Secure Computing Flashcards
What is MOM?
Attackers must possess:
- Method: skills & tools
- Opportunity: time & access
- Motive
What is threat modelling?
The process of identifying all possible threats to a system, exploitable or not
What does threat modelling help us to do?
- Understand the system’s threat profile
- Facilitate secure design and implementation
- Guide code reviews and penetration tests
- Discover vulnerabilities
How do we characterise systems?
All about system components and their interconnections
Using usage scenarios, assumptions & dependencies e.g. data flow diagrams and network models
What is an asset and some examples?
What we are trying to protect e.g. sensitive data or system availability
What is an access point and some examples?
How we can reach the system and asset e.g. ports or files
How do we identify threats?
Develop a threat profile which can be classified as high or low risk by looking at where/how assets can be reached via access points through components and interconnections
For each asset, we create attack goals for it
What do attack trees show?
How an asset can be attacked
What does the root node of an attack tree represent?
The goal of the attack
What do all other nodes of an attack tree represent?
Condition/predicate/action
What is an attack path in an attack tree?
The path from a leaf node to the root node
What do data flow diagrams show?
The flow of information between different components of a system, focusing on what data is being transferred, where it’s going and how it’s processed
What do data flow diagrams help us to pinpoint?
- Areas where sensitive data is exposed
- Areas where improper validation, authentication or encryption might occur
Where do trust boundaries occur?
Any point at which entities with different levels of privilege interact
How do we find trust boundaries?
- Identify the different principals
- Start from either end of the privilege spectrum e.g. Internet user or system administrator
- Add a new trust boundary each time a principal talks to another
What are entry and exist points in data flow diagrams?
Places where control or data cross a trust boundary
Why are data flow diagrams useful?
They delineate the attack surface between principals. Threats tend to cluster around entry/exit points on trust boundaries and often follow data flows. Therefore, we have a systematic way of where to look for threats.
What is STRIDE?
Used for classifying threats
Spoofing - masquerading for unauthorised access
Tampering - violating data integrity
Repudiation - denying a performing action
Info Disclosure - violating confidentiality
Denial of Service - preventing a system from working
Elevation of Privilege - gaining special status
What are the benefits of using STRDE?
- Acts as a useful checklist when considering threats
- Makes it easier to understand the effects of threats
- Helps to assign priority to threats
What is STRIDE-Per-Element?
Used in data flow diagrams to constrain STRIDE for particular data flow diagram elements
Are security requirements specified in terms of what must happen or must not happen?
Must not happen
What is a security policy?
The set of security requirements
A high-level specification of security properties a system should possess
What is DREAD?
Used for risk assessment
Damage Potential
Reproducibility
Exploitability
Affected Users
Discoverability
What are some issues with DREAD?
- Highly subjective to use integers
- Not all dimensions may be useful e.g. why assume discoverability isn’t always 100%
- All dimensions are weighted equally
What are mechanisms with security policies?
The basic components needed to satisfy a policy e.g. biometric scanning
What is a security model?
A model which represents a particular policy or set of policies
How are objects classified in access control security models?
They are labelled based on the perceived impact if the data is compromised
How are employees classified in access control security models?
They have clearances and are labelled based on the trust that can be placed on the individual
What is the access control policy?
A user can read a document only if their clearance is at least as high as the document’s classification
What are the two properties of Bell-LaPadula?
- Simple Security - no read up
- *-property - no write down
How are the properties of Bell-LaPadula enforced?
Through Mandatory Access Control
How do we formalise subjects and objects in access control security models?
They are assigned a security label which is a classification level and the categories - (class, category set)
A binary relation is defined, D (dominates), over a set of labels which is a partial order
What are the three properties of partial orders?
- Reflexive - every element is related to itself
- Antisymmetric - if a dominates b and b dominates a, then a and b are the same
- Transitive - if b dominates a and c dominates b, then c dominates a
What is exec in access control security models?
