Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science & Engineering Korea University COM850 Computer Hacking and Security.

Published byBennett Barber Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science & Engineering Korea University COM850 Computer Hacking and Security."— Presentation transcript:

1 Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science & Engineering Korea University COM850 Computer Hacking and Security

2 Korea Univ Course Information Instructor  Prof. Taeweon Suh Textbook  HACKING – The Art of Exploitation, 2 nd Edition, Jon Erickson, 2008 Prerequisites  C-programming, Network Programming, Computer Architecture, Operating Systems References  Practical Packet Analysis using Wireshark to Solve Real-world Network Problems, Chris Sanders, 2 nd Edition, no starch press, 2011  TCP/IP Protocol Suite, Behrouz Forouzan, 4 th Edition, McGraw-Hill, 2009  TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley, 1994 Office hours  After class as needed  By appointment at Lyceum 307 Course materials will be posted on the course web at http://esca.korea.ac.kr/ http://esca.korea.ac.kr/ Contact Information  suhtw@korea.ac.kr suhtw@korea.ac.kr  02-3290-2397 2

3 Korea Univ Pioneers of Hacking John Draper  Hacked telephone line to make free calls  Arrested on toll fraud charges in 1972  Inspired 2 Steves 3 Discovery Channel’s The Secret History of Hacking http://www.youtube.com/watch?v=Y47m1cOyKjA

4 Korea Univ Pioneers of Hacking Steve Wozniack  Apple co-founder  Started revolution in computers Kevin Mitnick  Hacked many computer systems  Convicted of various computer and communication-related crimes 4 Discovery Channel’s The Secret History of Hacking http://www.youtube.com/watch?v=Y47m1cOyKjA

5 Korea Univ Hacking is Bad? Most people associate hacking with breaking the law and assume that everyone who engages in hacking activities is a criminal  Hackers are outlaws, snooping, stealing, and spreading viruses. No one has good words for them The essence of hacking is finding unintended or overlooked uses and applying them in a new and inventive ways  Hacked solutions follow the rules of the system, but they use those rules in counterintuitive ways 5

6 Korea Univ “My” Hacking Classification Software hacking  Exploit vulnerabilities in software Hardware Trojan  Implant malicious hardware inside a chip Hybrid (hardware + software)  Software to trigger Hardware Trojans  Software based on the understanding of hardware details 6

7 Korea Univ Abstractions in Computer 7 Hardware Implementation Instruction Set Architecture (ISA) Assembly language or Machine language Operating Systems Programming using APIs Provides APIs (Application Programming Interface)

8 Korea Univ Software Hacking Exploit vulnerabilities in software  Classic buffer overflow  Heap-based overflow  Function pointer overflow … 8 Layout of virtual address space on IA-32

9 Korea Univ Software Hacking Exploit weakness in network protocols and their implementation in software  Denial of Service (DoS): SYN flooding, Ping flooding, Ping of Death, Teardrop, Smurf and Fraggle attacks, Distributed DoS… 9

10 Korea Univ Hardware Trojan Relatively new and different attack method Implant malicious logic into a chip 10 Implantation during Design Phase IPs HDL Implantation during fabrication Implantation via CAD tools

11 Korea Univ Hardware Trojan Israel’s strike to nuclear plants in Syria (2007) European chip maker recently built into its microprocessors a kill-switch that could be accessed remotely. French defense contractors have used the chips in military equipment Time-bomb … 11 “The Hunt for The Kill Switch,” IEEE Spectrum, May 2008

12 Korea Univ Hybrid Certain conditions created by software-triggered Hardware Trojans Software hacks computer systems based on understanding of hardware details 12 “Hardware Security in Practice: Challenges and Opportunities,” HOST, 2011 Insecure hardware initialization by the BIOS The BIOS didn’t lock remapping registers after configuration Attackers reprogram these registers to map to TSEG Corrupt SMI handlers with malicious code

13 Korea Univ Objectives Our focus is on software hacking and security  In-depth understanding of x86 processor, compiler outcome, networking, and hopefully OS  Understand vulnerabilites in software Classic buffer overflow in stack Denial of Service (DoS) attacks TCP/IP Hijacking …  Study countermeasures to prevent from attacks  As a side effect, get used to: Linux system programming x86-based assembly 13

14 Korea Univ Lab Environment Hardware: x86-based computers  Personal laptops are preferred Software: 32-bit Linux  The textbook contain a CD you can play with  Or, experiment with the latest Linux, but recent OSs are patched against well-known security threats  GDB, Wireshark … 14

15 Korea Univ Grading Policy Midterm Exam: 30% Final Exam: 30% Class Presentations: 40% Fail rule  You will be given an “F” if you are absent more than 3 times 2 late show-ups will be counted as 1 absence 15

