Professional Documents
Culture Documents
COMPUTER SECURITY
Design
Implementation
Operation
objects (entities)
o1 … om s1 … sn • Subjects S = { s1,…,sn }
s1 • Objects O = { o1,…,om }
s2 • Rights R = { r1,…,rk }
subjects
A s1 s2 s3 s4
B C D …
s1 A own
head s2 B own
A s1 s2 s3 s4
B X D …
s1 A own
head s2 B own
s3 X own
After δ(k, C) = (k1, X, R)
where k is the current s4 D k1 end
state and k1 the next state
A s1 s2 s3 s4 s5
B X Y b
s1 A own
head s2 B own
s3 X own
After δ(k1, D) = (k2, Y, R)
where k1 is the current s4 Y own
state and k2 the next state
s5 b k2 end
LSH LSH
PC-2 K1
C1 D1
LSH LSH
PC-2 K16
IP
L0 R0
⊕ f K1
L1 = R 0 R1 = L0 ⊕ f(R0 , K1)
IPŠ1
output
S1 S2 S3 S4 S5 S6 S7 S8
32 bits
⊕ ⊕
DES DES …
c1 c2 …
sent sent
init. vector c1 c2 …
DES DES …
⊕ ⊕
m1 m2 …
{ ks } kA || { ks } kB
Alice Cathy
{ ks } kB
Alice Bob
n || { r1 || ks } kA || { r2 || ks } kB
Cathy Bob
n || { r1 || ks } kA
Alice Bob
{ ks } eB
Alice Bob
{ { ks } dA } eB
Alice Bob
{ m }kAlice
Alice Bob
{ m }kAlice
Cathy Bob
{ m }kBob
Cathy Bob
November 1, 2004 Introduction to Computer Security Slide #1-272
©2004 Matt Bishop
Public Key Digital Signatures
• Alice’s keys are dAlice, eAlice
• Alice sends Bob
m || { m } dAlice
• In case of dispute, judge computes
{ { m } dAlice } eAlice
• and if it is m, Alice signed message
– She’s the only one who knows dAlice!
r0t0 + … + rn–1tn–1
November 1, 2004 Introduction to Computer Security Slide #1-292
©2004 Matt Bishop
Example
• 4-stage LFSR; t = 1001
r ki new bit computation new r
0010 0 01⊕00⊕10⊕01 = 0 0001
0001 1 01⊕00⊕00⊕11 = 1 1000
1000 0 11⊕00⊕00⊕01 = 1 1100
1100 0 11⊕10⊕00⊕01 = 1 1110
1110 0 11⊕10⊕10⊕01 = 1 1111
1111 1 11⊕10⊕10⊕11 = 0 0111
1110 0 11⊕10⊕10⊕11 = 1 1011
– Key sequence has period of 15 (010001111010110)
November 1, 2004 Introduction to Computer Security Slide #1-293
©2004 Matt Bishop
NLFSR
• n-stage Non-Linear Feedback Shift
Register: consists of
– n bit register r = r0…rn–1
– Use:
• Use rn–1 as key bit
• Compute x = f(r0, …, rn–1); f is any function
• Shift r one bit to right, dropping rn–1, x becomes r0
Note same operation as LFSR but more general
bit replacement function
November 1, 2004 Introduction to Computer Security Slide #1-294
©2004 Matt Bishop
Example
• 4-stage NLFSR; f(r0, r1, r2, r3) = (r0 & r2) | r3
r ki new bit computation new r
1100 0 (1 & 0) | 0 = 0 0110
0110 0 (0 & 1) | 0 = 0 0011
0011 1 (0 & 1) | 1 = 1 1001
1001 1 (1 & 0) | 1 = 1 1100
1100 0 (1 & 0) | 0 = 0 0110
0110 0 (0 & 1) | 0 = 0 0011
0011 1 (0 & 1) | 1 = 1 1001
– Key sequence has period of 4 (0011)
k
r Ek(r) mi
… E …
⊕
ci
November 1, 2004 Introduction to Computer Security Slide #1-299
©2004 Matt Bishop
Block Ciphers
• Encipher, decipher multiple bits at once
• Each block enciphered independently
• Problem: identical plaintext blocks produce
identical ciphertext blocks
– Example: two database records
• ME M BER: H OLLY INCO M E $100,000
• ME M BER: HEIDI INCOM E $100,000
– Encipherment:
• ABCQZ R M E GHQ M R S IB CTXUVYSS RM G R P FQ N
• ABCQZ R M E ORM P ABRZ CTXUVYSS RM G R P FQ N
Link Protocol
User
UA UA UA
Agents
Message
MTA MTA MTA Transfer
Agents
{ m } ks || { ks } kB
Alice Bob
m { h(m) } kA
Alice Bob
{ m } ks || { h(m) } kA || { ks } kB
Alice Bob
IP IP+IPsec IP
dest gw2 gw1 src
security gateway
IP encapsulated
header data body
IP encapsulated
header data body
hostA.A.org
hostB.B.org
current window
request to authenticate
user system
random message r
user (the challenge)
system
f(r)
user (the response)
system
{ pi }
user system
UValmont UValmont
Student CA Staff CA
b3
b6
j>n
b4
j≤n
b5
November 1, 2004 Introduction to Computer Security Slide #1-521
©2004 Matt Bishop
IFDs