A predicate which takes a subject, and object and an action
<s,o,a> is a member of exec
This states that a subject s can perform action a on object o
It is a formal specification for the behaviour of a reference monitor
What do reference monitors do?
They enforce the simple security and *-property properties
Each triple (s, o, a) is checked against the reference monitor
What are the two properties of BIBA Integrity model?
- Simple security - no read down
- *-property - no write up
What is the Chinese Wall Model used for?
Modelling the constraints of a form of professionals whose partners need to avoid conflicts of interest and/or insider dealing
What is the basic purpose of the Chinese Wall Model?
Once a partner consults for a company of a given type, it cannot consult for another company of the same type
How does the Chinese Wall Model keep track of state?
A Boolean 2D matrix C[s,o] which = 1 if s has accessed o, otherwise = 0
What are the two properties for the Chinese Wall Model?
- Simple Security - each subject can access objects from at most one company from each type
- *-property - write access to s to write to o is only permitted if access is permitted by the simple security rule and if all other object p which s has written to is such that t(o) = t(p) or p is a sanitised object
What is the basic idea of Resurrecting Duckling?
For systems that need secure transient associated - where the security policy is transient
The two systems will need to secure and authenticate, restart (resurrecting) with a clean state (duckling)
What are the two states in Resurrecting Duckling?
- Imprintable - ready to trust another system
- Imprinted - committed to trust system
What are the two transitions in Resurrecting Duckling?
- Imprinting - sends some secret key
- Death - by an order, by old age or when the transaction has ended
What two properties do algorithms always consist of?
- Safety property - you want to prohibit things that can’t happen
- Liveness property - what are the good things you want to happen
Give examples of safety properties
E.g. writing in a part of memory you don’t want to write in, at one time at most one process can access one piece of data, in a token ring at most one node holds the token
Give examples of liveness properties
In a token ring, you eventually want every node to hold the token, termination of a program
Are all security policies enforcable?
No
What kind of information can an EM use?
Past events - cannot predict the future and doesn’t know about alternative or all possible executions
What is the safety and liveness property of mutual exclusion - processes accessing critical section?
Safety - at most one process can access critical section
Liveness - every requesting process is eventually grated access to critical section
Is every security policy a property, and why (not)?
No because the membership of an execution within the policy may rely on another execution i.e. needs to know more than just the one execution
What do we know about bad executions and prefixes?
If we have a prefix that turns false, it must remain false after
If an execution is bad, then we can find an execution that has already gone bad
How can we define safety properties?
If it is possible that it has a bad prefix
A property is a safety property if, for every execution that is not in the property, there exists a prefix of the execution that is not in the set
Match safety/liveness property to prefix/suffix
Safety property concerns prefixes
Liveness property concerns suffixes
Is access control a safety property?
Yes because a bad prefix is when an unauthorised operation is attempted
Is availability a safety property?
No because the mechanism would be to know what will happen in the future
What would the security automata and guarded command be for a security policy of no Send after FileRead
(check notes)
Can we use time units to enforce a property? If yes, why? If no, why and what do we use instead?
No because we cannot control the environment
We use execution steps instead
What is the solution for SQL injection?
Prepared statements - parameterised and reusable SQL queries
What are the different types of attacks on URLs?
Phishing - using fake URLs resembling legitimate ones
Homograph attacks - exploiting visually similar characters across different alphabets
Punycode - exploiting the representation of Unicode characters using ASCII
URL obfuscation - techniques to hide the true destination of a URL e.g. long URLs, encoded URLs, shortened URLs and redirects
Directory traversal - accessing other parts of the file system
What is a solution to URL attacks?
Canonicalisation - convert all user input to it’s simplest form before making any security decisions
What are the 4 typical goals of web attacks?
- Tampering with data
- Information Disclosure
- DoS
- Elevation of privilege
How are sessions represented and where?
A session is represented by a persistent token (session ID)
A session ID is stored client-side and presented to the server
Sessions can have an associated state which can persist locally (cookies, HTML5 web storage) or on the server
What are some limitations of HTTPS?
