Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Security Lots of Internet traffic is related to the web

Published byReginald Anderson Modified over 5 years ago

Similar presentations

Presentation on theme: "Web Security Lots of Internet traffic is related to the web"— Presentation transcript:

1 Web Security Privacy CS 136 Computer Security Peter Reiher December 1, 2011

2 Web Security Lots of Internet traffic is related to the web
Much of it is financial in nature Also lots of private information flow around web applications An obvious target for attackers

3 The Web Security Problem
Many users interact with many servers Most parties have little other relationship Increasingly complex things are moved via the web No central authority Many developers with little security experience Many critical elements originally designed with no thought to security Sort of a microcosm of the overall security problem

4 Aspects of the Web Problem

5 Who Are We Protecting? The clients From the server From the client
From each other

6 What Are We Protecting? The client’s private data
The server’s private data The integrity (maybe secrecy) of their transactions The client and server’s machines Possibly server availability For particular clients?

7 Some Real Threats Buffer overflows and other compromises
Client attacks server SQL injection Malicious downloaded code Server attacks client

8 More Threats Cross-site scripting Clients attack each other
Threats based on non-transactional nature of communication Client attacks server Denial of service attacks Threats on server availability (usually)

9 Compromise Threats Much the same as for any other network application
Web server might have buffer overflow Or other remotely usable flaw Not different in character from any other application’s problem And similar solutions

10 What Makes It Worse Web servers are complex
They often also run supporting code Which is often user-visible Large, complex code base is likely to contain such flaws Nature of application demands allowing remote use

11 Solution Approaches Patching Use good code base
Minimize code that the server executes Maybe restrict server access When that makes sense Lots of testing and evaluation Many tools for web server evaluation

12 SQL Injection Attacks Many web servers have backing databases
Much of their information stored in database Web pages are built (in part) based on queries to database Possibly using some client input . . .

13 SQL Injection Mechanics
Server plans to build a SQL query Needs some data from client to build it E.g., client’s user name Server asks client for data Client, instead, provides a SQL fragment Server inserts it into planned query Leading to a “somewhat different” query

14 An Example Intent is that user fills in his ID and password
“select * from mysql.user where username = ‘ “ . $uid . “ ‘ and password=password(‘ “. $pwd “ ‘);” Intent is that user fills in his ID and password What if he fills in something else? ‘or 1=1; -- ‘

15 What Happens Then? $uid has the string substituted, yielding
“select * from mysql.user where username = ‘ ‘ or 1=1; -- ‘ ‘ and password=password(‘ “. $pwd “ ‘);” This evaluates to true Since 1 does indeed equal 1 And -- comments out rest of line If script uses truth of statement to determine valid login, attacker has logged in

16 Basis of SQL Injection Problem
Unvalidated input Server expected plain data Got back SQL commands Didn’t recognize the difference and went ahead Resulting in arbitrary SQL query being sent to its database With its privileges

17 Solution Approaches Carefully examine all input
To filter out injected SQL Use database access controls Of limited value Randomization of SQL keywords Making injected SQL meaningless

18 Malicious Downloaded Code
The web relies heavily on downloaded code Full language and scripting language Mostly scripts Instructions downloaded from server to client Run by client on his machine Using his privileges Without defense, script could do anything

19 Types of Downloaded Code
Java Full programming language Scripting languages Java Script VB Script ECMAScript XSLT

20 Solution Approaches Disable scripts Not very popular
Use secure scripting languages Also not popular Particularly with code writers Isolation mechanisms VM or application-based Vista mandatory access control

21 Cross-Site Scripting XSS Many sites allow users to upload information
Blogs, photo sharing, Facebook, etc. Which gets permanently stored And displayed Attack based on uploading a script Other users inadvertently download it And run it . . .

