YSU Security Final

80 mins 14 problems

Come to class on June 21st (Fri) normally at 1:00PM. Will start the exam at 1:15PM.

Cryptography

half is checking knowledge and half requires second thought

Cryptographic hash

Authenticated encryption

Ransomware

Security Architecture

Architecting Secure Systems is an access control in the real world, considering more realistic threats

Sandboxing (Isolation: The principle of least privilege), Defense in Depth

Filesystem isolation & Syscall filtering since we often need to run potentially untrustworthy code

Complex protection layers are more likely to fail so employ a small number of simple layers.

Confinement: ensure misbehaving app cannot harm rest of system

Virtual machine: isolate OSs on a single machine

Air gap: run application on isolated HW

Process-level Confinement (Process given a virtual memory space)

Process interacts with the outside world via Files, Syscalls, Shared Memory

Access to files in the file system is performed by using pathname strings in non-capability systems. (
Confused Deputy Problem)

Dot-Dot Attack (directory traversal attack)

Site Isolation in Browsers requires that renderer processes can be dedicated
Filesystem Isolation

chroot is traditional sandbox by changing the meaning of / for process and children

chroot do not close resources that reside outside of the jail
chroot does not change working directory and thus can cause security problem
Many at variants syscalls could access previously open resources

Linux Namespace : process-level resource isolation

UID/GID, UTS Hostname, Process ID number space, IPC objects & POSIX message queue
clone() can creates a new namespace with all settings cloned or unshare() can divide it
Each file in the /proc/PID/ns directory is a special symlink to a file corresponding to
Passing the fd to setns() allows caller to associate with that namespace
chroot requests file paths are appended to the chroot root directory while mount namespaces requests file paths are accessed based on that namespaces mount points.
Mounting a different device (or bind-mounting a directory) to the root mount point “/” provides an isolated filesystem to a container. Additional necessary OS files and directories are bind-mounted into the container’s mount namespace.
Network namespaces secure network applications like a process with a socket connection clone()s into a new network namespace. Child inherits socket file descriptor but can’t establish other network connections.

seccomp() rules inherited by children allows certain syscalls and filter on arg variables

eBPF are programs that run in an in-kernel, "provably-safe" virtual machine
Process can install multiple BPF filters and filter cannot be removed, can only be added
BPF filter input: syscall number, syscall args., arch
prctl must be called before setting BPF filter to ensures set-UID, set-GID ignored on subsequent execve() to prevent get a new privilage

Linux Container called OS-level virtualization and the kernel is shared.

Whoever starts container can specify BPF policy (default policy exists)

TOCTTOU caused by the non-atomicity of permission checking at the point of interposition and eventual access granting in the kernel.

Google Native Client(NaCl) contains inner sandbox that complementss outer sandboxes

It needs to be compiled with their own toolchain to enforce the constraints

TEE provided by firmware ARM TrustZone, ARMv9 CCA

A hardware-enforced isolated code execution environments, much more trustworthy.

Even when the OS kernel is compromised, Netflix can still keep their videos secret

Even when the OS kernel is compromised, OpenAI can still keep their on-device models secret

Even when OS kernel or hypervisor is compromised, apps can still keep secrets (Intel SGX enclave or Secure VMs such as Intel TDX or AMD SEV)

SGX does not trust any layer in the computer’s software stack (firmware, hypervisor, OS). Instead, SGX’s TCB consists of the CPU’s microcode and a few privileged containers.

Confidential Cloud Computing (CCC)

Data-at-rest: Disk encryption, Data-in-transit: TLS, Data-in-use: Memory encryption

TEE Provides

Attestation for a computing device or program to provide verifiable evidence of its identity.

Run-time Protection (Memory Encryption Engine (MEE), TLB, AEX)

Sealing that allows a computing device or program to encrypt data. (EGETKEY)

Software Security

No call oriented programming, no DEP and ASLR, and Intel CET is important

Modern hacking (thanks to the security architecture) works by exploiting a chain of vulnerabilities used to gradually escalate the privilege of adversaries.

Attacks

Attackers typically aim to bypass the → arbitrary code execution

Vulnerabilities in other Setuid is important like sudo or pkexec

the tolerance of C compilers to errors in type is the most important historical accident

Out-of-bounds (OOB) access bugs; (Intra-object) buffer overflow

Use-after-free (UAF) bugs with dangling pointers

is architecture-independent 4 Types

Relocatable: need to be fixed by the linker before being executed

Executable: all symbols have been resolved except shared libs

Shared: shared libraries with the appropriate linking information

Core: core dumps created when a program terminated with a fault

Trusted Boot can detect attacks signing and verifying executable sections for code integrity.

is a process of connecting symbolic references with symbolic definitions.

Relocation entries are used to adjust a program to run in a different area of memory. (extern)

Static relocation references between modules being linked together done by toolchain linker

Dynamic relocation references to dynamically loaded libraries done by run-time linker ld.so

Partial Register Access (x86_64) due to a historical oddity, accessing eax will zero out the rest of rax. Other partial access preserve untouched parts of the register.

