document} diff --git a/overview/overview-notes.tex b/overview/overview-notes.tex deleted file mode 100644 index 0771175..0000000 --- a/overview/overview-notes.tex +++ /dev/null @@ -1,14 +0,0 @@ -\documentclass{llncs} -\pagestyle{plain} - -\usepackage[hyphens]{url} -\usepackage[hidelinks]{hyperref} - -\input{overview-preamble.tex} - -\usepackage[noamsthm,notheorems]{beamerarticle} -\setjobnamebeamerversion{overview-slides} - -\begin{document} -\input{overview-content.tex} -\end{document} diff --git a/overview/overview-preamble.tex b/overview/preamble.tex similarity index 98% rename from overview/overview-preamble.tex rename to overview/preamble.tex index fb686d6..0986758 100644 --- a/overview/overview-preamble.tex +++ b/overview/preamble.tex @@ -11,7 +11,7 @@ \usepackage{amssymb} \usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} -\addbibresource{overview.bib} +\addbibresource{bibliography.bib} \usepackage{pythontex} \usepackage{minted} diff --git a/overview/overview-slides.tex b/overview/slides.tex similarity index 95% rename from overview/overview-slides.tex rename to overview/slides.tex index aac1943..a967454 100644 --- a/overview/overview-slides.tex +++ b/overview/slides.tex @@ -1,7 +1,7 @@ %\documentclass[handout]{beamer} \documentclass{beamer} -\input{overview-preamble.tex} +\input{preamble.tex} \mode{% \usetheme{Berlin} @@ -46,5 +46,5 @@ } \begin{document} -\input{overview-content.tex} +\input{contents.tex} \end{document} From 1546b2a166523d7e09a702631b66f288658d2a7d Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Thu, 23 Apr 2020 15:15:10 +0200 Subject: [PATCH 02/16] Updates makefiles submodule --- makefiles | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefiles b/makefiles index b91c20d..6605d1b 160000 --- a/makefiles +++ b/makefiles @@ -1 +1 @@ -Subproject commit b91c20df9f759ec5962f96814a63ca936bdbae79 +Subproject commit 6605d1be88e7a73bf8f8954c486d6a411842866a From 74c03ef3225bd3768293005a92050adc0c2d404b Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Thu, 23 Apr 2020 21:14:29 +0200 Subject: [PATCH 03/16] Improves clean recipe for overview --- overview/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/overview/Makefile b/overview/Makefile index 67c91dc..3752297 100644 --- a/overview/Makefile +++ b/overview/Makefile @@ -30,6 +30,7 @@ clean-depends: .PHONY: clean clean: + ${RM} notes.pdf slides.pdf ${RM} -R __pycache__ _minted-* INCLUDE_MAKEFILES=../makefiles From 4901e297a83496a9bca043dcaac1f9630d04d34d Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 10:21:42 +0200 Subject: [PATCH 04/16] Breaks out intro from overview --- intro/.gitignore | 15 +++++++ intro/Makefile | 37 ++++++++++++++++ intro/README.md | 1 + intro/abstract.tex | 28 ++++++++++++ intro/bibliography.bib | 64 ++++++++++++++++++++++++++++ intro/contents.tex | 83 ++++++++++++++++++++++++++++++++++++ intro/notes.tex | 35 +++++++++++++++ intro/preamble.tex | 96 ++++++++++++++++++++++++++++++++++++++++++ intro/questions.tex | 20 +++++++++ overview/contents.tex | 70 ------------------------------ 10 files changed, 379 insertions(+), 70 deletions(-) create mode 100644 intro/.gitignore create mode 100644 intro/Makefile create mode 100644 intro/README.md create mode 100644 intro/abstract.tex create mode 100644 intro/bibliography.bib create mode 100644 intro/contents.tex create mode 100644 intro/notes.tex create mode 100644 intro/preamble.tex create mode 100644 intro/questions.tex diff --git a/intro/.gitignore b/intro/.gitignore new file mode 100644 index 0000000..3b7f25d --- /dev/null +++ b/intro/.gitignore @@ -0,0 +1,15 @@ +BobbyTables.png +__pycache__/ +aliascnt.sty +latexmkrc +slides.pdf +slides.pytxcode +procmem.jpg +pythontex-files-slides/ +slides.tex + +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ + diff --git a/intro/Makefile b/intro/Makefile new file mode 100644 index 0000000..3752297 --- /dev/null +++ b/intro/Makefile @@ -0,0 +1,37 @@ +LATEXFLAGS+= -shell-escape + +.PHONY: all +all: slides.pdf notes.pdf + +SRC= contents.tex abstract.tex bibliography.bib +SRC+= jail.py +SRC+= combine.c +SRC+= echo.sh echofix.sh +SRC+= BobbyTables.png +SRC+= procmem.jpg +SRC+= login.c + +DEPENDS+= latexmkrc + +slides.pdf notes.pdf: ${SRC} ${DEPENDS} + +slides.pdf: slides.tex +notes.pdf: notes.tex + +procmem.jpg: + wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg + +BobbyTables.png: + wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png + +.PHONY: clean-depends +clean-depends: + ${RM} procmem.jpg BobbyTables.png + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + ${RM} -R __pycache__ _minted-* + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/intro/README.md b/intro/README.md new file mode 100644 index 0000000..5b08099 --- /dev/null +++ b/intro/README.md @@ -0,0 +1 @@ +[Software security] introduces the problems of software security. diff --git a/intro/abstract.tex b/intro/abstract.tex new file mode 100644 index 0000000..e64da36 --- /dev/null +++ b/intro/abstract.tex @@ -0,0 +1,28 @@ +Perhaps the part of security most people intuitively associate with security, +and computer security in particular, is software security. +This part of computer security treats vulnerabilities in software, e.g.\ buffer +overruns or code injections. +This is a very important part of security, because although the design is +flawless, its implementation might have vulnerabilities. +As an example, most phones are designed to keep the user and applications +unpriviledged, thus all applications will run with the principle of least +priviledges and compartmentalized from each other. +However, software bugs in the operating system can allow malicious apps to gain +priviledges to e.g.\ monitor other apps. + +After this session you should be able to +\begin{itemize} + \item \emph{understand} the need to consider software security in software + development. + \item \emph{evaluate} the software security requirements for different + sitations. +\end{itemize} + +Gollmann treats this area in Chapter 10 of his book, +\citetitle{Gollmann2011cs}~\cite{Gollmann2011cs}. +The recommended exercises to do after reading this material are 10.1, 10.3 and +10.4 in~\cite{Gollmann2011cs}. +Anderson also treats this subject --- in Chapter 4.4 and Chapter 18 of +\citetitle{Anderson2008sea}~\cite{Anderson2008sea} --- albeit with less +technical details. +We also treat the results of \citetitle{BSIMMFindings}~\cite{BSIMMFindings}. diff --git a/intro/bibliography.bib b/intro/bibliography.bib new file mode 100644 index 0000000..b1eaea4 --- /dev/null +++ b/intro/bibliography.bib @@ -0,0 +1,64 @@ +@book{Anderson2008sea, + author={Anderson, Ross J.}, + title={Security Engineering}, + subtitle={A guide to building dependable distributed systems}, + publisher={Wiley}, + address={Indianapolis, IN}, + year={2008}, + edition={2}, + ISBN={978-0-470-06852-6 (hbk.)}, + URL={http://www.cl.cam.ac.uk/~rja14/book.html}, + keywords={IT-s{\"a}kerhet}, +} + +@book{Gollmann2011cs, + author={Gollmann, Dieter}, + title={Computer Security}, + publisher={Wiley}, + address={Chichester, West Sussex, U.K.}, + year={2011}, + edition={3}, + ISBN={9780470741153 (pbk.)}, + keywords={IT-s{\"a}kerhet}, +} + +@article{ieeespectrum2014usb, + author={Schneider, David}, + title={USB Flash Drives Are More Dangerous Than You Think}, + journal={IEEE Spectrum}, + month={8}, + year={2014}, + URL={http://spectrum.ieee.org/tech-talk/computing/embedded-systems/usb-flash-drives-are-more-dangerous-than-you-think}, +} + +@online{BobbyTables, + author={XKCD}, + title={Exploits of a Mom}, + URL={http://xkcd.com/327/}, +} + +@ARTICLE{BSIMMFindings, + author={G. McGraw}, + journal={Computer}, + title={Four Software Security Findings}, + month={Jan}, + year={2016}, + volume={49}, + number={1}, + pages={84-87}, + abstract={Analyzing data from 78 firms using the Building Security In + Maturity Model (BSIMM) revealed four truths about software security that + will help firms protect and secure their assets. Software security + continues to grow and evolve, currently accounting for more than 10 + percent of global IT security revenue worldwide. On the surface, it + seems obvious that we must make software systems secure from the start, + but opinions vary as to implementation. Through a multiyear process of + observing and measuring security initiatives, we can move beyond + opinion into the realm of fact. WHAT follows are four indic}, + keywords={security of data;BSIMM;building security in maturity model;data + analysis;global IT security revenue;software security + findings;BSIMM;Cybertrust;building security + in;cybersecurity;software;software security}, + doi={10.1109/MC.2016.30}, + ISSN={0018-9162}, +} diff --git a/intro/contents.tex b/intro/contents.tex new file mode 100644 index 0000000..d7889bf --- /dev/null +++ b/intro/contents.tex @@ -0,0 +1,83 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Introduction} + +\subsection{Security and Reliability} + +\begin{frame} + \begin{remark} + \begin{itemize} + \item As long as our computer is offline, used only by ourselves, and we + don't add any accessories (e.g.\ USB devices~\cite{ieeespectrum2014usb}), + then we don't have any problems. + + \pause + + \item Problems start to occur when other users start using our software (in + some way), then input to our programs isn't necessarily what we expect. + + \end{itemize} + \end{remark} +\end{frame} + +\begin{frame} + \begin{description} + \item[Software reliability] This concerns software quality in the sense of + accidental failures, i.e.\ the assumption that input is benign. + + \pause{} + + \item[Software security] This concerns software quality in the sense of + intentional failures, i.e.\ the assumption that input is malign. + \end{description} +\end{frame} + +\begin{frame} + \begin{question} + \begin{itemize} + \item Test-driven development? C'est la mode. + \end{itemize} + \end{question} + + \pause + + \begin{solution}[BSIMM\footfullcite{BSIMMFindings}] + \begin{itemize} + \item Do code review. + \item Have a Software Security Group (SSG). + \item Integrate SSG into the organization (have a satellite). + \end{itemize} + \end{solution} +\end{frame} + +\subsection{Changes} + +% XXX add better storyline to changes + +\begin{frame} + \begin{remark}[Changes \dots] + \begin{itemize} + \item There are systems which are designed to be secure, and actually are + secure, but then \dots + + \item Upgrades needed, or, not needed but wanted. + + \item This might come in the form of updating a component or utilizing the + system in an environment it wasn't designed for. + + \end{itemize} + \end{remark} +\end{frame} + + diff --git a/intro/notes.tex b/intro/notes.tex new file mode 100644 index 0000000..1a92a96 --- /dev/null +++ b/intro/notes.tex @@ -0,0 +1,35 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\maketitle + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography +\end{document} diff --git a/intro/preamble.tex b/intro/preamble.tex new file mode 100644 index 0000000..0986758 --- /dev/null +++ b/intro/preamble.tex @@ -0,0 +1,96 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[swedish,british]{babel} +\usepackage{url} +\usepackage{color} +\usepackage{multicol} +\usepackage{xparse} +\usepackage{graphicx} + +\usepackage{amsmath} +\usepackage{amssymb} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage{pythontex} +\usepackage{minted} +\setminted{% + linenos=true, + tabsize=2, + texcomments=true, + python3=true, + frame=lines, + autogobble=true, + stripall=true, + breaklines=true, + fontsize=\small +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{Protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + diff --git a/intro/questions.tex b/intro/questions.tex new file mode 100644 index 0000000..bc8419e --- /dev/null +++ b/intro/questions.tex @@ -0,0 +1,20 @@ +\question[3]\label{q:software} +% tags: software:E:C +We have talked about how the users' mental models of how a program (and +computer) works can endanger the users' security when the mental model and +reality are not aligned. +This is true also for developers (we mentioned this when we talked about +software security), give an example of how the developers' mental models are +relevant for software security. + +\begin{solution} + Gollmann talked about broken abstractions. + One example is characters: usually we abstract away the encoding and decoding + parts, we see them as characters and not bytes. + So encodings like UTF-8 can cause problems since the same character can be + represented by several byte sequences. + + Another is the finite precision arithmetic that we work with in computers, + usually congruences modulo \(2^{32}\) or \(2^{64}\). +\end{solution} + diff --git a/overview/contents.tex b/overview/contents.tex index 8139868..514873e 100644 --- a/overview/contents.tex +++ b/overview/contents.tex @@ -36,76 +36,6 @@ % 15 and 30 frames, all told. -\section{Introduction} - -\subsection{Security and Reliability} - -\begin{frame} - \begin{remark} - \begin{itemize} - \item As long as our computer is offline, used only by ourselves, and we - don't add any accessories (e.g.\ USB devices~\cite{ieeespectrum2014usb}), - then we don't have any problems. - - \pause - - \item Problems start to occur when other users start using our software (in - some way), then input to our programs isn't necessarily what we expect. - - \end{itemize} - \end{remark} -\end{frame} - -\begin{frame} - \begin{description} - \item[Software reliability] This concerns software quality in the sense of - accidental failures, i.e.\ the assumption that input is benign. - - \pause{} - - \item[Software security] This concerns software quality in the sense of - intentional failures, i.e.\ the assumption that input is malign. - \end{description} -\end{frame} - -\begin{frame} - \begin{question} - \begin{itemize} - \item Test-driven development? C'est la mode. - \end{itemize} - \end{question} - - \pause - - \begin{solution}[BSIMM\footfullcite{BSIMMFindings}] - \begin{itemize} - \item Do code review. - \item Have a Software Security Group (SSG). - \item Integrate SSG into the organization (have a satellite). - \end{itemize} - \end{solution} -\end{frame} - -\subsection{Changes} - -% XXX add better storyline to changes - -\begin{frame} - \begin{remark}[Changes \dots] - \begin{itemize} - \item There are systems which are designed to be secure, and actually are - secure, but then \dots - - \item Upgrades needed, or, not needed but wanted. - - \item This might come in the form of updating a component or utilizing the - system in an environment it wasn't designed for. - - \end{itemize} - \end{remark} -\end{frame} - - \section{Broken Abstractions} \subsection{File System Paths} From 59246367b20c691cc3c9035c751c5fc913b5ca88 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 10:26:30 +0200 Subject: [PATCH 05/16] Moves out title, author etc from contents --- overview/contents.tex | 31 ------------------------------- overview/notes.tex | 31 +++++++++++++++++++++++++++++++ overview/slides.tex | 29 ++++++++++++++++++++++++++++- 3 files changed, 59 insertions(+), 32 deletions(-) diff --git a/overview/contents.tex b/overview/contents.tex index 514873e..ecb825b 100644 --- a/overview/contents.tex +++ b/overview/contents.tex @@ -1,30 +1,5 @@ -\title{% - Software Security -} -\author{% - Daniel Bosk -} -\institute[MIUN IKS]{% - Department of Information and Communication Systems,\\ - Mid Sweden University, SE-851\,70 Sundsvall -} -\date{\today} - -\mode{% - \begin{frame} - \titlepage - \end{frame} -} -\mode
{% - \maketitle -} - \mode* -\begin{abstract} - \input{abstract.tex} -\end{abstract} - % Since this a solution template for a generic talk, very little can % be said about how it should be structured. However, the talk length % of between 15min and 45min and the theme suggest that you stick to @@ -425,9 +400,3 @@ \subsection{Type Confusion} % \end{itemize} %\end{frame} -%%%%%%%%%%%%%%%%%%%%%% - -\begin{frame} - \small - \printbibliography -\end{frame} diff --git a/overview/notes.tex b/overview/notes.tex index f5e0236..882abd2 100644 --- a/overview/notes.tex +++ b/overview/notes.tex @@ -9,5 +9,36 @@ \setjobnamebeamerversion{slides} \begin{document} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\mode{% + \begin{frame} + \titlepage + \end{frame} +} +\mode
{% + \maketitle +} + +\mode* + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + \input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography \end{document} diff --git a/overview/slides.tex b/overview/slides.tex index a967454..03ece96 100644 --- a/overview/slides.tex +++ b/overview/slides.tex @@ -46,5 +46,32 @@ } \begin{document} -\input{contents.tex} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + +\begin{abstract} + \mode{\input{abstract.tex}} +\end{abstract} + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} \end{document} From 2a4cd054154446c8ff38da7aed8ace790b84a4ca Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 11:24:21 +0200 Subject: [PATCH 06/16] Adds distclean target --- intro/Makefile | 4 ++-- overview/Makefile | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/intro/Makefile b/intro/Makefile index 3752297..ffb9dc0 100644 --- a/intro/Makefile +++ b/intro/Makefile @@ -24,8 +24,8 @@ procmem.jpg: BobbyTables.png: wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png -.PHONY: clean-depends -clean-depends: +.PHONY: clean-depends distclean +clean-depends distclean: ${RM} procmem.jpg BobbyTables.png .PHONY: clean diff --git a/overview/Makefile b/overview/Makefile index 3752297..ffb9dc0 100644 --- a/overview/Makefile +++ b/overview/Makefile @@ -24,8 +24,8 @@ procmem.jpg: BobbyTables.png: wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png -.PHONY: clean-depends -clean-depends: +.PHONY: clean-depends distclean +clean-depends distclean: ${RM} procmem.jpg BobbyTables.png .PHONY: clean From a556497b67363190447a0379947ae8294451a675 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 11:24:33 +0200 Subject: [PATCH 07/16] Revert "Updates makefiles submodule" This reverts commit 1546b2a166523d7e09a702631b66f288658d2a7d. --- makefiles | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefiles b/makefiles index 6605d1b..b91c20d 160000 --- a/makefiles +++ b/makefiles @@ -1 +1 @@ -Subproject commit 6605d1be88e7a73bf8f8954c486d6a411842866a +Subproject commit b91c20df9f759ec5962f96814a63ca936bdbae79 From 014f3270576ca203437c256309d1d0ebedf86764 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 11:29:41 +0200 Subject: [PATCH 08/16] Breaks out broken-abstractions --- broken-abstractions/.gitignore | 15 ++ broken-abstractions/Makefile | 37 +++++ broken-abstractions/README.md | 1 + broken-abstractions/abstract.tex | 28 ++++ broken-abstractions/bibliography.bib | 64 +++++++++ broken-abstractions/combine.c | 10 ++ broken-abstractions/contents.tex | 200 +++++++++++++++++++++++++++ broken-abstractions/echo.sh | 2 + broken-abstractions/echofix.sh | 2 + broken-abstractions/jail.py | 18 +++ broken-abstractions/login.c | 13 ++ broken-abstractions/notes.tex | 44 ++++++ broken-abstractions/preamble.tex | 96 +++++++++++++ broken-abstractions/questions.tex | 43 ++++++ overview/contents.tex | 188 ------------------------- 15 files changed, 573 insertions(+), 188 deletions(-) create mode 100644 broken-abstractions/.gitignore create mode 100644 broken-abstractions/Makefile create mode 100644 broken-abstractions/README.md create mode 100644 broken-abstractions/abstract.tex create mode 100644 broken-abstractions/bibliography.bib create mode 100644 broken-abstractions/combine.c create mode 100644 broken-abstractions/contents.tex create mode 100755 broken-abstractions/echo.sh create mode 100755 broken-abstractions/echofix.sh create mode 100644 broken-abstractions/jail.py create mode 100644 broken-abstractions/login.c create mode 100644 broken-abstractions/notes.tex create mode 100644 broken-abstractions/preamble.tex create mode 100644 broken-abstractions/questions.tex diff --git a/broken-abstractions/.gitignore b/broken-abstractions/.gitignore new file mode 100644 index 0000000..3b7f25d --- /dev/null +++ b/broken-abstractions/.gitignore @@ -0,0 +1,15 @@ +BobbyTables.png +__pycache__/ +aliascnt.sty +latexmkrc +slides.pdf +slides.pytxcode +procmem.jpg +pythontex-files-slides/ +slides.tex + +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ + diff --git a/broken-abstractions/Makefile b/broken-abstractions/Makefile new file mode 100644 index 0000000..ffb9dc0 --- /dev/null +++ b/broken-abstractions/Makefile @@ -0,0 +1,37 @@ +LATEXFLAGS+= -shell-escape + +.PHONY: all +all: slides.pdf notes.pdf + +SRC= contents.tex abstract.tex bibliography.bib +SRC+= jail.py +SRC+= combine.c +SRC+= echo.sh echofix.sh +SRC+= BobbyTables.png +SRC+= procmem.jpg +SRC+= login.c + +DEPENDS+= latexmkrc + +slides.pdf notes.pdf: ${SRC} ${DEPENDS} + +slides.pdf: slides.tex +notes.pdf: notes.tex + +procmem.jpg: + wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg + +BobbyTables.png: + wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png + +.PHONY: clean-depends distclean +clean-depends distclean: + ${RM} procmem.jpg BobbyTables.png + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + ${RM} -R __pycache__ _minted-* + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/broken-abstractions/README.md b/broken-abstractions/README.md new file mode 100644 index 0000000..5b08099 --- /dev/null +++ b/broken-abstractions/README.md @@ -0,0 +1 @@ +[Software security] introduces the problems of software security. diff --git a/broken-abstractions/abstract.tex b/broken-abstractions/abstract.tex new file mode 100644 index 0000000..e64da36 --- /dev/null +++ b/broken-abstractions/abstract.tex @@ -0,0 +1,28 @@ +Perhaps the part of security most people intuitively associate with security, +and computer security in particular, is software security. +This part of computer security treats vulnerabilities in software, e.g.\ buffer +overruns or code injections. +This is a very important part of security, because although the design is +flawless, its implementation might have vulnerabilities. +As an example, most phones are designed to keep the user and applications +unpriviledged, thus all applications will run with the principle of least +priviledges and compartmentalized from each other. +However, software bugs in the operating system can allow malicious apps to gain +priviledges to e.g.\ monitor other apps. + +After this session you should be able to +\begin{itemize} + \item \emph{understand} the need to consider software security in software + development. + \item \emph{evaluate} the software security requirements for different + sitations. +\end{itemize} + +Gollmann treats this area in Chapter 10 of his book, +\citetitle{Gollmann2011cs}~\cite{Gollmann2011cs}. +The recommended exercises to do after reading this material are 10.1, 10.3 and +10.4 in~\cite{Gollmann2011cs}. +Anderson also treats this subject --- in Chapter 4.4 and Chapter 18 of +\citetitle{Anderson2008sea}~\cite{Anderson2008sea} --- albeit with less +technical details. +We also treat the results of \citetitle{BSIMMFindings}~\cite{BSIMMFindings}. diff --git a/broken-abstractions/bibliography.bib b/broken-abstractions/bibliography.bib new file mode 100644 index 0000000..b1eaea4 --- /dev/null +++ b/broken-abstractions/bibliography.bib @@ -0,0 +1,64 @@ +@book{Anderson2008sea, + author={Anderson, Ross J.}, + title={Security Engineering}, + subtitle={A guide to building dependable distributed systems}, + publisher={Wiley}, + address={Indianapolis, IN}, + year={2008}, + edition={2}, + ISBN={978-0-470-06852-6 (hbk.)}, + URL={http://www.cl.cam.ac.uk/~rja14/book.html}, + keywords={IT-s{\"a}kerhet}, +} + +@book{Gollmann2011cs, + author={Gollmann, Dieter}, + title={Computer Security}, + publisher={Wiley}, + address={Chichester, West Sussex, U.K.}, + year={2011}, + edition={3}, + ISBN={9780470741153 (pbk.)}, + keywords={IT-s{\"a}kerhet}, +} + +@article{ieeespectrum2014usb, + author={Schneider, David}, + title={USB Flash Drives Are More Dangerous Than You Think}, + journal={IEEE Spectrum}, + month={8}, + year={2014}, + URL={http://spectrum.ieee.org/tech-talk/computing/embedded-systems/usb-flash-drives-are-more-dangerous-than-you-think}, +} + +@online{BobbyTables, + author={XKCD}, + title={Exploits of a Mom}, + URL={http://xkcd.com/327/}, +} + +@ARTICLE{BSIMMFindings, + author={G. McGraw}, + journal={Computer}, + title={Four Software Security Findings}, + month={Jan}, + year={2016}, + volume={49}, + number={1}, + pages={84-87}, + abstract={Analyzing data from 78 firms using the Building Security In + Maturity Model (BSIMM) revealed four truths about software security that + will help firms protect and secure their assets. Software security + continues to grow and evolve, currently accounting for more than 10 + percent of global IT security revenue worldwide. On the surface, it + seems obvious that we must make software systems secure from the start, + but opinions vary as to implementation. Through a multiyear process of + observing and measuring security initiatives, we can move beyond + opinion into the realm of fact. WHAT follows are four indic}, + keywords={security of data;BSIMM;building security in maturity model;data + analysis;global IT security revenue;software security + findings;BSIMM;Cybertrust;building security + in;cybersecurity;software;software security}, + doi={10.1109/MC.2016.30}, + ISSN={0018-9162}, +} diff --git a/broken-abstractions/combine.c b/broken-abstractions/combine.c new file mode 100644 index 0000000..f3e6403 --- /dev/null +++ b/broken-abstractions/combine.c @@ -0,0 +1,10 @@ +char buf[128]; + +void +combine( char *s1, size_t len1, char *s2, size_t len2) +{ + if ( len1 + len2 + 1 <= sizeof(buf) ) { + strncpy( buf, s1, len1 ); + strncat( buf, s2, len2 ); + } +} diff --git a/broken-abstractions/contents.tex b/broken-abstractions/contents.tex new file mode 100644 index 0000000..24894eb --- /dev/null +++ b/broken-abstractions/contents.tex @@ -0,0 +1,200 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Broken Abstractions} + +\subsection{File System Paths} + +\begin{frame}[fragile] + \inputminted{python}{jail.py} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[./jail.py ../../etc/passwd] + \begin{pycode} +import jail +jail.main(["jailopen", "../../etc/passwd"]) + \end{pycode} + \end{example} +\end{frame} + +\begin{frame} + \pyc[variable]{import os} + \begin{alertblock}{The Problem: Abstraction of paths} + \begin{itemize} + \item We had \pyb[variable]{JAIL_PATH = os.environ["HOME"]}. + \item We let \pyb[variable]{filename = "../../etc/passwd"}. + \item Thus the file we open is \pyb[variable]{JAIL_PATH + "/" + filename} + which results in \pyc[variable]{print(JAIL_PATH + "/" + filename)}. + \item Hence we actually read /etc/passwd. + \end{itemize} + \end{alertblock} +\end{frame} + +\begin{frame} + \begin{itemize} + \item Fine, we ban the string \mintinline{python}{"../"}. + + \item Then what about \mintinline{python}{"..\%c0\%af.."}? + + \end{itemize} +\end{frame} + +\subsection{Character Encoding} + +\begin{frame} + \begin{itemize} + \item All character representations in the computer comes in the form of + different encodings, e.g.\ UTF-8 encoding. + + \item The decoders might be programmed differently, some takes into account + the errors in different encoders to compensate -- and this can be + exploited. + + \item Where the encoding and decoding is done can also be exploited. + + \end{itemize} +\end{frame} + +\begin{frame} + \begin{block}{UTF-8} + \begin{itemize} + \item A character encoding standard. + \item Uses variable length code words: from one byte. + \item First bit indicates if next byte is part of the same code word. + \end{itemize} + \end{block} +\end{frame} + +% XXX add more details on UTF-8 coding + +\subsection{Integer Overflows} + +% XXX add more examples on integer overflows +\begin{frame}[fragile] + \inputminted{C}{combine.c} +\end{frame} + +\begin{frame} + \begin{alertblock}{The Problem: Abstraction of integers} + \begin{itemize} + \item Let \mintinline{C}{len2} be very long, say \(2^{32} - 1\), i.e.\ + \mintinline{C}{len2 = 0xffffffff}. + + \item Now we have + \begin{align*} + \text{\mintinline{C}{len1}} + \text{\mintinline{C}{len2}} + + 1 \pmod{2^{32}} + &= \text{\mintinline{C}{len1}} + 2^{32} - 1 + 1 \pmod{2^{32}} \\ + &= \text{\mintinline{C}{len1}} \pmod{2^{32}} \\ + &< \text{\mintinline{C}{sizeof(buf)}}. + \end{align*} + + \item Thus we pass the test, although we shouldn't. + \end{itemize} + \end{alertblock} +\end{frame} + +\begin{frame} + \begin{remark} + This is worse if we use \emph{signed} integers \dots + \end{remark} +\end{frame} + +% XXX add more details and other examples of composition +\subsection{Data and Code} + +\begin{frame}[fragile] + \begin{example}[echo.sh "-E test\textbackslash ning"] + \inputminted{sh}{echo.sh} + \begin{pycode}[echo.sh] +import subprocess +proc = subprocess.Popen(["./echo.sh", "-E test\\ning"], \ +stdout=subprocess.PIPE) +print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ +"\\end{verbatim}") + \end{pycode} + \end{example} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[echofix.sh "-E test\textbackslash ning"] + \inputminted{sh}{echofix.sh} + \begin{pycode}[echofix.sh] +import subprocess +proc = subprocess.Popen(["./echofix.sh", "-E test\\ning"], \ +stdout=subprocess.PIPE) +print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ +"\\end{verbatim}") + \end{pycode} + \end{example} +\end{frame} + +\begin{frame} + \begin{itemize} + \item The login(1) and rlogin(1) composition bug was found in Linux and AIX + systems which didn't check the syntax of the username. + + \item The syntax of login(1) is \mintinline{sh}{login [-p] [-h host] [[-f] + user]}. + + \item The syntax of rlogin(1) is \mintinline{sh}{rlogin [-l user] machine}. + + \item rlogin(1) connects to the machine and runs \mintinline{sh}{login user + machine}. + + \item However, the user could be chosen to be \enquote{-froot}. + \end{itemize} +\end{frame} + +% XXX add canonical representations +%\subsection{Canonical Representations} +% +%\begin{frame} +%\end{frame} + +% XXX add better description of scripting vuln + +\begin{frame}[fragile] + \begin{minted}{sh} + cat ${1} | mail ${2} + \end{minted} + \begin{itemize} + \item What happens with the address + \mintinline{sh}{"foo@bar.org | rm -Rf /"}? + \end{itemize} +\end{frame} + +% XXX add better description and examples of SQL injection + +\begin{frame}[fragile] + \begin{minted}[startinline]{php} + $sql = "SELECT * FROM client WHERE name = '$name'" + \end{minted} + \begin{itemize} + \item Insert the name \mintinline[startinline]{php}{Eve' OR 1=1--}. + \item This will get a totally different meaning. + \end{itemize} +\end{frame} + +\begin{frame} + \begin{figure} + \centering + \includegraphics[width=\textwidth]{BobbyTables.png} + \caption{% + XKCD's Exploits of a Mom. + Image: \cite{BobbyTables}. + } + \end{figure} +\end{frame} + diff --git a/broken-abstractions/echo.sh b/broken-abstractions/echo.sh new file mode 100755 index 0000000..4d2141d --- /dev/null +++ b/broken-abstractions/echo.sh @@ -0,0 +1,2 @@ +#!/bin/sh +/bin/echo -e ${1} diff --git a/broken-abstractions/echofix.sh b/broken-abstractions/echofix.sh new file mode 100755 index 0000000..e8283c1 --- /dev/null +++ b/broken-abstractions/echofix.sh @@ -0,0 +1,2 @@ +#!/bin/sh +/bin/echo -e "${1}" diff --git a/broken-abstractions/jail.py b/broken-abstractions/jail.py new file mode 100644 index 0000000..3ce2783 --- /dev/null +++ b/broken-abstractions/jail.py @@ -0,0 +1,18 @@ +#!/bin/env python3 +import sys, os + +JAIL_PATH = os.environ["HOME"] + +def jailed_open(filename): + return open(JAIL_PATH + "/" + filename) + +def main(argv): + f = jailed_open(argv[1]) + + print("\\begin{verbatim}") + for line in f.readlines(): + print(line.strip()) + print("\\end{verbatim}\n") + +if __name__ == "__main__": + main(sys.argv) diff --git a/broken-abstractions/login.c b/broken-abstractions/login.c new file mode 100644 index 0000000..ec8c996 --- /dev/null +++ b/broken-abstractions/login.c @@ -0,0 +1,13 @@ +int +login( void ) +{ + char correct_password[] = "swordfish"; + char user_password[16] = {0}; + + printf( "user password: "); + fscanf( "\%s", user_password ); + + if ( !strcmp( correct_password, user_password ) ) + return 0; + return 1; +} diff --git a/broken-abstractions/notes.tex b/broken-abstractions/notes.tex new file mode 100644 index 0000000..777b007 --- /dev/null +++ b/broken-abstractions/notes.tex @@ -0,0 +1,44 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\title{% + Broken abstractions +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\mode{% + \begin{frame} + \titlepage + \end{frame} +} +\mode
{% + \maketitle +} + +\mode* + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography +\end{document} diff --git a/broken-abstractions/preamble.tex b/broken-abstractions/preamble.tex new file mode 100644 index 0000000..0986758 --- /dev/null +++ b/broken-abstractions/preamble.tex @@ -0,0 +1,96 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[swedish,british]{babel} +\usepackage{url} +\usepackage{color} +\usepackage{multicol} +\usepackage{xparse} +\usepackage{graphicx} + +\usepackage{amsmath} +\usepackage{amssymb} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage{pythontex} +\usepackage{minted} +\setminted{% + linenos=true, + tabsize=2, + texcomments=true, + python3=true, + frame=lines, + autogobble=true, + stripall=true, + breaklines=true, + fontsize=\small +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{Protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + diff --git a/broken-abstractions/questions.tex b/broken-abstractions/questions.tex new file mode 100644 index 0000000..71fb9e0 --- /dev/null +++ b/broken-abstractions/questions.tex @@ -0,0 +1,43 @@ +\question[3]\label{q:software} +% tags: software:A +Can a files such as images (e.g.\ JPEGs) and other data be dangerous? + +\begin{solution} + Yes, they can contain machine code which can be executed if there is e.g.\ + a buffer overrun vulnerability in the software that reads the data. +\end{solution} + + +\question[3]\label{q:software} +% tags: software:E:C +We have talked about how the users' mental models of how a program (and +computer) works can endanger the users' security when the mental model and +reality are not aligned. +This is true also for developers (we mentioned this when we talked about +software security), give an example of how the developers' mental models are +relevant for software security. + +\begin{solution} + Gollmann talked about broken abstractions. + One example is characters: usually we abstract away the encoding and decoding + parts, we see them as characters and not bytes. + So encodings like UTF-8 can cause problems since the same character can be + represented by several byte sequences. + + Another is the finite precision arithmetic that we work with in computers, + usually congruences modulo \(2^{32}\) or \(2^{64}\). +\end{solution} + + +\question[3]\label{q:software} +% tags: software:E:C:A +Give an example where \enquote{data} can be mistaken for \enquote{code}. + +\begin{solution} + Shell scripting is an easy example. + Here you can store part of the code in variables, the simply substitute them. + Consider the following \texttt{/bin/echo -e \$\{1\}}. + The variable \texttt{\$\{1\}} will be substituted and the result will be + interpreted as code. +\end{solution} + diff --git a/overview/contents.tex b/overview/contents.tex index ecb825b..b49364a 100644 --- a/overview/contents.tex +++ b/overview/contents.tex @@ -11,194 +11,6 @@ % 15 and 30 frames, all told. -\section{Broken Abstractions} - -\subsection{File System Paths} - -\begin{frame}[fragile] - \inputminted{python}{jail.py} -\end{frame} - -\begin{frame}[fragile] - \begin{example}[./jail.py ../../etc/passwd] - \begin{pycode} -import jail -jail.main(["jailopen", "../../etc/passwd"]) - \end{pycode} - \end{example} -\end{frame} - -\begin{frame} - \pyc[variable]{import os} - \begin{alertblock}{The Problem: Abstraction of paths} - \begin{itemize} - \item We had \pyb[variable]{JAIL_PATH = os.environ["HOME"]}. - \item We let \pyb[variable]{filename = "../../etc/passwd"}. - \item Thus the file we open is \pyb[variable]{JAIL_PATH + "/" + filename} - which results in \pyc[variable]{print(JAIL_PATH + "/" + filename)}. - \item Hence we actually read /etc/passwd. - \end{itemize} - \end{alertblock} -\end{frame} - -\begin{frame} - \begin{itemize} - \item Fine, we ban the string \mintinline{python}{"../"}. - - \item Then what about \mintinline{python}{"..\%c0\%af.."}? - - \end{itemize} -\end{frame} - -\subsection{Character Encoding} - -\begin{frame} - \begin{itemize} - \item All character representations in the computer comes in the form of - different encodings, e.g.\ UTF-8 encoding. - - \item The decoders might be programmed differently, some takes into account - the errors in different encoders to compensate -- and this can be - exploited. - - \item Where the encoding and decoding is done can also be exploited. - - \end{itemize} -\end{frame} - -\begin{frame} - \begin{block}{UTF-8} - \begin{itemize} - \item A character encoding standard. - \item Uses variable length code words: from one byte. - \item First bit indicates if next byte is part of the same code word. - \end{itemize} - \end{block} -\end{frame} - -% XXX add more details on UTF-8 coding - -\subsection{Integer Overflows} - -% XXX add more examples on integer overflows -\begin{frame}[fragile] - \inputminted{C}{combine.c} -\end{frame} - -\begin{frame} - \begin{alertblock}{The Problem: Abstraction of integers} - \begin{itemize} - \item Let \mintinline{C}{len2} be very long, say \(2^{32} - 1\), i.e.\ - \mintinline{C}{len2 = 0xffffffff}. - - \item Now we have - \begin{align*} - \text{\mintinline{C}{len1}} + \text{\mintinline{C}{len2}} - + 1 \pmod{2^{32}} - &= \text{\mintinline{C}{len1}} + 2^{32} - 1 + 1 \pmod{2^{32}} \\ - &= \text{\mintinline{C}{len1}} \pmod{2^{32}} \\ - &< \text{\mintinline{C}{sizeof(buf)}}. - \end{align*} - - \item Thus we pass the test, although we shouldn't. - \end{itemize} - \end{alertblock} -\end{frame} - -\begin{frame} - \begin{remark} - This is worse if we use \emph{signed} integers \dots - \end{remark} -\end{frame} - -% XXX add more details and other examples of composition -\subsection{Data and Code} - -\begin{frame}[fragile] - \begin{example}[echo.sh "-E test\textbackslash ning"] - \inputminted{sh}{echo.sh} - \begin{pycode}[echo.sh] -import subprocess -proc = subprocess.Popen(["./echo.sh", "-E test\\ning"], \ -stdout=subprocess.PIPE) -print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ -"\\end{verbatim}") - \end{pycode} - \end{example} -\end{frame} - -\begin{frame}[fragile] - \begin{example}[echofix.sh "-E test\textbackslash ning"] - \inputminted{sh}{echofix.sh} - \begin{pycode}[echofix.sh] -import subprocess -proc = subprocess.Popen(["./echofix.sh", "-E test\\ning"], \ -stdout=subprocess.PIPE) -print("\\begin{verbatim}" + proc.stdout.read().decode("utf-8") + \ -"\\end{verbatim}") - \end{pycode} - \end{example} -\end{frame} - -\begin{frame} - \begin{itemize} - \item The login(1) and rlogin(1) composition bug was found in Linux and AIX - systems which didn't check the syntax of the username. - - \item The syntax of login(1) is \mintinline{sh}{login [-p] [-h host] [[-f] - user]}. - - \item The syntax of rlogin(1) is \mintinline{sh}{rlogin [-l user] machine}. - - \item rlogin(1) connects to the machine and runs \mintinline{sh}{login user - machine}. - - \item However, the user could be chosen to be \enquote{-froot}. - \end{itemize} -\end{frame} - -% XXX add canonical representations -%\subsection{Canonical Representations} -% -%\begin{frame} -%\end{frame} - -% XXX add better description of scripting vuln - -\begin{frame}[fragile] - \begin{minted}{sh} - cat ${1} | mail ${2} - \end{minted} - \begin{itemize} - \item What happens with the address - \mintinline{sh}{"foo@bar.org | rm -Rf /"}? - \end{itemize} -\end{frame} - -% XXX add better description and examples of SQL injection - -\begin{frame}[fragile] - \begin{minted}[startinline]{php} - $sql = "SELECT * FROM client WHERE name = '$name'" - \end{minted} - \begin{itemize} - \item Insert the name \mintinline[startinline]{php}{Eve' OR 1=1--}. - \item This will get a totally different meaning. - \end{itemize} -\end{frame} - -\begin{frame} - \begin{figure} - \centering - \includegraphics[width=\textwidth]{BobbyTables.png} - \caption{% - XKCD's Exploits of a Mom. - Image: \cite{BobbyTables}. - } - \end{figure} -\end{frame} - - \section{Memory Management} \subsection{Memory Structure} From 9ea90ba0dbeaef2d66faa93c0c649eb6b804504c Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 11:43:14 +0200 Subject: [PATCH 09/16] Breaks out memory-management --- memory-management/.gitignore | 15 +++++ memory-management/Makefile | 37 ++++++++++++ memory-management/README.md | 1 + memory-management/abstract.tex | 28 +++++++++ memory-management/bibliography.bib | 64 ++++++++++++++++++++ memory-management/contents.tex | 61 +++++++++++++++++++ memory-management/notes.tex | 44 ++++++++++++++ memory-management/preamble.tex | 96 ++++++++++++++++++++++++++++++ memory-management/questions.tex | 9 +++ 9 files changed, 355 insertions(+) create mode 100644 memory-management/.gitignore create mode 100644 memory-management/Makefile create mode 100644 memory-management/README.md create mode 100644 memory-management/abstract.tex create mode 100644 memory-management/bibliography.bib create mode 100644 memory-management/contents.tex create mode 100644 memory-management/notes.tex create mode 100644 memory-management/preamble.tex create mode 100644 memory-management/questions.tex diff --git a/memory-management/.gitignore b/memory-management/.gitignore new file mode 100644 index 0000000..3b7f25d --- /dev/null +++ b/memory-management/.gitignore @@ -0,0 +1,15 @@ +BobbyTables.png +__pycache__/ +aliascnt.sty +latexmkrc +slides.pdf +slides.pytxcode +procmem.jpg +pythontex-files-slides/ +slides.tex + +notes.pdf +notes.pytxcode +slides.pdf.xoj +pythontex-files-notes/ + diff --git a/memory-management/Makefile b/memory-management/Makefile new file mode 100644 index 0000000..ffb9dc0 --- /dev/null +++ b/memory-management/Makefile @@ -0,0 +1,37 @@ +LATEXFLAGS+= -shell-escape + +.PHONY: all +all: slides.pdf notes.pdf + +SRC= contents.tex abstract.tex bibliography.bib +SRC+= jail.py +SRC+= combine.c +SRC+= echo.sh echofix.sh +SRC+= BobbyTables.png +SRC+= procmem.jpg +SRC+= login.c + +DEPENDS+= latexmkrc + +slides.pdf notes.pdf: ${SRC} ${DEPENDS} + +slides.pdf: slides.tex +notes.pdf: notes.tex + +procmem.jpg: + wget -O $@ https://www.linuxjournal.com/files/linuxjournal.com/linuxjournal/articles/067/6701/6701f1.jpg + +BobbyTables.png: + wget -O $@ http://imgs.xkcd.com/comics/exploits_of_a_mom.png + +.PHONY: clean-depends distclean +clean-depends distclean: + ${RM} procmem.jpg BobbyTables.png + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + ${RM} -R __pycache__ _minted-* + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/memory-management/README.md b/memory-management/README.md new file mode 100644 index 0000000..5b08099 --- /dev/null +++ b/memory-management/README.md @@ -0,0 +1 @@ +[Software security] introduces the problems of software security. diff --git a/memory-management/abstract.tex b/memory-management/abstract.tex new file mode 100644 index 0000000..e64da36 --- /dev/null +++ b/memory-management/abstract.tex @@ -0,0 +1,28 @@ +Perhaps the part of security most people intuitively associate with security, +and computer security in particular, is software security. +This part of computer security treats vulnerabilities in software, e.g.\ buffer +overruns or code injections. +This is a very important part of security, because although the design is +flawless, its implementation might have vulnerabilities. +As an example, most phones are designed to keep the user and applications +unpriviledged, thus all applications will run with the principle of least +priviledges and compartmentalized from each other. +However, software bugs in the operating system can allow malicious apps to gain +priviledges to e.g.\ monitor other apps. + +After this session you should be able to +\begin{itemize} + \item \emph{understand} the need to consider software security in software + development. + \item \emph{evaluate} the software security requirements for different + sitations. +\end{itemize} + +Gollmann treats this area in Chapter 10 of his book, +\citetitle{Gollmann2011cs}~\cite{Gollmann2011cs}. +The recommended exercises to do after reading this material are 10.1, 10.3 and +10.4 in~\cite{Gollmann2011cs}. +Anderson also treats this subject --- in Chapter 4.4 and Chapter 18 of +\citetitle{Anderson2008sea}~\cite{Anderson2008sea} --- albeit with less +technical details. +We also treat the results of \citetitle{BSIMMFindings}~\cite{BSIMMFindings}. diff --git a/memory-management/bibliography.bib b/memory-management/bibliography.bib new file mode 100644 index 0000000..b1eaea4 --- /dev/null +++ b/memory-management/bibliography.bib @@ -0,0 +1,64 @@ +@book{Anderson2008sea, + author={Anderson, Ross J.}, + title={Security Engineering}, + subtitle={A guide to building dependable distributed systems}, + publisher={Wiley}, + address={Indianapolis, IN}, + year={2008}, + edition={2}, + ISBN={978-0-470-06852-6 (hbk.)}, + URL={http://www.cl.cam.ac.uk/~rja14/book.html}, + keywords={IT-s{\"a}kerhet}, +} + +@book{Gollmann2011cs, + author={Gollmann, Dieter}, + title={Computer Security}, + publisher={Wiley}, + address={Chichester, West Sussex, U.K.}, + year={2011}, + edition={3}, + ISBN={9780470741153 (pbk.)}, + keywords={IT-s{\"a}kerhet}, +} + +@article{ieeespectrum2014usb, + author={Schneider, David}, + title={USB Flash Drives Are More Dangerous Than You Think}, + journal={IEEE Spectrum}, + month={8}, + year={2014}, + URL={http://spectrum.ieee.org/tech-talk/computing/embedded-systems/usb-flash-drives-are-more-dangerous-than-you-think}, +} + +@online{BobbyTables, + author={XKCD}, + title={Exploits of a Mom}, + URL={http://xkcd.com/327/}, +} + +@ARTICLE{BSIMMFindings, + author={G. McGraw}, + journal={Computer}, + title={Four Software Security Findings}, + month={Jan}, + year={2016}, + volume={49}, + number={1}, + pages={84-87}, + abstract={Analyzing data from 78 firms using the Building Security In + Maturity Model (BSIMM) revealed four truths about software security that + will help firms protect and secure their assets. Software security + continues to grow and evolve, currently accounting for more than 10 + percent of global IT security revenue worldwide. On the surface, it + seems obvious that we must make software systems secure from the start, + but opinions vary as to implementation. Through a multiyear process of + observing and measuring security initiatives, we can move beyond + opinion into the realm of fact. WHAT follows are four indic}, + keywords={security of data;BSIMM;building security in maturity model;data + analysis;global IT security revenue;software security + findings;BSIMM;Cybertrust;building security + in;cybersecurity;software;software security}, + doi={10.1109/MC.2016.30}, + ISSN={0018-9162}, +} diff --git a/memory-management/contents.tex b/memory-management/contents.tex new file mode 100644 index 0000000..ce95c3f --- /dev/null +++ b/memory-management/contents.tex @@ -0,0 +1,61 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Memory Management} + +\subsection{Memory Structure} + +\begin{frame} + \includegraphics[height=\textheight]{procmem.jpg} +\end{frame} + +\subsection{Overruns} + +% XXX add more description of buffer overruns +\begin{frame} + \begin{itemize} + \item Buffer overruns + \begin{itemize} + \item Stack overruns + \item Heap overruns + \end{itemize} + + \item All variables in a program use storage from either the stack or heap. + \end{itemize} +\end{frame} + +\begin{frame}[fragile] + \inputminted{C}{login.c} +\end{frame} + +% XXX add figure for previous example + +% XXX add more examples of overruns + +%\subsection{Double-Free Vulnerabilities} +% +%\begin{frame} +%\end{frame} + +\subsection{Type Confusion} + +% XXX clarify slide on type confusion +\begin{frame} + \begin{itemize} + \item There are some problems in object-oriented languages too. + \item Trick the system to point to a different memory location. + \item Thus a write using one type actually modifies something believed to + be of another type somewhere else. + \end{itemize} +\end{frame} + diff --git a/memory-management/notes.tex b/memory-management/notes.tex new file mode 100644 index 0000000..1ffa1a5 --- /dev/null +++ b/memory-management/notes.tex @@ -0,0 +1,44 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage{beamerarticle} +\setjobnamebeamerversion{slides} + +\begin{document} +\title{% + Memory management +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\mode{% + \begin{frame} + \titlepage + \end{frame} +} +\mode
{% + \maketitle +} + +\mode* + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +%%%%%%%%%%%%%%%%%%%%%% + +\printbibliography +\end{document} diff --git a/memory-management/preamble.tex b/memory-management/preamble.tex new file mode 100644 index 0000000..0986758 --- /dev/null +++ b/memory-management/preamble.tex @@ -0,0 +1,96 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[swedish,british]{babel} +\usepackage{url} +\usepackage{color} +\usepackage{multicol} +\usepackage{xparse} +\usepackage{graphicx} + +\usepackage{amsmath} +\usepackage{amssymb} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage{pythontex} +\usepackage{minted} +\setminted{% + linenos=true, + tabsize=2, + texcomments=true, + python3=true, + frame=lines, + autogobble=true, + stripall=true, + breaklines=true, + fontsize=\small +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{Protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + diff --git a/memory-management/questions.tex b/memory-management/questions.tex new file mode 100644 index 0000000..f727bdc --- /dev/null +++ b/memory-management/questions.tex @@ -0,0 +1,9 @@ +\question[3]\label{q:software} +% tags: software:A +Can a files such as images (e.g.\ JPEGs) and other data be dangerous? + +\begin{solution} + Yes, they can contain machine code which can be executed if there is e.g.\ + a buffer overrun vulnerability in the software that reads the data. +\end{solution} + From e6c30e5cbacc1ccdb915811f2b8e36a4504646b7 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 11:47:33 +0200 Subject: [PATCH 10/16] Breaks out malware --- {overview => malware}/.gitignore | 0 {overview => malware}/Makefile | 0 {overview => malware}/README.md | 0 {overview => malware}/abstract.tex | 0 {overview => malware}/bibliography.bib | 0 malware/contents.tex | 100 ++++++++++++ {overview => malware}/notes.tex | 0 {overview => malware}/preamble.tex | 0 {overview => malware}/questions.tex | 0 {overview => malware}/slides.tex | 0 overview/combine.c | 10 -- overview/contents.tex | 214 ------------------------- overview/echo.sh | 2 - overview/echofix.sh | 2 - overview/jail.py | 18 --- overview/login.c | 13 -- 16 files changed, 100 insertions(+), 259 deletions(-) rename {overview => malware}/.gitignore (100%) rename {overview => malware}/Makefile (100%) rename {overview => malware}/README.md (100%) rename {overview => malware}/abstract.tex (100%) rename {overview => malware}/bibliography.bib (100%) create mode 100644 malware/contents.tex rename {overview => malware}/notes.tex (100%) rename {overview => malware}/preamble.tex (100%) rename {overview => malware}/questions.tex (100%) rename {overview => malware}/slides.tex (100%) delete mode 100644 overview/combine.c delete mode 100644 overview/contents.tex delete mode 100755 overview/echo.sh delete mode 100755 overview/echofix.sh delete mode 100644 overview/jail.py delete mode 100644 overview/login.c diff --git a/overview/.gitignore b/malware/.gitignore similarity index 100% rename from overview/.gitignore rename to malware/.gitignore diff --git a/overview/Makefile b/malware/Makefile similarity index 100% rename from overview/Makefile rename to malware/Makefile diff --git a/overview/README.md b/malware/README.md similarity index 100% rename from overview/README.md rename to malware/README.md diff --git a/overview/abstract.tex b/malware/abstract.tex similarity index 100% rename from overview/abstract.tex rename to malware/abstract.tex diff --git a/overview/bibliography.bib b/malware/bibliography.bib similarity index 100% rename from overview/bibliography.bib rename to malware/bibliography.bib diff --git a/malware/contents.tex b/malware/contents.tex new file mode 100644 index 0000000..f9239d3 --- /dev/null +++ b/malware/contents.tex @@ -0,0 +1,100 @@ +\mode* + +% Since this a solution template for a generic talk, very little can +% be said about how it should be structured. However, the talk length +% of between 15min and 45min and the theme suggest that you stick to +% the following rules: + +% - Exactly two or three sections (other than the summary). +% - At *most* three subsections per section. +% - Talk about 30s to 2min per frame. So there should be between about +% 15 and 30 frames, all told. + + +\section{Malware} + +% XXX add better storyline to malware +\subsection{Background} + +\begin{frame} + \begin{itemize} + \item Comes from \emph{malicious software} and means software with + a malicious intent. + + \item In the early days they were mostly experiments or pranks. + + \item Today they are mostly used for special purposes: + \begin{itemize} + \item steal personal, financial or business information, + \item cripple competition, + \item etc. + \end{itemize} + + \end{itemize} +\end{frame} + +\begin{frame} + \begin{itemize} + \item There are many types of malware. + + \item Their classification depends on the largest threat vector. + + \end{itemize} +\end{frame} + +\subsection{Malware Types} + +\begin{frame}[allowframebreaks] + \begin{description} + \item[Computer Virus] + A form of malware which has self-replicating code. + It \emph{infects} other programs by inserting itself into their program + code, and in turn when these programs are run the virus payload is run to + replicate even further. + + \item[Worm] + A form of malware which replicates itself, not by infection, but by + copying itself to different disks, via networks, or even emailing itself + automatically to everyone in the user's contact list. + + \item[Trojan Horse] + A form of malware which acts as a legitimate program but has hidden + features which are malicious, e.g.\ a utility program which steals your + login credentials in the background or simply acts as a backdoor. + Usually used in combination of social engineering. + + \item[Rootkit] + A piece of software designed to provide access that would otherwise be + restricted. + It also keeps well-hidden and is notoriously difficult to detect and + remove. + Usually this comes from modifying the operating system. + + \item[Spyware] + This software simply tries to gather information about a target without + their knowledge. + Usually the collected information is sent to a third party. + + Keylogging falls under this category. + + \item[Adware] + This is simply a type of malware that presents advertisements to the user + of the infected system. + Obviously staying undetected is not an option, so making itself difficult + to remove is the strategy of choice. + + \item[Scareware] + This is a type of malware that uses social engineering to trick users to + buy unwanted software, e.g.