22 The Effect of XSS Arbitrary malicious script executes on user’s machine In context of his web browser At best, runs with privileges of the site storing the script Often likely to run at full user privileges

23 Why Is XSS Common? Use of scripting languages widespread
For legitimate purposes Most users leave them enabled in browser Only a question of getting user to run your script Often only requires fetching URL

24 Typical Effects of XSS Attack
Most commonly used to steal personal information That is available to legit web site User IDs, passwords, credit card numbers, etc. Such information often stored in cookies at client side

25 Solution Approaches Don’t allow uploading of scripts
Usually by carefully analyzing uploaded data Provide some form of protection in browser

26 Exploiting Statelessness
HTTP is designed to be stateless But many useful web interactions are stateful Various tricks used to achieve statefulness Usually requiring programmers to provide the state Often trying to minimize work for the server

27 A Simple Example Web sites are set up as graphs of links
You start at some predefined point A top level page, e.g. And you traverse links to get to other pages But HTTP doesn’t “keep track” of where you’ve been Each request is simply the name of a link

28 Why Is That a Problem? What if there are unlinked pages on the server?
Should a user be able to reach those merely by naming them? Is that what the site designers intended?

29 A Concrete Example The ApplyYourself system
Used by colleges to handle student applications For example, by Harvard Business School in 2005 Once all admissions decisions made, results available to students

30 What Went Wrong? Pages representing results were created as decisions were made Stored on the web server But not linked to anything, since results not yet released Some appliers figured out how to craft URLs to access their pages Finding out early if they were admitted

31 The Core Problem No protocol memory of what came before
So no protocol way to determine that response matches request Could be built into the application that handles requests But frequently isn’t Or is wrong

32 Solution Approaches Get better programmers Or better programming tools
Back end system that maintains and compares state Front end program that observes requests and responses Producing state as a result

33 Conclusion Web security problems not inherently different than general software security But generality, power, ubiquity of the web make them especially important Like many other security problems, constrained by legacy issues

34 Privacy Data privacy issues Network privacy issues
Some privacy solutions

35 What Is Privacy? The ability to keep certain information secret
Usually one’s own information But also information that is “in your custody” Includes ongoing information about what you’re doing

36 Privacy and Computers Much sensitive information currently kept on computers Which are increasingly networked Often stored in large databases Huge repositories of privacy time bombs We don’t know where our information is

37 Privacy and Our Network Operations
Lots of stuff goes on over the Internet Banking and other commerce Health care Romance and sex Family issues Personal identity information We used to regard this stuff as private Is it private any more?

38 Threat to Computer Privacy
Cleartext transmission of data Poor security allows remote users to access our data Sites we visit can save information on us Multiple sites can combine information Governmental snooping Location privacy Insider threats in various places

39 Some Specific Privacy Problems
Poorly secured databases that are remotely accessible Or are stored on hackable computers Data mining by companies we interact with Eavesdropping on network communications by governments Insiders improperly accessing information Cell phone/mobile computer-based location tracking

40 Data Privacy Issues My data is stored somewhere
Can I control who can use it/see it? Can I even know who’s got it? How do I protect a set of private data? While still allowing some use? Will data mining divulge data “through the back door”?

41 Personal Data Who owns data about you?
What if it’s really personal data? Social security number, DoB, your DNA record? What if it’s data someone gathered about you? Your Google history or shopping records Does it matter how they got it?

42 Protecting Data Sets If my company has (legitimately) a bunch of personal data, What can I/should I do to protect it? Given that I probably also need to use it? If I fail, how do I know that? And what remedies do I have?

43 Options for Protecting Data
Careful system design Limited access to the database Networked or otherwise Full logging and careful auditing Using only encrypted data Must it be decrypted? If so, how to protect the data and the keys?

44 Data Mining and Privacy
Data mining allows users to extract models from databases Based on aggregated information Often data mining allowed when direct extraction isn’t Unless handled carefully, attackers can use mining to deduce record values

45 Insider Threats and Privacy
Often insiders need access to private data Under some circumstances But they might abuse that access How can we determine when they misbehave? What can we do?

46 Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So what’s the problem?