16 Korea Univ Understand Computer? How much do you “exactly” understand computers? Answer to the following 2 questions 16

17 Korea Univ 0.025 != 0.025 ? 17

18 Korea Univ 0.07 != 0.07 ? 18

19 Korea Univ a x b x c != b x c x a ? 19

20 Korea Univ What Would You Get? 20 #include int main() { signed int sa = 7; signed int sb = -7; unsigned int ua = *((unsigned int *) &sa); unsigned int ub = *((unsigned int *) &sb); printf("sa = %d : ua = 0x%x\n", sa, ua); printf("sb = %d : ub = 0x%x\n", sb, ub); return 0; }

21 Korea Univ What Would You Get? 21 #include int main() { float f1 = -58.0; unsigned int u1 = *((unsigned int *) &f1); printf("f1 = %f\n", f1); printf("f1 = %3.20f\n", f1); printf("u1 = 0x%X\n", u1); return 0; } What is this?

22 Korea Univ What Would You Get? 22 #include int main() { double d1 = -58.0; unsigned long long u1 = *((unsigned long long *) &d1); printf("d1 = %lf\n", d1); printf("d1 = %3.20lf\n", d1); printf("u1 = 0x%llX\n", u1); return 0; } What is this?

23 Korea Univ What Would You Get? 23 #include int main() { float f2 = -0.1; unsigned int u2 = *((unsigned int *) &f2); printf("f2 = %f\n", f2); printf("f2 = %3.20f\n", f2); printf("u2 = 0x%X\n", u2); return 0; } And What is this? Why are these different?

24 Korea Univ What Would You Get? 24 #include int main() { float f3 = 0.7; unsigned int u3 = *((unsigned int *) &f3); printf("f3 = %f\n", f3); printf("f3 = %3.20f\n", f3); printf("u3 = 0x%X\n", u3); return 0; } What is this? Why are these different?

25 Korea Univ Intel’s Core i7 (2 nd Gen.) 25 2 nd Generation Core i7 995 million transistors in 216 mm 2 with 32nm technology L132 KB L2256 KB L38MB Sandy Bridge

Download ppt "Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science & Engineering Korea University COM850 Computer Hacking and Security."

Similar presentations

Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science Education Korea University ECM553 Special Topics in Computer Science 1.

Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science Education Korea University ECM553 Special Topics in Computer Science 1.
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
CSCI 3335: C OMPUTER N ETWORKS Vamsi Paruchuri Assistant Professor Department of Computer Science University of Central Arkansas 1.

CSCI 3335: C OMPUTER N ETWORKS Vamsi Paruchuri Assistant Professor Department of Computer Science University of Central Arkansas 1.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.

1 Colorado University Guest Lecture: Vulnerability Assessment Chris Triolo Spring 2007.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
1 Network Packet Generator Characterization presentation Supervisor: Mony Orbach Presenting: Eugeney Ryzhyk, Igor Brevdo.

1 Network Packet Generator Characterization presentation Supervisor: Mony Orbach Presenting: Eugeney Ryzhyk, Igor Brevdo.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
ECE 232 L1 Intro.1 Adapted from Patterson 97 ©UCBCopyright 1998 Morgan Kaufmann Publishers ECE 232 Hardware Organization and Design Lecture 1 Introduction.

ECE 232 L1 Intro.1 Adapted from Patterson 97 ©UCBCopyright 1998 Morgan Kaufmann Publishers ECE 232 Hardware Organization and Design Lecture 1 Introduction.
Elements of Computing Systems, Nisan & Schocken, MIT Press, 2005, www.idc.ac.il/tecs, Introduction: Hello, World Below slide 1www.idc.ac.il/tecs Introduction:

Elements of Computing Systems, Nisan & Schocken, MIT Press, 2005, Introduction: Hello, World Below slide 1www.idc.ac.il/tecs Introduction:
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.

EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
CS 3305 Course Overview. Introduction r Instructor: Dr Hanan Lutfiyya r Office: MC 355 r Email: hanan at csd dot uwo ca r Office Hours: m Drop-by m Appointment.

CS 3305 Course Overview. Introduction r Instructor: Dr Hanan Lutfiyya r Office: MC 355 r hanan at csd dot uwo ca r Office Hours: m Drop-by m Appointment.
G53SEC Computer Security Introduction to G53SEC 1.

G53SEC Computer Security Introduction to G53SEC 1.
Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science Education Korea University ECM586 Special Topics in Embedded Systems.

Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science Education Korea University ECM586 Special Topics in Embedded Systems.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
Introduction to Network Security J. H. Wang Feb. 24, 2011.

Introduction to Network Security J. H. Wang Feb. 24, 2011.

Similar presentations

Ads by Google