Program status and control: rflags

Instruction pointer cannot be read or set explicitly and is modified by jump and call/return

Can be read by executing a call and checking the value pushed on the stack to return

Calling Conventions: Callee and caller functions must agree on argument passing (callee-saved)

Stack (rsp, rbp - push, pop, call, ret)

Address = base + index*scale + displacement

System calls on x86_64 are triggered by set rax to the system call number, store arguments in rdi, rsi, etc. and execute the syscall instruction.

Execution of ELF

The ELF file is parsed and parts are copied into memory with the unit of segments. A segment contains one or more sections.

Shared libraries must be Position-Independent Code (PIC)

Cannot directly overwrite code so we inject code into stack and return to the injected code which requires stack to be executable (Overwrite return address with the injected code)

Stack is by default not executable in modern OSs. (Return to stack will trigger a segmentation fault)

Overwrite the return address with the address of existing code.

done by overwriting stack with multiple return addresses

Preventing corruption of return addresses by separating stack into safe stack and unsafe stack

Detecting corruption (store a copy of the return address and check in hardware)

Attacks via Indirect Jumps and Function Calls (Prevention is harder because of dynamic property

Defenses

A computer program at a high level can be seen as a logical predicate describing all of its permitted behaviors. However, under memory corruption exploits, predicates could disappear, and the program merely becomes a Turing machine.

Partial pointer overwrite

Defenses part are important

using Shared cache (could requires Deduplication)

Deduplication of code or data: the same physical memory pages are shared (FLUSH+RELOAD)

Utilizing data cache footprint (e.g., S-box table in AES) or instruction cache footprint (branches that depend on secret key)

FLUSH+RELOAD

Flush the (Last-Level) CPU Cache who share page (assumed Cache inclusiveness with unprivileged cache flush instruction and Shared Last Level Cache-LLC)

RSA is a public key crypto scheme and the main operation is modular exponentiation. The exponent e used for decryption and for signing must remain secret.

Page deduplication disables saving multiple copies and share it across process

비트가 0일 경우, Square-Reduce만 수행되므로 해당 메모리 접근 패턴이 단순합니다.

비트가 1일 경우, Square-Reduce-Multiply-Reduce가 수행되므로 추가적인 곱셈 연산으로 인해 더 많은 메모리 접근이 발생합니다.

for every iteration, the attacker flush

PRIME+PROBE

No deduplication assumptions, but it has higher

mitigation PRIME+PROBE is still available tho

Set-Associative Cache

Attacker chooses a cachesized memory buffer and Attacker accesses all the lines in the buffer, filling the cachewith its data. After execution, Accesses to cached lines is faster than to evicted lines.

Side Channel Mitigations

Disable sharing cache or page which are too expensive

Side-channel resistant code like prefetching OpenSSL or increasing data packing into cache line by smaller S-box. Also lowering time resolution for managed languages

Prevent user level flush

undo the execution of instruction when it is wrong

Some CPUs leave the results of speculative execution in the cache, can read kernel data (secret)

The content of an attacker-chosen memory location, is loaded into a register

A transient instruction accesses a cache line based on the secret content of the register

The attacker uses Flush+Reload to determine the accessed cache line

Meltdown Mitigation

Separate security processors or even separate machines.

Separate application and OS page tables (Page Table Isolation) Does not map any kernel memory in the user space, except for some parts required by the x86 architecture like interrupt handlers

Spectre-v1: Bounds Check Bypass

Exfiltrate secrets within a process address space or attack the kernel

Modern microprocessors may speculate beyond a bounds check condition, meaning that the target of conditional branches could be mis-predicted.

Mitigation: Modify individual privileged programs in order to prevent the speculative load (array_index_nospec)

Spectre-v2: Branch Predictor Poisoning

Rogue application “trains” the indirect predictor to predict branch to “gadget” code. (Aliasing) Specifically, processor incorrectly speculates down indirect branch into existing code but offset of the branch is under malicious user control since branch prediction hardware are shared across programs.

Mitigation

Disable the indirect branch predictor hardware (seriously harmful for core performance)

Disable indirect branch prediction when on entry to kernel or hypervisor from less privileged application context (Stop only cross-privilege influences)

Flush the predictor state on context switch to a new application

Retpoline: Pure software approach for preventing branch-target-injection

Masking: Prevent having out-of-bounds value by conditional masking on the untrusted offset to reliable value

Intra-mode BTI (IMBTI) speculates to an aliased predictor entry in the same predictor mode.

Branch History Injection (BHI) V2-BHI

Reuses existing entries in the BTB and no longer poisoning the destination address. It injects history to force the speculation use an existing entry to a gadget.

Other side channel attacks

Contention on Memory Bus

Other hardware issues

Rowhammer attacks

Voltage fault injection attacks to exploit TEE

Cutting-edge defenses

Automatically Enhancing Side-Channel Resistance Using Efficient Control and Data Flow Linearization by Using compiler to automatically linearize secret dependent control and data flows.