Secure Operating Systems Lesson B: Let’s go break something.

Slides:



Advertisements
Similar presentations
Secure Operating Systems Lesson 2: OS Fundamentals.
Advertisements

Secure Operating Systems Lesson 0x12h: Return to User.
A 100,000 Ways to Fa Al Geist Computer Science and Mathematics Division Oak Ridge National Laboratory July 9, 2002 Fast-OS Workshop Advanced Scientific.
UNIX Chapter 01 Overview of Operating Systems Mr. Mohammad A. Smirat.
INTRODUCTION OS/2 was initially designed to extend the capabilities of DOS by IBM and Microsoft Corporations. To create a single industry-standard operating.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
1  1998 Morgan Kaufmann Publishers Chapter Seven Large and Fast: Exploiting Memory Hierarchy (Part II)
© 2004, D. J. Foreman 2-1 Concurrency, Processes and Threads.
Towards High-Assurance Hypervisors Jason Franklin Joint with Anupam Datta, Sagar Chaki, Ning Qu, Arvind Seshadri.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Operating Systems.
Processes Part I Processes & Threads* *Referred to slides by Dr. Sanjeev Setia at George Mason University Chapter 3.
Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie.
Group 6 Comp 129 Chapter 4.  An operating system s a set of programs made to manage the resources of a computer.  The OS performs five basic functions:
Host and Application Security Lesson 4: The Win32 Boot Process.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Keyloggers Evan Racine-Johnson.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.
Module 7: Hyper-V. Module Overview List the new features of Hyper-V Configure Hyper-V virtual machines.
PRECIP: Towards Practical and Retrofittable Confidential Information Protection XiaoFeng Wang (IUB), Zhuowei Li (IUB), Ninghui Li (Purdue) and Jong Youl.
ICOM Noack Operating Systems - Administrivia Prontuario - Please time-share and ask questions Info is in my homepage amadeus/~noack/ Make bookmark.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
How Hardware and Software Work Together
Architecture Support for OS CSCI 444/544 Operating Systems Fall 2008.
Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.
Attacking Applications: SQL Injection & Buffer Overflows.
Win32 Programming Lesson 1: Why We’re All Here. Why We’re Here…  Okay, maybe that’s too grandiose  Windows – in particular Win32 Thirty-what?  What.
Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
April 2000Dr Milan Simic1 Network Operating Systems Windows NT.
Windows NT Operating System. Windows NT Models Layered Model Client/Server Model Object Model Symmetric Multiprocessing.
Dr. Richard Ford  Szor 12  Virus Scanners – why they need to scan memory and what issues there are in this area.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Crispin Cowan, PhD CTO, Immunix Relative Vulnerability: An Empirical Assurance Metric.
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.
Discussion Week 2 TA: Kyle Dewey. Overview Concurrency Process level Thread level MIPS - switch.s Project #1.
Operating Systems Security
Speaker: Xiaojiang Du Authors: Xiali Hei, Xiaojiang Du and Shan Lin Temple University.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Privilege Escalation Two case studies. Privilege Escalation To better understand how privilege escalation can work, we will look at two relatively recent.
Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,
Software Security CSE 545 – Software Security Spring 2016 Adam Doupé Arizona State University
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
OPERATING SYSTEM BY KINSHUK RASTOGI. WHAT IS AN OPERATING SYSTEM? What is an operating system in the first place? An operating system is a software that.
OPERATING SYSTEM BASICS. What is an operating system and what does it do? The operating system has two basic functions: –communicates with the PC.
Lecture 8 Page 1 CS 236, Spring 2008 Operating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
Chapter 2 Operating System Overview Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.
Introduction to Operating Systems Concepts
Operating Systems Lecture 2.
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Modularity and Memory Clearly, programs must have access to memory
What is an Operating System?
Backtracking Intrusions
Diptendu Kar
User-mode Secret Protection (SP) architecture
Software Security Lesson Introduction
Operating Systems Lecture 2.
Sai Krishna Deepak Maram, CS 6410
Reverse engineering through full system simulations
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Meltdown & Spectre Attacks
Presentation transcript:

Secure Operating Systems Lesson B: Let’s go break something

Where are we?  We’ve looked at hardware and software, but I have failed to really show you how to break things… which does rather make the beauty of Multics harder to see  So… let’s look at some examples of OSes breaking

Linux: Overview  Based on Chen et al.’s “Linux kernel vulnerabilities: State-of-the-art defenses and open problems”  They looking at a year (approx) of Linux Kernel vulnerabilities and found the following…

Vulns  Source: Chen et al.

Vulns (cntd)  Source: Chen et al.

What about countermeasures?  Software fault isolation  Code Integrity (such as SecVisor)  User-level drivers  Memory tagging (detect misuse of untrusted inputs)  Uninitialized memory tracking

Semantic Vulnerabilities  Simply not protecting something that needs to be protected  Does it happen? Yes! (See CVE and many many more) Much harder to detect automatically This is a hard problem!

Another problem: Shatter  From: “Exploiting design flaws in the Win32 API for privilege escalation. Or... Shatter Attacks – How to break Windows”  Shatter is a classic example of how things can go wrong

The Setup  Shatter is a local privilege escalation attack  VirusScan runs as LocalAdministrator  I run as an unprivileged user  Can I get VirusScan to execute code on my behalf?

How it works  First, we get a handle to the higher privileged Window – Windows provides the APIs for this  We now have access to the controls on that window programmatically  Set up the max length for our shell code, and paste it in using Windows Messages

WM_TIMER  Send the window a WM_TIMER message with the location of the code we want to execute (oops)  Bingo!  Let’s discuss for a minute…

Complicated: IA64 sysret  Okay, this one is REALLY quite complicated… let’s take a look  Following: “A Stitch In Time Saves Nine: A Case Of Multiple OS Vulnerability”  Eek!

AMD  From Wojtczuk:

Intel  From Wojtczuk:

Think about it…  From Wojtczuk:

Exploitation  DoS is easy, but code injection is a bit harder but not impossible  What’s worse, it’s hard to fix  The basic idea is how the exception gets kicked off

Things to Do  Read: “Linux kernel vulnerabilities: State-of- the-art defenses and open problems”

Questions & Comments  What do you want to know?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.