ElsayedMostafa
diff --git a/‎2 - 1 - Introducing Computer Security (6:17).txt‎
Lines changed: 178 additions & 0 deletions b/‎2 - 1 - Introducing Computer Security (6:17).txt‎
Lines changed: 178 additions & 0 deletions
diff --git a/‎2 - 2 - What is software security? (7:48).txt‎
Lines changed: 219 additions & 0 deletions b/‎2 - 2 - What is software security? (7:48).txt‎
Lines changed: 219 additions & 0 deletions
@@ -0,0 +1,178 @@
+[SOUND]
+Computer security,
+more recently known as cyber security,
+is an attribute of a computer system.
+The primary attribute that system
+builders focus on is correctness.
+They want their systems to behave as
+specified under expected circumstances.
+If I'm developing a banking website,
+I'm concerned that when a client specifies
+a funds transfer of say $100 from one of
+her accounts, then $100 is indeed
+transferred if funds are available.
+If I'm developing a word processor, I'm
+concerned that when a file is saved and
+reloaded, they do get back my
+data from where I left off.
+And so on.
+A secure computer system is
+one that prevents specific
+undesirable behaviors under
+wide ranging circumstances.
+While correctness is largely
+about what a system should do,
+security is about what it should not do.
+Even when there is an adversary who's
+actively and maliciously trying to
+circumvent any protective measures
+that you might put in place.
+There are three classic security
+properties that systems usually attempt
+to satisfy.
+Violations of these properties
+constitute undesirable behavior.
+These are broad properties.
+Different systems will have
+specific instances of some of
+these properties depending
+on what the system does.
+The first property is confidentiality.
+If an attacker is able to manipulate
+the system so as to steal resources or
+information such as personal attributes or
+corporate secrets,
+then he's violated confidentiality.
+The second property is integrity.
+If an attacker is able to modify or
+corrupt information keep by a system, or
+is able to misuse
+the systems functionality,
+then he's violated the systems integrity.
+Example violations include the destruction
+of records, the modifications of
+system logs, the installation of unwanted
+software like spyware, and more.
+The final property is availability.
+If an attacker compromises a system so
+as to deny service to legitimate users,
+for example, to purchase products or
+to access bank funds, then the attacker
+has violated the system's availability.
+Few systems today are completely secure,
+as evidenced by the constant stream of
+reported security breaches that
+you may have seen in the news.
+In 2011, for example,
+the RSA corporation was breached.
+I'll say more about how in a moment.
+The adversary was able to steal sensitive
+tokens related to RSA's SecureID devices.
+These tokens were then used to break
+into companies that use SecureID.
+In late 2013, Adobe corporation was
+breached, and both source code and
+customer records were stolen.
+At around the same time, attackers
+compromised Targets point of sale
+terminals, and were able to steal around
+40 million credit and debit card numbers.
+And these are just a few
+high profile examples.
+How did the attackers
+breach these systems?
+Many breaches begin with
+the exploitation of a vulnerability in
+the system in question.
+A vulnerability is a defect that
+an adversary can exploit through carefully
+crafted interactions to get
+the system to behave insecurely.
+In general,
+a defect is a problem in the design or
+implementation of the system such that
+it fails to meet its requirements.
+In other words,
+it fails to behave correctly.
+A flaw is a defect in the design while
+a bug is a defect in the implementation.
+A vulnerability is a defect that affects
+security relevant behavior rather than
+simply correctness.
+As an example,
+consider the RSA 2011 breach.
+This breach hinged on a defect in
+the implementation of Adobe Flash player.
+Where the flash player should benignly
+reject malformed input files,
+the defect instead allowed the attacker
+to provide a carefully crafted input
+file that could manipulate the program
+to run code of the attacker's choice.
+This input file could be embedded
+in a Microsoft Excel spreadsheet so
+that flash player was automatically
+invoked when the spreadsheet was opened.
+In the actual attack,
+the adversary sent such a spreadsheet
+to an executive at the company.
+The email masqueraded as
+being from a colleague so
+the executive was beguiled
+into opening that file.
+This sort of faked email is called a spear
+phishing attack, and it's quite common.
+One the spreadsheet was opened
+the attacker was able to silently install
+malware on the executive's machine,
+and from there, carry out the attack.
+This example highlights an important
+distinction between viewing
+software through the lens of correctness
+and through the lens of security.
+From the point of view of correctness,
+the flash vulnerability is just a bug,
+and all non trivial software has bugs.
+Companies admit to shipping their software
+with known bugs because it will be
+too expensive to fix them all.
+Instead developers focus on bugs that
+would arise in typical situations.
+The bugs that are left, like the flash
+vulnerability, come up rarely and
+users are used to dealing
+with them when they do.
+If doing something causes their software
+to crash, users quickly learn that,
+that something is not something to do and
+they work around it.
+Eventually, a bug is so burdensome on
+many users that a company will fix it.
+Now, on the other hand, from the point of
+view of security, it is not sufficient to
+judge the importance of a bug only
+with respect to typical use cases.
+Developers must consider
+atypical misuse cases,
+because this is exactly
+what the adversary will do.
+Whereas a normal user might
+trip across a bug and
+cause the software to crash, an adversary
+will attempt to reproduce that crash,
+understand why it is happening, and
+then manipulate the interaction to
+turn that crash into an exploitation.
+In short, to ensure that a system
+meets its security goals,
+we must strive to eliminate bugs and
+design flaws.
+We must think carefully about those
+properties that must always hold no
+matter what, and ensure our design and
+implementation does not contain defects
+that would compromise security.
+We must also design the system so
+that any defects that do inevitably
+remain are harder to exploit.
+
@@ -0,0 +1,219 @@
+[SOUND]
+So
+far we have talked about computer security
+generally, but what is software security?
+The subject of this class, in particular.
+Software security is a branch of
+computer security that focuses on
+the secure design and
+implementation of software.
+In other words, it focuses on avoiding
+software vulnerabilities, flaws and bugs.
+While software security overlaps with and
+complements other areas of
+computer security, it is distinguished
+by its focus on a secure system's code.
+This focus makes it a white box approach,
+where other approaches are more black box.
+They tend to ignore
+the software's internals.
+Why is software security's
+focus on the code important?
+The short answer is that software
+defects are often the root cause of
+security problems, and software security
+aims to address these defects directly.
+Other forms of security tend to ignore the
+software and build up defenses around it.
+Just like the walls of a castle,
+these defenses are important and
+work up to a point.
+But when software defects remain,
+cleaver attackers often find
+a way to bypass those walls.
+We'll now consider a few standard methods
+for security enforcement and see how their
+black box nature presents limitations that
+software security techniques can address.
+Our first example is security enforcement
+by the operating system or OS.
+When computer security was growing
+up as a field in the early 1970s,
+the operating system was the focus.
+To the operating system, the code of a
+running program is not what is important.
+Instead, the OS cares about
+what the program does, that is,
+its actions as it executes.
+These actions, called system calls,
+include reading or
+writing files, sending network packets and
+running new programs.
+The operating system enforces security
+policies that limit the scope of
+system calls.
+For example, the OS can ensure
+that Alice's programs cannot
+access Bob's files.
+Or that untrusted user programs
+cannot set up trusted services on
+standard network ports.
+The operating system's security
+is critically important, but
+it is not always sufficient.
+In particular,
+some of the security relevant actions of
+a program are too fine-grained
+to be mediated as system calls.
+And so
+the software itself needs to be involved.
+For example, a database management
+system or DMBS is a server that manages
+data whose security policy is specific to
+an application that is using that data.
+For an online store, for example,
+a database may contain security sensitive
+account information for customers and
+vendors alongside other records such as
+product descriptions which are not
+security sensitive at all.
+It is up to the DBMS to implement security
+policies that control access to this data,
+not the OS.
+Operating systems are also unable
+to enforce certain kinds of
+security policies.
+Operating systems typically act as an
+execution monitor which determines whether
+to allow or disallow a program action
+based on current execution context and
+the program's prior actions.
+However, there are some kinds of policies,
+such as information flow policies, that
+can not be, that simply cannot be enforced
+precisely without consideration for
+potential future actions,
+or even nonactions.
+Software level mechanisms can be
+brought to bear in these cases,
+perhaps in cooperation with the OS.
+We will consider information flow policies
+in more depth later in this class.
+Another popular sort of security
+enforcement mechanism is
+a network monitor like a firewall or
+intrusion detection system or IDS.
+A firewall generally works
+by blocking connections and
+packets from entering the network.
+For example, a firewall may
+block all attempts to connect to
+network servers except those
+listening on designated ports.
+Such as TCP port 80,
+the standard port for web servers.
+Firewalls are particularly useful
+when there is software running on
+the local network that is only
+intended to be used by local users.
+An intrusion detection system
+provides more fine-grained control
+by examining the contents of network
+packets, looking for suspicious patterns.
+For example,
+to exploit a vulnerable server,
+an attacker may send a carefully crafted
+input to that server as a network packet.
+An IDS can look for
+such packets and filter them out to
+prevent the attack from taking place.
+Firewalls and
+IDSs are good at reducing the avenues for
+attack and
+preventing known vectors of attack.
+But both devices can be worked around.
+For example, most firewalls
+will allow traffic on port 80,
+because they assume it
+is benign web traffic.
+But there is no guarantee that
+port 80 only runs web servers,
+even if that's usually the case.
+In fact, developers have invented SOAP,
+which stands for simple object
+access protocol, to work around firewall
+blocking on ports other than port 80.
+SOAP permits more general
+purpose message exchanges, but
+encodes them using the web protocol.
+Now, IDS patterns
+are more fine-grained and
+are more able to look at the details
+of what's going on than our firewalls.
+But IDSs can be fooled as well by
+inconsequential differences in
+attack patterns.
+Attempts to fill those gaps by using
+more sophisticated filters can
+slow down traffic, and attackers can
+exploit such slow downs by sending lots of
+problematic traffic, creating a denial of
+service, that is, a loss of availability.
+Finally, consider anti-virus scanners.
+These are tools that examine
+the contents of files, emails, and
+other traffic on a host machine,
+looking for signs of attack.
+These are quite similar to IDSs,
+but they operate on files and
+have less stringent performance
+requirements as a result.
+But they too can often be bypassed by
+making small changes to attack vectors.
+Now we conclude our comparison
+of software security to
+black box security with an example,
+the Heartbleed bug.
+Heartbleed is the name given
+to a bug in version 1.0.1 of
+the OpenSSL implementation of the
+transport layer security protocol or TLS.
+This bug can be exploited by getting
+the buggy server running OpenSSL to
+return portions of its memory.
+The bug is an example
+of a buffer overflow,
+which we will consider in
+detail later in this course.
+Let's look at black box
+security mechanisms, and
+how they fare against Heartbleed.
+Operating system enforcement and
+anti-virus scanners can do little to help.
+For the former,
+an exploit that steals data does so
+using the privileges normally
+granted to a TLS-enabled server.
+So the OS can see nothing wrong.
+For the latter, the exploit occurs
+while the TLS server is executing,
+therefore leaving no obvious
+traces in the file system.
+Basic packet filters used by IDSs can
+look for signs of exploit packets.
+The FBI issued signatures for the snort
+IDS soon after Heartbleed was announced.
+These signatures should work against basic
+exploits, but exploits may be able to
+apply variations in packet format such
+as chunking to bypass the signatures.
+In any case, the ramifications of
+a successful attack are not easily
+determined, because any exfiltrated data
+will go back on the encrypted channel.
+Now, compared to these, software security
+methods would aim to go straight to
+the source of the problem by preventing or
+more completely mitigating
+the defect in the software.
+