- Can have crypto issues e.g. DROWN attack
- HSTS forces the use of HTTPS for all connections but still allows an initial insecure request via HTTP so there is a (very small) risk of a MITM attack
- Misuse of TLS certificates could pose security issues
What are open redirects, how could they be used in an attack and what’s a fix?
They are when you are forced to authenticate before giving you the page you wanted to visit, that redirect is then stored in the query string and facilitates a redirect afterwards
An attacker could give a redirect to some bad page
A fix would be to validate the redirect parameter
What is URL jumping, how could it be used in an attack and what’s the best fix?
When applications have an expected flow from page to page
If an attacker could skip a step, that could pose an issue
The best fix is to track the flow is session data stored on the server
What’s the best way to manage secure passwords?
With a strong hash function (SHA-256 or bigger)
And plenty of random salt (pieces of random data added to a password before it is hashed)
Make the algorithm very slow i.e. iterate many times
Notify users promptly when breached
What is the danger associated with session IDs, and how could attackers get them?
Compromising the session ID would leave to the attacker impersonating the user
If the session ID is calculated with predictable or weak algorithms, the attacker could guess or calculate it
Could be stolen through attacks to the victim’s computer, XSS or packet sniffing
Could be stolen through exposure by URL rewriting - when session IDs (typically stored as cookies) are rewritten to be included as a query parameter because the browser doesn’t support cookies or they have been visible - therefore it’ll be visible in the browser history and could be cached by web proxies
How can sessions be managed securely?
- Generate IDs with a cryptographic PRNG (Pseudo-random number generator)
- Never reuse IDs
- Use HTTPS and enable Secure cookie option
- Establish a maximum session lifetime e.g. 1 or 2 hours
- Invalidate sessions that have been idle for a while
- Make it easy to log out and clear the session explicitly
- Limit session concurrency
- Minimise the use of the client for storing session state and encrypt anything stored client-side
What are malicious XML payloads?
Traditional web services exchange messages represented as XML documents - these must be parsed which creates opportunities to exploit weaknesses in the parser implementation
What is XSS?
A type of injection attack where malicious scripts are injected in otherwise trusted websites
When the victim visits the infected page, the attacker’s code is downloaded to their browser and executes
What are the two main types of XSS?
Reflected and stored
What is reflected XSS?
When an application receives data in a HTTP request and includes that data within the immediate response in an unsafe way
When an attacker gets control of a script executed in the victim’s browser, they can technically fully compromise that user
Executed with social engineering
What is stored XSS?
Relies on some injected JavaScript being stored on the vulnerable server
Targets sites like discussion forums, blogs with comments and shopping sites with reviews
The malicious code can therefore persist for a long time and be seen by may people, and there is no need for social engineering -> big impact
What are some countermeasures to XSS?
- Encoding HTML before it is delivered to the browser
- Rejecting HTML and requiring user-supplied content to be written in something like Markdown
- Use the HttpOnly attribute flag with cookies to hide them from JavaScript code
What is HTML injection?
When attackers inject a frame which points back to a server they control
E.g. the framed page would display a message saying the user has been logged out and must resupply credentials
Can happen when the application doesn’t properly handle user supplied data allowing the attacker to provide valid HTML code e.g. via a parameter value
What is XSRF/CSRF?
Cross-Site Request Forgery
Exploits the fact that your browser sends an authentication token to a server and tricks you into authenticating a request you never intended to take
What is a defence of XSRF/CSRF?
Generate a random none when the user logs in and store it with the user’s session data
The nonce is then included in pages sent back to the user’s browsers as a hidden form field so will be returned to the server in requests originating from those pages
Then, it can be checked against the value stored in the server for that session
What two levels does address resolution happen at?
- DNS - resolves human-readable domain names into numeric IP addresses needed for routing
- ARP (Address Resolution Protocol) - resolves IP addresses into the 48-bit MAC addresses that identify a specific network interface or hardware
How can DNS be attacked?
Cache Poisoning - an attacker sends forged DNS responses to a DNS resolver, tricking it into caching malicious IP addresses for domain names - therefore redirecting users to malicious websites
Spoofing - the attacker directly intercepts DNS queries and responds with fake answers in real time
MITM Attack - an attacker intercepts DNA queries and replies, altering them to direct traffic to malicious sites
How can ARP be attacked?
Cache poisoning - an attacker sends fake ARP replies to a victim, associating the attacker’s MAC address with the IP address of a legitimate device allowing MITM and DoS attack
Why is remote access with telnet or rlogin bad?
All traffic is unencrypted
What is banner grabbing?
The deliberate use of telnet with non-telnet ports
Gains info about a system or network and their services which are running on open ports as some will sometimes respond with banners leaking information about software vendor, versions etc.
Threatens information disclosure
What is the fix to unsecure remote access?
SSH - a cryptographically enabled protocol for login, file transfer and TCP connection tunnelling
Traffic is encrypted with a symmetric cipher negotiated between the client and server
What are some problems with SSH?
- Complex custom-designed protocol
- SSH-1 had design flaws and is now considered insecure
- SSH-2 is superior but has its own issues
What is the danger of a MITM attack to remote access?
An attacker could steal credentials if they could impersonate a server and may not be noticed if they forward your connection attempt to a real server
What is a countermeasure to MITM attacks to remote access?
Using SSH to maintain a local store of trusted public keys for previously accessed servers
The user if asked whether they trust a server the first time they connect and the public key is added if they say yes
There still exists a risk but there is a smaller window of opportunity
What is SMTP and its dangers?
A simple request-response protocol using port 25
There is no authentication allowing easy spoofing
All traffic is sent as ASCII plain text
Banners leak information
Open relays are heavily abused (spam)
What are IMAP and POP3 and their dangers?
For receiving mail
The username/password are usually sent as plaintext
Using the extensions, the server sends a timestamp and the client sends back the MD5 hash of this and a shared secret
The mail itself is unprotected
How can email protocols be secured?
Using SSH to tunnel insecure protocols over an encrypted channels - not the best option
Best option - using the extended support for TLS that protocols have now
What is opportunistic TLS for securing email protocols?
When you continue to use standard ports but add a ‘STARTTLS’ command to the protocols triggering a TLS handshake and upgrades to a secure connection
What are some source code QA techniques?
- Code review
- Checklists
- Static analysis tools
- Run-time fault injection
What is Whittaker’s model?
A framework for classifying and organising software security testing activities based on the types of vulnerabilities they aim to identify
What should we combine passwords with to make them more secure?
- Physical tokens
- 2FA
What is the revocation problem in using biometrics?
The fact that if a database of biometric credentials was comprised - it would be a massive problem since biometrics are irrevocable
The solution is to combine a revocable factor with a biometric factor, hash this and store the hash. If the database is subsequently hacked, we can revoke the hash and change the revocable factor
What keys and type of ciphers does public key cryptography use?
Public key
Private key
Asymmetric ciphers
What are the 4 requirements of public key cryptography?
- Easy to encrypt given the public key
- Easy to decrypt given the private key
- Infeasible to determine the private key given the public key
- Infeasible to recover the plaintext given the public key and encrypted message
What is RSA based on?
The extreme difficulty of factoring the product of two very large prime numbers
What are the steps of RSA?
- Select two large prime numbers, p and q
- Calculate the product n = pq
- Calculate the Euler totient of n, φ(n) = (p-1)(q-1)
a. Counts the positive integers up to a given integer n that are relatively prime to n
b. Given integers a and b, a and b are relatively prime if gcd(a, b) = 1
c. Euler totient of 9 = 6 (1, 2, 4, 5, 7, 8 are all relatively prime to 9)
d. Select two prime numbers e.g. 3 and 7, product = 21
e. Euler totient = 12 = (2*6) (1, 2, 3, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20) - Select an integer e such that the greatest common divisor of e and φ(n) is 1
- Calculate an integer d such that de mod φ(n) = 1
What would the output of RSA be using p = 17 and q = 11?