47 Traffic Analysis Problems
Sometimes desirable to hide that you’re talking to someone else That can be deduced even if the data itself cannot How can you hide that? In the Internet of today?

48 Location Privacy Mobile devices often communicate while on the move
Often providing information about their location Perhaps detailed information Maybe just hints This can be used to track our movements

49 Implications of Location Privacy Problems
Anyone with access to location data can know where we go Allowing government surveillance Or a private detective following your moves Or a maniac stalker figuring out where to ambush you . . .

50 Some Privacy Solutions
The Scott McNealy solution “Get over it.” Anonymizers Onion routing Privacy-preserving data mining Preserving location privacy Handling insider threats via optimistic security

51 Anonymizers Network sites that accept requests of various kinds from outsiders Then submit those requests Under their own or fake identity Responses returned to the original requestor A NAT box is a poor man’s anonymizer

52 The Problem With Anonymizers
The entity running it knows who’s who Either can use that information himself Or can be fooled/compelled/hacked to divulge it to others Generally not a reliable source of real anonymity

53 Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations By sending lots of crypo-protected packets between lots of places Each packet goes through multiple hops

54 A Little More Detail A group of nodes agree to be onion routers
Users obtain crypto keys for those nodes Plan is that many users send many packets through the onion routers Concealing who’s really talking

55 Sending an Onion-Routed Packet
Encrypt the packet using the destination’s key Wrap that with another packet to another router Encrypted with that router’s key Iterate a bunch of times

56 In Diagram Form Source Destination Onion routers

57 What’s Really in the Packet

58 Delivering the Message

59 What’s Been Achieved? Nobody improper read the message
Nobody knows who sent the message Except the receiver Nobody knows who received the message Except the sender Assuming you got it all right

60 Issues for Onion Routing
Proper use of keys Traffic analysis Overheads Multiple hops Multiple encryptions

61 Privacy-Preserving Data Mining
Allow users access to aggregate statistics But don’t allow them to deduce individual statistics How to stop that?

62 Approaches to Privacy for Data Mining
Perturbation Add noise to sensitive value Blocking Don’t let aggregate query see sensitive value Sampling Randomly sample only part of data

63 Preserving Location Privacy
Can we prevent people from knowing where we are? Given that we carry mobile communications devices And that we might want location-specific services ourselves

64 Location-Tracking Services
Services that get reports on our mobile device’s position Probably sent from that device Often useful But sometimes we don’t want them turned on So, turn them off then

65 But . . . What if we turn it off just before entering a “sensitive area”? And turn it back on right after we leave? Might someone deduce that we spent the time in that area? Very probably

66 Handling Location Inferencing
Need to obscure that a user probably entered a particular area Can reduce update rate Reducing certainty of travel Or bundle together areas Increasing uncertainty of which was entered

67 Conclusion Privacy is a difficult problem in computer systems
Good tools are lacking Or are expensive/cumbersome Hard to get cooperation of others Probably an area where legal assistance is required

Download ppt "Web Security Lots of Internet traffic is related to the web"

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014.

Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 15 Page 1 CS 136, Fall 2014 Web Security Computer Security Peter Reiher December 9, 2014.

Lecture 15 Page 1 CS 136, Fall 2014 Web Security Computer Security Peter Reiher December 9, 2014.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Lecture 19 Page 1 CS 236 Online Advanced Research Issues in Security: Web Security and Privacy CS 236 On-Line MS Program Networks and Systems Security.

Lecture 19 Page 1 CS 236 Online Advanced Research Issues in Security: Web Security and Privacy CS 236 On-Line MS Program Networks and Systems Security.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Lecture 6 Page 1 CS 236, Spring 2008 Privacy and Anonymity CS 236 Advanced Computer Security Peter Reiher May 6, 2008.

Lecture 6 Page 1 CS 236, Spring 2008 Privacy and Anonymity CS 236 Advanced Computer Security Peter Reiher May 6, 2008.
Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

Similar presentations

Ads by Google