1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

Slides:



Advertisements
Similar presentations
Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Advertisements

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Chapter 1  Introduction 1 Chapter 1: Introduction.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
VM: Chapter 5 Guiding Principles for Software Security.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
Building Secure Software Chapter 9 Race Conditions.
Computer Security and Penetration Testing
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
SSH Secure Login Connections over the Internet
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
Yvan Cartwright, Web Security Introduction Correct encryption use Guide to passwords Dictionary hacking Brute-force hacking.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Honeypot and Intrusion Detection System
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Least-Privilege Isolation: The OKWS Web Server Brad Karp UCL Computer Science CS GZ03 / M th December, 2008.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Watching Software Run Brian ChessNov 18, Success is foreseeing failure. – Henry Petroski.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
SSH Operation The Swiss Army Knife of encryption tools…
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
RST Labs Sandboxing Mobile Code Execution Environments Timothy Hollebeek.
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Engineering Secure Software. Key Principles  Principle of Least privilege  Defense in Depth  Obviously No Vulnerabilities (vs. No Obvious)  i.e. Assume.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Security Principles.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Secure Programming Dr. X
Manuel Brugnoli, Elisa Heymann UAB
Common Methods Used to Commit Computer Crimes
Protecting Memory What is there to protect in memory?
Secure Programming Dr. X
Protecting Memory What is there to protect in memory?
Module 4 Remote Login.
Outline Introduction Principles for secure software
Why Do We Need More Research?
Security, Cryptography, and Magic
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Least-Privilege Isolation: The OKWS Web Server
Presentation transcript:

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

2 “If our software is buggy, what does that say about its security?” --Robert H. Morris

3 Some Principles of Software Engineering Simplicity is a virtue. If code is complex, you don’t know if it’s correct (but it probably isn’t). Break up complex systems into simple, well-defined modules.

4 Security is Hard “Reasonable” assumptions don’t apply. –File name length bounds don’t apply. –Any input field can be arbitrarily weird. Your adversary is creating improbabilities. –Race conditions will happen. “Nature is subtle but not malicious” – but the hackers are both.

5 Case Study: rcp and rdist rcp and rdist use the rsh protocol. The rsh protocol requires that the client program be on a privileged port. Thus, rcp and rdist run as root. Both have a long history of security holes…

6 Solutions Don’t implement the protocol directly in rcp and rdist; invoke the rsh command. Or invoke a small, trusted program that sets up the connection and passes back an open file descriptor. Best of all, use a real authentication mechanism.

7 Case Study: Encrypting telnet The DES library wanted 56-bit keys plus proper parity. The “generate a 64-bit random key” routine didn’t set the parity bits properly. When handed a bad key, the DES library treated the key as all zeroes. With probability 255/256, the session was encrypted with a known, constant key!

8 Analysis Interface definitions matter. Interfaces should be consistent – why did the encryption routine and the key generation routine behave differently? Error-checking matters.

9 Case Study: Many C Programs About half of all newly-reported security holes are due to buffer overflows in C. This shouldn’t be possible! Tony Hoare warned us of this in his Turing Award lecture:

10 Hoare’s Turing Award Lecture: “The first principle was security… A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time… I note with fear and horror that even in 1980, language designers and users have not learned this lesson.”

11 Case Study: ftpd Original Berkeley implementation (and many of its descendants) used yacc to parse network input. USER and PASS were separate commands. Result: flag-setting, ubiquitous flag-testing, global state – and at least three different security holes. –Newer ftpd’s have more complex access control mechanisms – and more security holes.

12 Solution Separate the login code from the rest. –Put it in a separate, small program: ~100 lines. Activate your strong security measures (chroot, setuid) in the login module. The remaining thousands of lines of code can run unprivileged. –(Let the OS do access control – it’s good at it.)

13 Cryptography is Even Harder The oldest (public) cryptographic protocol was published in A flaw was found in The original authors found a flaw in the revised protocol in A new error in the original was found in Note: the protocol was only 5 lines long!

Bug Fixes Most system penetrations caused by known vulnerabilities, for which patches already exist. But blindly patching production systems is dangerous. There’s a new scheme afoot to have vendors automatically install patches...

15 Today’s Challenges Large-scale, heterogeneous distributed systems. –Must design for component “failure”. Limited security tools (firewalls, hardened hosts, cryptography). Ubiquitous networking. Mobile code or near-code.

16 Firewalls and Databases Firewall Database Web Server The Net

17 The Wrong Choice Database Web Server The Net Firewall

14 Firewalls Firewalls are touted as a solution to the network security problem. Nonsense – they’re the network’s response to the host security problem. The real function of a firewall is to keep bad guys away from complex, buggy code. Today’s firewalls are getting very complex…

18 Where to From Here? Sound software engineering matters more than ever. Shipping code on “Internet time” has exacerbated the problem. –But the economy seems to have solved it… We need to add a new dimension to our modular decomposition: security.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.