Transcript Slide 1

COM850 Computer Hacking and Security
Lecture 0. Course Introduction
Prof. Taeweon Suh
Computer Science & Engineering
Korea University
Course Information
•
Instructor

•
Textbook

•
C-programming, Network Programming, Computer Architecture, Operating
Systems
References



•
HACKING – The Art of Exploitation, 2nd Edition, Jon Erickson, 2008
Prerequisites

•
Prof. Taeweon Suh
Practical Packet Analysis using Wireshark to Solve Real-world Network Problems,
Chris Sanders, 2nd Edition, no starch press, 2011
TCP/IP Protocol Suite, Behrouz Forouzan, 4th Edition, McGraw-Hill, 2009
TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley, 1994
Office hours


After class as needed
By appointment at Lyceum 307
•
Course materials will be posted on the course web at
http://esca.korea.ac.kr/
•
Contact Information


[email protected]
02-3290-2397
2
Korea Univ
Pioneers of Hacking
• John Draper
 Hacked telephone line to make free calls
 Arrested on toll fraud charges in 1972
 Inspired 2 Steves
Discovery Channel’s The Secret History of Hacking
http://www.youtube.com/watch?v=Y47m1cOyKjA
3
Korea Univ
Pioneers of Hacking
• Steve Wozniack
 Apple co-founder
 Started revolution in computers
• Kevin Mitnick
 Hacked many computer systems
 Convicted of various computer and
communication-related crimes
Discovery Channel’s The Secret History of Hacking
http://www.youtube.com/watch?v=Y47m1cOyKjA
4
Korea Univ
Hacking is Bad?
• Most people associate hacking with
breaking the law and assume that
everyone who engages in hacking
activities is a criminal
 Hackers are outlaws, snooping,
stealing, and spreading viruses. No
one has good words for them
• The essence of hacking is finding
unintended or overlooked uses and
applying them in a new and
inventive ways
 Hacked solutions follow the rules of
the system, but they use those rules
in counterintuitive ways
5
Korea Univ
“My” Hacking Classification
• Software hacking
 Exploit vulnerabilities in software
• Hardware Trojan
 Implant malicious hardware inside a chip
• Hybrid (hardware + software)
 Software to trigger Hardware Trojans
 Software based on the understanding of hardware
details
6
Korea Univ
Abstractions in Computer
Programming using APIs
Provides APIs (Application
Programming Interface)
Operating Systems
Assembly language
or
Machine language
Instruction Set Architecture
(ISA)
Hardware
Implementation
7
Korea Univ
Software Hacking
• Exploit vulnerabilities in software
 Classic buffer overflow
 Heap-based overflow
 Function pointer overflow …
Layout of virtual address space on IA-32
8
Korea Univ
Software Hacking
• Exploit weakness in network protocols and their
implementation in software
 Denial of Service (DoS): SYN flooding, Ping flooding, Ping
of Death, Teardrop, Smurf and Fraggle attacks, Distributed
DoS…
9
Korea Univ
Hardware Trojan
• Relatively new and different attack method
• Implant malicious logic into a chip
Implantation during
Design Phase
HDL
Implantation via CAD
tools
Implantation during
fabrication
IPs
10
Korea Univ
Hardware Trojan
• Israel’s strike to nuclear plants in Syria (2007)
• European chip maker recently built into its microprocessors a
kill-switch that could be accessed remotely. French defense
contractors have used the chips in military equipment
• Time-bomb …
• “The Hunt for The Kill Switch,” IEEE Spectrum, May 2008
11
Korea Univ
Hybrid
• Certain conditions created by software-triggered
Hardware Trojans
• Software hacks computer systems based on
understanding of hardware details
•
Insecure hardware initialization by the BIOS
•
•
•
The BIOS didn’t lock remapping registers after
configuration
Attackers reprogram these registers to map to
TSEG
Corrupt SMI handlers with malicious code
• “Hardware Security in Practice: Challenges and Opportunities,”12
HOST, 2011
Korea Univ
Objectives
• Our focus is on software hacking and security
 In-depth understanding of x86 processor, compiler
outcome, networking, and hopefully OS
 Understand vulnerabilites in software
•
•
•
•
Classic buffer overflow in stack
Denial of Service (DoS) attacks
TCP/IP Hijacking
…
 Study countermeasures to prevent from attacks
 As a side effect, get used to:
• Linux system programming
• x86-based assembly
13
Korea Univ
Lab Environment
• Hardware: x86-based
computers
 Personal laptops are preferred
• Software: 32-bit Linux
 The textbook contain a CD you
can play with
 Or, experiment with the latest
Linux, but recent OSs are patched
against well-known security
threats
 GDB, Wireshark …
14
Korea Univ
Grading Policy
• Midterm Exam: 30%
• Final Exam: 30%
• Class Presentations: 40%
• Fail rule
 You will be given an “F” if you are absent more than 3 times
• 2 late show-ups will be counted as 1 absence
15
Korea Univ
Understand Computer?
• How much do you “exactly” understand computers?
• Answer to the following 2 questions
16
Korea Univ
0.025 != 0.025 ?
17
Korea Univ
0.07 != 0.07 ?
18
Korea Univ
a x b x c != b x c x a ?
19
Korea Univ
What Would You Get?
#include <stdio.h>
int main()
{
signed int sa = 7;
signed int sb = -7;
unsigned int ua = *((unsigned int *) &sa);
unsigned int ub = *((unsigned int *) &sb);
printf("sa = %d : ua = 0x%x\n", sa, ua);
printf("sb = %d : ub = 0x%x\n", sb, ub);
return 0;
}
20
Korea Univ
What Would You Get?
#include <stdio.h>
int main()
{
float f1 = -58.0;
unsigned int u1 = *((unsigned int *) &f1);
printf("f1 = %f\n", f1);
printf("f1 = %3.20f\n", f1);
printf("u1 = 0x%X\n", u1);
return 0;
}
What is this?
21
Korea Univ
What Would You Get?
#include <stdio.h>
int main()
{
double d1 = -58.0;
unsigned long long u1 = *((unsigned long long *) &d1);
printf("d1 = %lf\n", d1);
printf("d1 = %3.20lf\n", d1);
printf("u1 = 0x%llX\n", u1);
return 0;
}
What is this?
22
Korea Univ
What Would You Get?
#include <stdio.h>
int main()
{
float f2 = -0.1;
unsigned int u2 = *((unsigned int *) &f2);
printf("f2 = %f\n", f2);
printf("f2 = %3.20f\n", f2);
printf("u2 = 0x%X\n", u2);
return 0;
}
Why are these
different?
And What is this?
23
Korea Univ
What Would You Get?
#include <stdio.h>
int main()
{
float f3 = 0.7;
unsigned int u3 = *((unsigned int *) &f3);
printf("f3 = %f\n", f3);
printf("f3 = %3.20f\n", f3);
printf("u3 = 0x%X\n", u3);
return 0;
}
Why are these
different?
What is this?
24
Korea Univ
Intel’s Core i7 (2nd Gen.)
2nd Generation
Core i7
L1
32 KB
L2
256 KB
L3
8MB
Sandy Bridge
995 million transistors
in 216 mm2 with 32nm
technology
25
Korea Univ