• Idea: when two paths out of basic block, implicit
flow occurs
– Because information says which path to take
• When paths converge, either:
– Implicit flow becomes irrelevant; or
– Implicit flow becomes explicit
• Immediate forward dominator of basic block b
(written IFD(b)) is first basic block lying on all
paths of execution passing through b
host SPI
first disk
second disk
x := 1; atmp := a;
fori:= 0 to k–1 do begin
if zi = 1 then
x := (x * atmp) mod n;
atmp := (atmp * atmp) mod n;
end
result:= x;
communications buffer
holds n items
Low High
buffer buffer
Requirements
definition and System and
analysis software Implementation
design and unit
testing Integration
and system Operation
testing and
maintenance
logged in
user password or
magic password
logged in
November 1, 2004 Introduction to Computer Security Slide #1-695
©2004 Matt Bishop
The Compiler
login source
login source
X X+2 …
X X + 1X+ 2
November 1, 2004 Introduction to Computer Security Slide #1-776
©2004 Matt Bishop
Step 3: Flaw Hypothesis
• Consider switch from user to system mode
– System mode requires supervisor privileges
• Found: a parameter could point to another element in
parameter list
– Below: address in location X+1 is that of parameter at X+2
– Means: system or supervisor procedure could alter parameter’s
address after checking validity of old address
X X+2 …
X X + 1X+ 2
November 1, 2004 Introduction to Computer Security Slide #1-777
©2004 Matt Bishop
Step 4: Flaw Testing
• Find a system routine that:
– Used this calling convention;
– Took at least 2 parameters and altered 1
– Could be made to change parameter to any value (such
as an address in segment 5)
• Chose line input routine
– Returns line number, length of line, line read
• Setup:
– Set address for storing line number to be address of line
length
November 1, 2004 Introduction to Computer Security Slide #1-778
©2004 Matt Bishop
Step 5: Execution
• System routine validated all parameter addresses
– All were indeed in user segment
• Supervisor read input line
– Line length set to value to be written into segment 5
• Line number stored in parameter list
– Line number was set to be address in segment 5
• When line read, line length written into location
address of which was in parameter list
– So it overwrote value in segment 5
tom tom
passwd passwd X
X
X data
passwd data X data passwd data
(a) (b)
November 1, 2004 Introduction to Computer Security Slide #1-811
©2004 Matt Bishop
Flaw #2: fingerd
• Exploited by Internet Worm of 1988
– Recurs in many places, even now
• finger client send request for information to
server fingerd (finger daemon)
– Request is name of at most 512 chars
– What happens if you send more?
mainlocal mainlocal
variables variables
Logic/time bomb
Intentional Storage
Covert channel
Timing
Nonmalicious
Other
Description:
A new process has been created:
New Process ID: 2216594592
Image File Name:
\Program Files\Internet Explorer\IEXPLORE.EXE
Creator Process ID: 2217918496
User Name: Administrator
FDomain: WINDSOR
Logon ID: (0x0,0x14B4c4)
A E
a f
• C, D, W, X, Y, Z boundary controllers
• f launches flooding attack on A
• Note after X xuppresses traffic intended for A, W begins
accepting it and A, b, a, and W can freely communicate
again
November 1, 2004 Introduction to Computer Security Slide #1-1010
©2004 Matt Bishop
Follow-Up Phase
• Take action external to system against
attacker
– Thumbprinting: traceback at the connection
level
– IP header marking: traceback at the packet level
– Counterattacking
Inner firewall
to both processes
pages xdir 1
userid = getuid();
entry = getlocation();
(void) fclose(fp);
return(stat);