\ fake antivirus software. + + \item[Ransomware] + This is a type of malware that restricts the users access to the system. + A common technique is to encrypt all the user's files. + Then the user is presented with the option of buying the decryption key + for bitcoins. + + They typically propagate as trojans. + + \end{description} +\end{frame} + diff --git a/overview/notes.tex b/malware/notes.tex similarity index 100% rename from overview/notes.tex rename to malware/notes.tex diff --git a/overview/preamble.tex b/malware/preamble.tex similarity index 100% rename from overview/preamble.tex rename to malware/preamble.tex diff --git a/overview/questions.tex b/malware/questions.tex similarity index 100% rename from overview/questions.tex rename to malware/questions.tex diff --git a/overview/slides.tex b/malware/slides.tex similarity index 100% rename from overview/slides.tex rename to malware/slides.tex diff --git a/overview/combine.c b/overview/combine.c deleted file mode 100644 index f3e6403..0000000 --- a/overview/combine.c +++ /dev/null @@ -1,10 +0,0 @@ -char buf[128]; - -void -combine( char *s1, size_t len1, char *s2, size_t len2) -{ - if ( len1 + len2 + 1 <= sizeof(buf) ) { - strncpy( buf, s1, len1 ); - strncat( buf, s2, len2 ); - } -} diff --git a/overview/contents.tex b/overview/contents.tex deleted file mode 100644 index b49364a..0000000 --- a/overview/contents.tex +++ /dev/null @@ -1,214 +0,0 @@ -\mode* - -% Since this a solution template for a generic talk, very little can -% be said about how it should be structured. However, the talk length -% of between 15min and 45min and the theme suggest that you stick to -% the following rules: - -% - Exactly two or three sections (other than the summary). -% - At *most* three subsections per section. -% - Talk about 30s to 2min per frame. So there should be between about -% 15 and 30 frames, all told. - - -\section{Memory Management} - -\subsection{Memory Structure} - -\begin{frame} - \includegraphics[height=\textheight]{procmem.jpg} -\end{frame} - -\subsection{Overruns} - -% XXX add more description of buffer overruns -\begin{frame} - \begin{itemize} - \item Buffer overruns - \begin{itemize} - \item Stack overruns - \item Heap overruns - \end{itemize} - - \item All variables in a program use storage from either the stack or heap. - \end{itemize} -\end{frame} - -\begin{frame}[fragile] - \inputminted{C}{login.c} -\end{frame} - -% XXX add figure for previous example - -% XXX add more examples of overruns - -%\subsection{Double-Free Vulnerabilities} -% -%\begin{frame} -%\end{frame} - -\subsection{Type Confusion} - -% XXX clarify slide on type confusion -\begin{frame} - \begin{itemize} - \item There are some problems in object-oriented languages too. - \item Trick the system to point to a different memory location. - \item Thus a write using one type actually modifies something believed to - be of another type somewhere else. - \end{itemize} -\end{frame} - - -%\section{Malware} -% -%% XXX add better storyline to malware -%\subsection{Background} -% -%\begin{frame} -% \begin{itemize} -% \item Comes from \emph{malicious software} and means software with -% a malicious intent. -% -% \item In the early days they were mostly experiments or pranks. -% -% \item Today they are mostly used for special purposes: -% \begin{itemize} -% \item steal personal, financial or business information, -% \item cripple competition, -% \item etc. -% \end{itemize} -% -% \end{itemize} -%\end{frame} -% -%\begin{frame} -% \begin{itemize} -% \item There are many types of malware. -% -% \item Their classification depends on the largest threat vector. -% -% \end{itemize} -%\end{frame} -% -%\subsection{Malware Types} -% -%\begin{frame}[allowframebreaks] -% \begin{description} -% \item[Computer Virus] -% A form of malware which has self-replicating code. -% It \emph{infects} other programs by inserting itself into their program -% code, and in turn when these programs are run the virus payload is run to -% replicate even further. -% -% \item[Worm] -% A form of malware which replicates itself, not by infection, but by -% copying itself to different disks, via networks, or even emailing itself -% automatically to everyone in the user's contact list. -% -% \item[Trojan Horse] -% A form of malware which acts as a legitimate program but has hidden -% features which are malicious, e.g.\ a utility program which steals your -% login credentials in the background or simply acts as a backdoor. -% Usually used in combination of social engineering. -% -% \item[Rootkit] -% A piece of software designed to provide access that would otherwise be -% restricted. -% It also keeps well-hidden and is notoriously difficult to detect and -% remove. -% Usually this comes from modifying the operating system. -% -% \item[Spyware] -% This software simply tries to gather information about a target without -% their knowledge. -% Usually the collected information is sent to a third party. -% -% Keylogging falls under this category. -% -% \item[Adware] -% This is simply a type of malware that presents advertisements to the user -% of the infected system. -% Obviously staying undetected is not an option, so making itself difficult -% to remove is the strategy of choice. -% -% \item[Scareware] -% This is a type of malware that uses social engineering to trick users to -% buy unwanted software, e.g.\ fake antivirus software. -% -% \item[Ransomware] -% This is a type of malware that restricts the users access to the system. -% A common technique is to encrypt all the user's files. -% Then the user is presented with the option of buying the decryption key -% for bitcoins. -% -% They typically propagate as trojans. -% -% \end{description} -%\end{frame} - - - -% XXX add defences to software security, perhaps inline -% XXX instead of separate section - -%\section{Defences} -% -%\subsection{Prevention} -% -%\subsection{Hardware} -% -%\begin{frame} -% \begin{itemize} -% \item Hardware -% %\item Modus Operandi -% \item Safer Functions -% \item Filtering -% \item Type Safety -% \end{itemize} -%\end{frame} -% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -% -%\subsection{Detection} -% -%\begin{frame} -% \begin{itemize} -% \item Canaries -% \item Code Inspection -% \item Testing -% \end{itemize} -%\end{frame} -% -%%\begin{frame} -%%\end{frame} -%% -%%\begin{frame} -%%\end{frame} -% -%\subsection{Mitigation} -% -%\begin{frame} -% \begin{itemize} -% \item Least privilege \dots -% \end{itemize} -%\end{frame} -% -%\subsection{Reaction} -% -%\begin{frame} -% \begin{itemize} -% \item Keep up to date \dots -% \end{itemize} -%\end{frame} - diff --git a/overview/echo.sh b/overview/echo.sh deleted file mode 100755 index 4d2141d..0000000 --- a/overview/echo.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/bin/echo -e ${1} diff --git a/overview/echofix.sh b/overview/echofix.sh deleted file mode 100755 index e8283c1..0000000 --- a/overview/echofix.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -/bin/echo -e "${1}" diff --git a/overview/jail.py b/overview/jail.py deleted file mode 100644 index 3ce2783..0000000 --- a/overview/jail.py +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/env python3 -import sys, os - -JAIL_PATH = os.environ["HOME"] - -def jailed_open(filename): - return open(JAIL_PATH + "/" + filename) - -def main(argv): - f = jailed_open(argv[1]) - - print("\\begin{verbatim}") - for line in f.readlines(): - print(line.strip()) - print("\\end{verbatim}\n") - -if __name__ == "__main__": - main(sys.argv) diff --git a/overview/login.c b/overview/login.c deleted file mode 100644 index ec8c996..0000000 --- a/overview/login.c +++ /dev/null @@ -1,13 +0,0 @@ -int -login( void ) -{ - char correct_password[] = "swordfish"; - char user_password[16] = {0}; - - printf( "user password: "); - fscanf( "\%s", user_password ); - - if ( !strcmp( correct_password, user_password ) ) - return 0; - return 1; -} From 40452c9d9ebbc94bf712f77f8759a04951488221 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Fri, 24 Apr 2020 12:50:00 +0200 Subject: [PATCH 11/16] Updates root Makefile --- Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c7e61f4..03c4b76 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,7 @@ -SUBDIR= overview/ +SUBDIR+= intro +SUBDIR+= broken-abstractions +SUBDIR+= memory-management +SUBDIR+= malware SUBDIR+= stacksmashlab/ SUBDIR+= malwarelab/ From d612ff235fe5887a9ef6a3121b4b8c3de4a4b9e3 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Mon, 27 Apr 2020 11:13:45 +0200 Subject: [PATCH 12/16] Updates Makefiles and depends --- intro/Makefile | 6 ------ malware/Makefile | 6 ------ memory-management/Makefile | 4 ---- memory-management/login.c | 13 +++++++++++++ 4 files changed, 13 insertions(+), 16 deletions(-) create mode 100644 memory-management/login.c diff --git a/intro/Makefile b/intro/Makefile index ffb9dc0..958a14c 100644 --- a/intro/Makefile +++ b/intro/Makefile @@ -4,12 +4,6 @@ LATEXFLAGS+= -shell-escape all: slides.pdf notes.pdf SRC= contents.tex abstract.tex bibliography.bib -SRC+= jail.py -SRC+= combine.c -SRC+= echo.sh echofix.sh -SRC+= BobbyTables.png -SRC+= procmem.jpg -SRC+= login.c DEPENDS+= latexmkrc diff --git a/malware/Makefile b/malware/Makefile index ffb9dc0..958a14c 100644 --- a/malware/Makefile +++ b/malware/Makefile @@ -4,12 +4,6 @@ LATEXFLAGS+= -shell-escape all: slides.pdf notes.pdf SRC= contents.tex abstract.tex bibliography.bib -SRC+= jail.py -SRC+= combine.c -SRC+= echo.sh echofix.sh -SRC+= BobbyTables.png -SRC+= procmem.jpg -SRC+= login.c DEPENDS+= latexmkrc diff --git a/memory-management/Makefile b/memory-management/Makefile index ffb9dc0..4dfdfe4 100644 --- a/memory-management/Makefile +++ b/memory-management/Makefile @@ -4,10 +4,6 @@ LATEXFLAGS+= -shell-escape all: slides.pdf notes.pdf SRC= contents.tex abstract.tex bibliography.bib -SRC+= jail.py -SRC+= combine.c -SRC+= echo.sh echofix.sh -SRC+= BobbyTables.png SRC+= procmem.jpg SRC+= login.c diff --git a/memory-management/login.c b/memory-management/login.c new file mode 100644 index 0000000..ec8c996 --- /dev/null +++ b/memory-management/login.c @@ -0,0 +1,13 @@ +int +login( void ) +{ + char correct_password[] = "swordfish"; + char user_password[16] = {0}; + + printf( "user password: "); + fscanf( "\%s", user_password ); + + if ( !strcmp( correct_password, user_password ) ) + return 0; + return 1; +} From eba3973f5a59d8cad3bc5c9bd4afa5edbd8ca661 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Mon, 27 Apr 2020 14:20:28 +0200 Subject: [PATCH 13/16] Adds figure for UTF-8 --- broken-abstractions/contents.tex | 15 +++++++++++++++ broken-abstractions/preamble.tex | 1 + 2 files changed, 16 insertions(+) diff --git a/broken-abstractions/contents.tex b/broken-abstractions/contents.tex index 24894eb..fcfd545 100644 --- a/broken-abstractions/contents.tex +++ b/broken-abstractions/contents.tex @@ -74,6 +74,21 @@ \subsection{Character Encoding} \item First bit indicates if next byte is part of the same code word. \end{itemize} \end{block} + + \begin{table} + \begin{tabular}{rrllll} + \textbf{Bytes} & \textbf{Avail bits} & \textbf{Byte 1} + & \textbf{Byte 2} + & \textbf{Byte 3} + & \textbf{Byte 4} \\ + \toprule + 1 & 7 & 0xxxxxxx & & & \\ + 2 & 11 & 110xxxxx & 10xxxxxx & & \\ + 3 & 16 & 1110xxxx & 10xxxxxx & 10xxxxxx & \\ + 4 & 21 & 11110xxx & 10xxxxxx & 10xxxxxx & 10xxxxxx \\ + \bottomrule + \end{tabular} + \end{table} \end{frame} % XXX add more details on UTF-8 coding diff --git a/broken-abstractions/preamble.tex b/broken-abstractions/preamble.tex index 0986758..2d5e960 100644 --- a/broken-abstractions/preamble.tex +++ b/broken-abstractions/preamble.tex @@ -6,6 +6,7 @@ \usepackage{multicol} \usepackage{xparse} \usepackage{graphicx} +\usepackage{booktabs} \usepackage{amsmath} \usepackage{amssymb} From af9d9c5d5fc490f5dfdc823a05b31b742faf297f Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Mon, 27 Apr 2020 14:33:23 +0200 Subject: [PATCH 14/16] Adds missing slides.tex, removes from gitignore --- broken-abstractions/.gitignore | 1 - broken-abstractions/slides.tex | 74 ++++++++++++++++++++++++++++++++++ intro/.gitignore | 1 - intro/slides.tex | 73 +++++++++++++++++++++++++++++++++ memory-management/.gitignore | 1 - memory-management/slides.tex | 73 +++++++++++++++++++++++++++++++++ 6 files changed, 220 insertions(+), 3 deletions(-) create mode 100644 broken-abstractions/slides.tex create mode 100644 intro/slides.tex create mode 100644 memory-management/slides.tex diff --git a/broken-abstractions/.gitignore b/broken-abstractions/.gitignore index 3b7f25d..30748df 100644 --- a/broken-abstractions/.gitignore +++ b/broken-abstractions/.gitignore @@ -6,7 +6,6 @@ slides.pdf slides.pytxcode procmem.jpg pythontex-files-slides/ -slides.tex notes.pdf notes.pytxcode diff --git a/broken-abstractions/slides.tex b/broken-abstractions/slides.tex new file mode 100644 index 0000000..bf6d891 --- /dev/null +++ b/broken-abstractions/slides.tex @@ -0,0 +1,74 @@ +%\documentclass[handout]{beamer} +\documentclass{beamer} + +\input{preamble.tex} + +\mode{% + \usetheme{Berlin} + \setbeamertemplate{footline}{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}% + \usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill\insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } + \setbeamercovered{transparent} + \setbeamertemplate{bibliography item}[text] +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!30,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \IfValueTF{#1}{% + \begin{block}{\translate{Exercise}: #1} + }{% + \begin{block}{\translate{Exercise}} + } +}{% + \end{block} +} + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} +\title{% + Broken abstractions +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} +\end{document} diff --git a/intro/.gitignore b/intro/.gitignore index 3b7f25d..30748df 100644 --- a/intro/.gitignore +++ b/intro/.gitignore @@ -6,7 +6,6 @@ slides.pdf slides.pytxcode procmem.jpg pythontex-files-slides/ -slides.tex notes.pdf notes.pytxcode diff --git a/intro/slides.tex b/intro/slides.tex new file mode 100644 index 0000000..d631f41 --- /dev/null +++ b/intro/slides.tex @@ -0,0 +1,73 @@ +%\documentclass[handout]{beamer} +\documentclass{beamer} + +\input{preamble.tex} + +\mode{% + \usetheme{Berlin} + \setbeamertemplate{footline}{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}% + \usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill\insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } + \setbeamercovered{transparent} + \setbeamertemplate{bibliography item}[text] +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!30,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \IfValueTF{#1}{% + \begin{block}{\translate{Exercise}: #1} + }{% + \begin{block}{\translate{Exercise}} + } +}{% + \end{block} +} + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} +\title{% + Software Security +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} +\end{document} diff --git a/memory-management/.gitignore b/memory-management/.gitignore index 3b7f25d..30748df 100644 --- a/memory-management/.gitignore +++ b/memory-management/.gitignore @@ -6,7 +6,6 @@ slides.pdf slides.pytxcode procmem.jpg pythontex-files-slides/ -slides.tex notes.pdf notes.pytxcode diff --git a/memory-management/slides.tex b/memory-management/slides.tex new file mode 100644 index 0000000..689106e --- /dev/null +++ b/memory-management/slides.tex @@ -0,0 +1,73 @@ +%\documentclass[handout]{beamer} +\documentclass{beamer} + +\input{preamble.tex} + +\mode{% + \usetheme{Berlin} + \setbeamertemplate{footline}{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}% + \usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle}% + \hfill\insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} + } + \setbeamercovered{transparent} + \setbeamertemplate{bibliography item}[text] +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!30,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \IfValueTF{#1}{% + \begin{block}{\translate{Exercise}: #1} + }{% + \begin{block}{\translate{Exercise}} + } +}{% + \end{block} +} + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\begin{document} +\title{% + Memory management +} +\author{% + Daniel Bosk +} +\institute[MIUN IKS]{% + Department of Information and Communication Systems,\\ + Mid Sweden University, SE-851\,70 Sundsvall +} +\date{\today} + +\begin{frame} + \titlepage +\end{frame} + +\mode{\input{contents.tex}} + +%%%%%%%%%%%%%%%%%%%%%% + +\begin{frame} + \small + \printbibliography +\end{frame} +\end{document} From 2e82ff478bbb229db1b692cff5849b8643f431ea Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Mon, 27 Apr 2020 20:35:12 +0200 Subject: [PATCH 15/16] Adds URL to intro video --- intro/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/intro/README.md b/intro/README.md index 5b08099..e75bd7f 100644 --- a/intro/README.md +++ b/intro/README.md @@ -1 +1,5 @@ -[Software security] introduces the problems of software security. +[![Intro software security][img]][vid] + +[vid]: https://youtu.be/KblmdFCrp-o +[img]: https://img.youtube.com/vi/KblmdFCrp-o/hqdefault.jpg + From 054375349b509e28b913d165216d49728b45914c Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Tue, 28 Apr 2020 15:02:47 +0200 Subject: [PATCH 16/16] Updates broken-abstractions, memory-management; adds recordings --- broken-abstractions/README.md | 6 +++++- broken-abstractions/contents.tex | 9 +++++++++ memory-management/README.md | 6 +++++- memory-management/contents.tex | 11 +++++++++++ 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/broken-abstractions/README.md b/broken-abstractions/README.md index 5b08099..707d721 100644 --- a/broken-abstractions/README.md +++ b/broken-abstractions/README.md @@ -1 +1,5 @@ -[Software security] introduces the problems of software security. +[![Video: Broken abstractions][img]][vid] + +[vid]: https://youtu.be/GZ9pgfQ77Kg +[img]: https://img.youtube.com/vi/GZ9pgfQ77Kg/hqdefault.jpg + diff --git a/broken-abstractions/contents.tex b/broken-abstractions/contents.tex index fcfd545..78975a7 100644 --- a/broken-abstractions/contents.tex +++ b/broken-abstractions/contents.tex @@ -196,10 +196,19 @@ \subsection{Data and Code} \begin{minted}[startinline]{php} $sql = "SELECT * FROM client WHERE name = '$name'" \end{minted} + + \pause + \begin{itemize} \item Insert the name \mintinline[startinline]{php}{Eve' OR 1=1--}. \item This will get a totally different meaning. \end{itemize} + + \pause + + \begin{minted}[startinline]{sql} + SELECT * FROM client WHERE name = 'Eve' OR 1=1-- + \end{minted} \end{frame} \begin{frame} diff --git a/memory-management/README.md b/memory-management/README.md index 5b08099..d52111b 100644 --- a/memory-management/README.md +++ b/memory-management/README.md @@ -1 +1,5 @@ -[Software security] introduces the problems of software security. +[![Video: Memory management][img]][vid] + +[vid]: https://youtu.be/ZUrZgsDurnQ +[img]: https://img.youtube.com/vi/ZUrZgsDurnQ/hqdefault.jpg + diff --git a/memory-management/contents.tex b/memory-management/contents.tex index ce95c3f..52d92d0 100644 --- a/memory-management/contents.tex +++ b/memory-management/contents.tex @@ -38,6 +38,17 @@ \subsection{Overruns} \inputminted{C}{login.c} \end{frame} +\begin{frame} + \begin{columns}[b] + \begin{column}{0.5\textwidth} + \inputminted[fontsize=\tiny]{C}{login.c} + \end{column} + \begin{column}{0.5\textwidth} + \includegraphics[height=\textheight]{procmem.jpg} + \end{column} + \end{columns} +\end{frame} + % XXX add figure for previous example % XXX add more examples of overruns