- Select two prime numbers: p = 17, q = 11
- Calculate product: n = 17 x 11 = 187
- Calculate Euler totient: φ(n) = (p-1)(q-1) = 16 x 10 = 160
- Choose integer e: e = 7
- Determine value of d: 7d mod 160 = 1, 7d = 161, d = 23
How can RSA be attacked?
- Brute-force search of all private keys
- Shared prime - if two key pairs share one prime, it’s easy to recover all three primes
- e is fixed and too small
What is elliptic curve cryptography?
Based on the mathematical properties of elliptic curves
Equivalent security to RSA for smaller key sizes - faster than RSA but verifying signatures is slow
What are digital signatures?
They are used to ensure the authenticity, integrity and non-repudiation of digital data
Uses public key cryptography with the private key kept secret by the signer and the public key shared with other to verify the signature
What are the steps in using digital signatures?
- The signer generates a hash of the data
- The hash is encrypted with the private key - creating the digital signatures
- The recipient uses the public key to decrypt the signature and retrieve the hash
- The recipient independently hashes the original data and compares the two hashes
- If the two hashes match, the data is verified as authentic and untampered
How can we trust that a public key send from someone was genuinely sent from them?
Face-to-face verification or public key certificates
What are public key certificates?
Certificates in which the public key and owner IS can be transported, signed by a certificate authority
What are TLS certificates?
Public key certificates that are used for HTTPS
What is a firewall?
A security guard placed at the point of entry between a private network and the internet which monitors all incoming and outgoing packets
They consist of a set of rules - the decision whether to forward or drop a message depends on the rule that the message satisfies
What are 3 challenges when designing firewalls?
- Consistency - may have conflicting rules
- Completeness - the set of rules may be incomplete - difficult to ensure all packets are considered
- Compactness - some rules may be redundant
What is an FDD?
An acyclic and directed graph defined over Fi…Fn where F are the fields e.g. IP address
What are the 5 properties of FDDs?
- Has exactly one root node with no incoming edge, and nodes with no outgoing edges are terminal nodes
- Each node in an FDD is labelled with a field whose label is a member of {F1…Fn} if a non-terminal node, or is a member of {a, d} is a terminal node
- An edge is labelled with a non-empty set of integers which is a subset of the domain of the field
- A directed path from the root to a terminal node is called a decision path - and no two nodes on a decision path have the same label
- The set of all outgoing edges of a node satisfy consistency
What are the firewall rules for the FDD shown in notes?
(notes)
When are two FDDs equivalent?
Iff f.accept = f’.accept and f.discard = f’.discard
What are isomorphic nodes?
- Both v and v’ are terminal nodes with identical labels
- Both v and v’ are non-terminal nodes, and there is a 1-1 correspondence between the outgoing edges of v and those of v’ such that every pair of corresponding edges have identical labels and then point to the same node
What are the 3 properties to say an FDD is reduced?
- No node has only one outgoing edge
- No two nodes are isomorphic
- No two nodes have more than one edge between them
What is the algorithm for FDD reduction?
Input: FDD fff
Output: Reduced FDD equivalent to fff
Steps: (apply steps 1-3 repeatedly until the FDD cannot be reduced any further)
1. If there is a node v with only one outgoing edge e, where e points to v′:
○ Remove both v and e, and redirect all edges that point to v to point to v′.
2. If two isomorphic nodes v and v′ exist:
○ Remove v′ together with all its outgoing edges, and redirect all edges that point to v′ to point to v.
3. If two edges e and e′ exist that are both between the same pair of nodes:
Remove e′ and change the label of e from I(e) to I(e) ∪ I(e′).
Reduce the FDD shown in notes
(notes)
What is the equation for the load of a node in a marked FDD?
(notes)
What is algorithm for marking an FDD?
Input: FDD f
Output: Marked FDD f′ with minimal load
Steps:
1. Compute the load of each terminal node v in f as follows: load(v) := 1
2. WHILE (there is a node v whose load has not yet been computed, suppose v has k outgoing edges e1, .., ek, and these edges point to v1, …, vk respectively, and the loads of these k nodes have been computed) DO:
a) Among the k edges of e1,…,ek, choose an edge ej with the largest value of (load(ej)-1) * load(vj), and marks edges ej with ‘all’
3. (b) Compute the load of v as follows: load(v) := ∑(i=1 to k) (load(ei) * load(vi))
What is the matching predicate?
It evaluates only the conditions explicitly set by the rule
So it uses “all” markings
What is the resolving predicate?
It evaluates all the conditions that reach a terminal node
So it ignores “all” markings - is a generalisation so we want the most restrictive
What is the algorithm to create a firewall i.e. create the rules
Input: Marked FDD f
Output: Firewall equivalent to f. For each rule r, r.mp and r.rp is computed.
- Depth-first traverse f such that for each nonterminal node v, the outgoing edge marked as “all” of v is traversed after all other outgoing edges of v have been traversed.
- Whenever a terminal node is encountered, assuming <v1 e1…vk ek v(k+1)> is the decision path where each ei is the most recently traversed outgoing edge of node vi output a rule r together with its matching predicate r.mp and its resolving predicate r.rp as follows:
a. r is the rule which we create from the path to the decision
b. r.mp is the predicate of rule r
r.rp is the predicate which is the same except ignores “all” markings
Generate the rules and matching and resolving predicate for the FDD shown in notes
(notes)
What does compaction do to an FDD?
Removes redundant rules
What is the algorithm for compaction?
Input: A firewall <r_1,….,r_m>
Output: An equivalent but more compact firewall
for i = m to 1 do
redundant[i] := 0;
for i = m to 1 do
if there exist a rule rk in the firewall, where i < k ≤ m, such that the following 4 conditions hold:
1. redundant[k] = false
2. ri, rk have the same decisions
3. ri.rp implies rk.mp
4. for every rule rj, where i<j<k, at least one of the 3 conditions hold:
1. redundant[j] = 1
2. ri, rj have the same decision
3. no packet satisfies both ri.rp and rj.mp
then
redundant[i] := 1
else
redundant[i] := 0
for i = m to 1 do
if redundant[i] = 1 then
remove ri from the firewall
OR in plain english:
1. Mark all rules as not redundant
2. For each rule A:
a. Check if there exists a later rule B that does the same as rule A i.e. allows or discards the same kind of traffic. To define this, all four conditions must apply:
i. Rule A hasn’t already been marked as redundant
ii. Both the rules A and B have the same decisions
iii. The resolving predicate of rule A implies the matching predicate of rule B. This means that if rule A applies, then rule B will also apply – since the resolving predicate of A is more general and encompasses the matching predicate of B
iv. There are no intermediate rules C between A and B that conflict with both of them. To define this one of these conditions must apply:
1. Rule C is redundant
2. Rule C has the same decision as rule A (so rule B also)
3. Rule C doesn’t match any packet that could also match rule A – i.e. the rules do not overlap
b. If those conditions apply, then rule A is redundant because rule B does the same thing as A but is more specific. Therefore, we mark rule A as redundant
c. Otherwise, mark as not redundant
3. Loop through all rules and remove those that are redundant
Compact the rules shown in notes
(notes)
What does simplification do to an FDD?
Basically just splits rules into non-overlapping sub-rules to make the rule set simpler and unambiguous
Simplify the rules shown in notes
(notes)
What are the algorithms in order to generate a firewall?
- Reduction
- Marking
- Firewall generation (creating rules and predicates)
- Compaction
- Simplification
How do we know we can draw some security automaton for a security policy?
The policy is a safety property and the events exist within the systems control
What is a security property?
A set of executions
What is an execution?
A sequence of states or events
When should we use Bell-LaPadula model?
In systems where protecting sensitive information from unauthorised access is critical
When should we use BIBA model?
In systems where data accuracy, consistency and integrity is more important than confidentiality
