Lecture 28: December 4, 2019

Reading: text>, §24.4.2–24.5
Due: Homework 5, due on December 6, 2019 at 11:59pm; Lab 3, due on December 6, 2019 at 11:59pm

  1. Greetings and felicitations!

  2. Some common vulnerabilities
    1. Catalogues: CVE (Common Vulnerabilities and Exposures), CWE (Common Weakness Enumeration)
    2. 2011 MITRE/SANS Top 25 Most Dangerous Software Errors
    3. OWASP Top 10 – 2017 The Ten Most Critical Web Application Security Risks

  3. MITRE/SANS list
    1. Insecure interactions among components
      1. SQL injection
      2. OS command injection
      3. Cross-site scripting
      4. Unrestricted upload of file with dangerous type
      5. Cross-site request forgery
      6. URL redirect to untrusted site
    2. Risky resource management
      1. Buffer copy without checking size of input
      2. Improper limitation of a pathname to a restricted directory
      3. Download of code without integrity check
      4. Inclusion of functionality from untrusted control sphere
      5. Use of potentially dangerous function
      6. Incorrect calculation of buffer size
      7. Uncontrolled format string
      8. Integer overflow or wraparound
    3. Porous defenses
      1. Missing authentication for critical function
      2. Missing authorization
      3. Use of hard-coded credentials
      4. Missing encryption of sensitive data
      5. Reliance on untrusted inputs in a security decision
      6. Execution with unnecessary privileges
      7. Incorrect authorization
      8. Incorrect permission assignment for critical resource
      9. Use of a broken or risky cryptographic algorithm
      10. Improper restriction of excessive authentication attempts
      11. Use of a one-way hash without a salt

  4. OWASP list
    1. Injection
    2. Broken authentication and session management
    3. Sensitive data exposure
    4. XML external entities
    5. Broken access cointrol
    6. Security misconfiguration
    7. Cross-site scripting
    8. Insecure deserialization
    9. Using components with known vulnerabilities
    10. Insufficient logging and monitoring

  5. Comparison
    1. Everything on the OWASP list is also on the MITRE/SANS list
    2. Injection is #1 on both lists
    3. The MITRE/SANS list covers vulnerabilities generally; OWASP covers only web vulnerabilities

  6. Penetration Studies
    1. Why? Why not direct analysis?
    2. Effectiveness
    3. Interpretation

  7. Flaw Hypothesis Methodology
    1. System analysis
    2. Hypothesis generation
    3. Hypothesis testing
    4. Generalization

  8. System Analysis
    1. Learn everything you can about the system
    2. Learn everything you can about operational procedures
    3. Compare to other systems

  9. Hypothesis Generation
    1. Study the system, look for inconsistencies in interfaces
    2. Compare to other systems’ flaws
    3. Compare to vulnerabilities models

  10. Hypothesis testing
    1. Look at system code, see if it would work (live experiment may be unneeded)
    2. If live experiment needed, observe usual protocols

  11. Generalization
    1. See if other programs, interfaces, or subjects/objects suffer from the same problem
    2. See if this suggests a more generic type of flaw

  12. Elimination

  13. Where to start
    1. Unknown system
    2. Known system, no authorized access
    3. Known system, authorized access

  14. Examples
    1. Michigan Terminal System

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of December 10, 2019 at 12:36PM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh