SSof 2425 001 Introduction - Key
SSof 2425 001 Introduction - Key
1
2
2
Teaching staff
• Pedro Adão - coordinator + VSSD lectures + labs
– Office at Alameda – Office 3, Informática 3
– Office at IST TagusPark – 2N3.3
3
Objectives
• to give the students the mental tools necessary to
understand the problem of the security of the computer
and its software, vis-à-vis the security of the
communication or distributed system
4
Program overview
• Principles of Computer Security
• Software Vulnerabilities
• Development of Secure Software
5
Program in detail
• Principles of Computer Security
– (VSSD) Basic properties and concepts; Software security design principles.
– (LBS) Security policies and properties
• Software Vulnerabilities
– (VSSD) Conventional applications (buffer overflows, race conditions); Web applications and
databases; Mobile applications.
– (LBS) Vulnerabilities as information flow errors
• Development of Secure Software
– (VSSD) Software auditing; Validation and encoding
– (LBS) Enforcement mechanisms; Program analysis and verification for security (taint
checking, type checking, monitoring, symbolic execution)
6
Language-Based Security
7-1
Language-Based Security
techniques based on programming language theory and
implementation, including semantics, types, optimisation and
verification, brought to bear on the security question
Schneider et. al, 2000
7-2
Language-Based Security
techniques based on programming language theory and
implementation, including semantics, types, optimisation and
verification, brought to bear on the security question
Schneider et. al, 2000
7-3
Security by design
8-1
Security by design
• Software applications are implemented in programming
languages
8-2
Security by design
• Software applications are implemented in programming
languages
• systems are modelled at different levels of abstraction (using
different languages)
8-3
Security by design
• Software applications are implemented in programming
languages
• systems are modelled at different levels of abstraction (using
different languages)
• security policies can be expressed and analysed at each of
these levels
8-4
Security by design
• Software applications are implemented in programming
languages
• systems are modelled at different levels of abstraction (using
different languages)
• security policies can be expressed and analysed at each of
these levels
• security-by-design: using language-based analysis
techniques to enforce specified security properties with
strong guarantees
8
8-5
Secure? (w.r.t. ...)
9-1
Secure? (w.r.t. ...)
yH := xL
xL := yH
9-2
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH
9-3
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
9-4
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1
while yH do skip ; xL := 0
9-5
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0
9-6
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0
✓
9
9-7
Secure? (w.r.t. ...)
yH := xL ✓ Explicit leak
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0
✓
9
9-8
Secure? (w.r.t. ...)
yH := xL ✓ Explicit leak
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗ Implicit leak
while yH do skip ; xL := 0
✓
9
9-9
Secure? (w.r.t. ...)
10
10-1
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0
10
10-2
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0 ✗
10
10-3
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗ Termination leak
while yH do skip ; xL := 0 ✗
10
10-4
Ethics and law
• The purpose of the course is to learn how to protect computer
systems from cyber-attacks
– but some of the things you learn may also be used to attack
them
• Notice that
– Attacking systems is unethical and punished by law
– Even just “testing” systems without written permission may be
punished by law
11
11-1
Ethics and law
• The purpose of the course is to learn how to protect computer
systems from cyber-attacks
– but some of the things you learn may also be used to attack
them
• Notice that
– Attacking systems is unethical and punished by law
– Even just “testing” systems without written permission may be
punished by law
• Don’t try this at home Try this just at home
11
11-2
ORGANIZATION OF THE COURSE
12
12
Communication
• Primarily via mattermost, for a quicker response, and so that all
students can benefit from the information
13
13
Classes
• 1 Lecture and 1 Lab on VSSD per week
VSSD
• Alameda: Lecture Mo + Labs Mo and Tu T01
LBS
• Tagus: Lecture Tu + Labs Tu T02
14
VSSD VSSD LBS
L05 L06 T02
VSSD
T01
LBS LBS
L03 L08
LBS
VSSD VSSD T01
L08 L07
LBS
LBS
L09 L07
VSSD VSSD
L03 T02
LBS LBS
L06 L05
VSSD
L04 LBS VSSD
L10 L10
LBS
L04
LBS VSSD
L11 L11
VSSD
L09
15
15
Labs/practical classes
• Labs (hands-on) • Lab (hands-on) + practical classes
– Cross site scripting – Taint checker + information flow policies
– SQL injection – Language interpreter + formal semantics
– Buffer overflows – Language analyzer + enforcement
– Format string vulnerabilities mechanisms
– Race conditions – Static analyzer + type systems
– Dynamic analyzer + monitors
– Symbolic analyzer + verification and
bugs
16
16
Labs
• VSSD labs will be CTF-style labs
– BYOD
– Login at https://gitlab.rnl.tecnico.ulisboa.pt/
– There will be 6 Lab assignments starting week 2
– Lab assignments are individual
– Write-ups need to be submitted weekly
– by Saturday 5pm
17
17
Evaluation
• 1 Exam (50%) that can be repeated
• Practical components:
• Lab Exercises (15%) - Individual
• Project (35%) - Groups of 3 students (registration in Fenix)
• All students are expected to participate, and are responsible for, all
parts of the project
• Min. grade: Labs >= 9; Exam >= 8
• Partial grades from previous years not reused
18
Practical Components
• Important Dates
• 6 lab assignments starting W2
• Solutions and writeups due Saturday 5pm (each week)
19
Exams
• Important Dates
• Exam 1 - 20 January 2025, 15:30
• Repetition - 03 February 2025, 08:00
• Covers Theoretical and Lab classes
• Can be answered in Portuguese or English
20
Bibliography
• Segurança no Software
Miguel Correia and Paulo Sousa
FCA, September 2010/2017
• Complementary:
– The 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, Michael Howard,
David LeBlanc and John Viega, 2009, McGraw-Hill ISBN 9780071626750
– Building Secure Software: How to Avoid Security Problems the Right Way, John Viega and Gary
McGraw, 2002, Addison-Wesley ISBN 9780201721522
– Introduction to Computer Security, Matt Bishop, 2005, Addison-Wesley
21
21
Study materials
• Book / other texts
• Papers
• Lab guides
• Slides
• Problem sets
22
22
WHO WANTS TO HACK?
Creating a (ethically-responsible) hacking team@IST
23
How do we want to do it?
• Invite ALL students with interest in Security to participate
• Teach Computer Security in an ethically responsible and
competitive environment
• Meet regularly (every week Mo, 5.00pm) to learn new
tricks
• Participate in CTF competitions
24
How successful have we been?
• Consistent top-50 in CTFs since 2017
• Several top-20 and top-10 classifications
25
But with great power comes great responsibility
26
26
Ethics
• Exploiting others’ vulnerabilities is illegal
• Each of us is responsible for his own behaviour
27
27-1
Ethics
• Exploiting others’ vulnerabilities is illegal
• Each of us is responsible for his own behaviour
27
27-2