cse443-lecture-12-codesecurity - CMPSC 443 Introduction to...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Program Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjae ger/cse443-s12/ Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger System Resources Programs often need system resources to function Libraries, conFgurations, environment variables, etc. Programs are often tasked to process particular system resources User Fles, remote requests, etc. Adversaries can leverage the mechanisms designed to retrieve system resources to compromise programs So, you have to prevent such attacks 2 Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Namespace Resolution Client (Process) requests a resource (File) from a system name server (OS) by name Name server resolves name to a resource using its namespace bindings Mapping between names and resources E.g., File pathnames to directories and les Namespaces are used in many places Android Intents XenStore key-values D-Bus methods URLs DNS names Adversaries may control names, bindings, or resources 3 Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Namespace Resolution Attacks Adversaries may choose names Use a maliciously crafted name to circumvent parsing and get to the resource they desire Affect the construction of names (e.g., environment variables) to redirect the victim to a malicious resource Adversaries may control namespace bindings Create a link to direct the victim to a Fle of the adversaries choosing May create malicious Fles in shared directories Adversaries may control resources themselves Victim may not know that an adversary can modify a particular resource that it expects to be safe DifFcult to prevent these attacks as programs often process untrusted names, bindings, and resources 4 Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Threat Model How does the adversary gain access to namespace resolution? Could have access to victim Can provide a name E.g., A client of a web server Could have access to name server Can update the namespace bindings E.g., An Android app can update Intents Could have access to resources Can modify the data in some of the resources E.g., A process on a Fle system The attacks to look for depend on the threat model 5 Page CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Adversary-Controlled Names Maliciously-crafted names Multiple ways of naming lots of things Files /x/data or /y/z/../../x/data or /y/z/%2e%2e/x/data Lots of others -- URLs, DNS names, middleware-specic, etc....
View Full Document

This note was uploaded on 02/11/2012 for the course CSE 443 taught by Professor Trentjaeger during the Spring '11 term at Pennsylvania State University, University Park.

Page1 / 23

cse443-lecture-12-codesecurity - CMPSC 443 Introduction to...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online