SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation
26
3/10/07 ACM SIGCSE'07 1 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department of Electrical Engineering & Computer Science Syracuse University
description
SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation. Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department of Electrical Engineering & Computer Science Syracuse University. Objectives. Improve experiential learning in computer security education - PowerPoint PPT Presentation
Transcript of SEED : A Suite of Instructional Laboratories for Computer SE curity ED ucation
3/10/07 ACM SIGCSE'07 1
SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation
Wenliang (Kevin) DuZhouxuan Teng & Ronghua Wang
Department of Electrical Engineering & Computer Science
Syracuse University
3/10/07 ACM SIGCSE'07 2
Objectives
• Improve experiential learning in computer security education • Undergraduate & Graduate
• Develop effective labs (or course projects) for security courses
• Evaluate the effectiveness of these labs
3/10/07 ACM SIGCSE'07 3
About SEED Project
• Funded by the NSF CCLI Program • Phase I ($75K) was funded in 2002
• Phase II ($450K) was funded in 2007
• Four years of experience and development• Four universities involved• Web page for all the developed labs
• http://www.cis.syr.edu/~wedu/seed/
3/10/07 ACM SIGCSE'07 4
Teaching Philosophy
• Computer security education should focus on: • fundamental security principles
• Students should be given opportunities to experience, apply, to integrate, and to experiment with these principles.
3/10/07 ACM SIGCSE'07 5
Labs Environment
• One environment that supports all labs• Desired properties
• Low cost• No physical lab space is needed: we focus on
software security• Repeatable
3/10/07 ACM SIGCSE'07 6
Lab Environment
Labs
Minix Linux
Virtual Machine(e.g. vmware)
Host OS (Windows, Linux, etc.)
3/10/07 ACM SIGCSE'07 7
Instructional OS (Minix)
• Widely used by many courses, e.g., Operating Systems, Networking, etc.
• Advantage:• Real OS, not a toy program• Much smaller than production OS• Less secure than production OS• Easy to understand and modify
• Disadvantage:• Lack of tools• Lack of advanced security features
3/10/07 ACM SIGCSE'07 8
Labs
• Three types of Labs• Design/Implementation Labs
• Exploration Labs
• Vulnerability Labs
3/10/07 ACM SIGCSE'07 9
Design/Implementation Labs
Design/ImplementationLabs
Minix
Virtual Machine(e.g. vmware)
3/10/07 ACM SIGCSE'07 10
Design Labs
Students’ Tasks
Existing Components
Capability
Access Control List
SandboxEncrypted
File System
Properties of this design:• Focused on targeted principles • Each lab takes 2-6 weeks• Difficulties can be adjusted
RBAC
MAC
IPSec Firewall IDS
Minix OS
SystemRandomization
3/10/07 ACM SIGCSE'07 11
Exploration Labs
ExplorationLabs
Minix Linux
Virtual Machine(e.g. vmware)
3/10/07 ACM SIGCSE'07 12
Exploration LabsMinix/Linux OS
Security Component
Other Components
Guided Tour:• Small experiments• Guided activities• Interact with security components• Observe• Explain the observations
“tour”
Set-UIDPAM: Pluggable
Authentication ModuleReference
Monitor
All the design labs can be transformed to exploration labs
Intel 80x86 ProtectionMode
SYNCookie
3/10/07 ACM SIGCSE'07 13
Vulnerability/Attack Labs
Vulnerability/AttackLabs
Minix Linux
Virtual Machine(e.g. vmware)
3/10/07 ACM SIGCSE'07 14
Vulnerability/Attack Labs
Linux/Minix OS
User Space
Kernel Space
Real-World Vulnerabilities
Fault Injection
Students’ Tasks:1. Find out those vulnerabilities2. Exploit the vulnerabilities3. Fix the vulnerabilities4. Design countermeasures
3/10/07 ACM SIGCSE'07 15
Vulnerability Laboratories
• Buffer-overflow Lab• Race-condition Lab• Format-string Lab• Sandbox(chroot)Lab• Attack Lab on TCP• Attack Lab on ARP, IP,
ICMP• Attack Lab on DNS
• Integer overflow• SQL injection attack Lab• Set-UID vulnerability Lab• Lab on various OS kernel
vulnerabilities
3/10/07 ACM SIGCSE'07 16
Example: Capability Lab (1)• Learning objectives:
• Capability-based access control
• Principle of least privilege
• Reference monitor
• Lab Tasks• 5 capabilities
• Capability management functionalities (enabling, disabling, deleting, delegating, revoking capabilities)
• Time: 4-6 weeks
3/10/07 ACM SIGCSE'07 17
Capability Lab (2)
• An actual capability system is very complicated• Simplification: 5 capabilities (Solaris has 80)
• CAP_READ, CAP_KILL, etc.
• Supporting materials: • Identify time-consuming places
• Analyze whether they are security relevant or not
• If not, tell students how to do those
3/10/07 ACM SIGCSE'07 18
(Crypto + System) Labs
• Encrypted File System Lab• Integrate crypto technologies with file systems• 4-5 weeks• Can also be used for Operating System course
• IPSec Lab• Integrate crypto technologies with TCP/IP• 4-6 weeks• Can also be used for Networking course
• Key management issues: key agreement, key storage, key update, etc.
3/10/07 ACM SIGCSE'07 19
Set-UID Exploration Lab
• “Play” with the Set-UID mechanism in both Minix and Linux, and answer:• How is it implemented?
• Why is it necessary?
• Why is it dangerous?
• How to make Set-UID programs more secure?
• Why does Linux appear more secure than Minix against vulnerable Set-UID programs.
3/10/07 ACM SIGCSE'07 20
Buffer-Overflow Lab• Students are given:
• A vulnerability program: stack.c• Shell code (binary code)• Partially implemented exploit program: exploit.c
(shell code is also given)• Students need to:
• Finish exploit.c• Construct a string that can be used to overflow the buffer
in the vulnerable program• Invoke root shell.
• Time: 1 week
3/10/07 ACM SIGCSE'07 21
Evaluation
• Survey Questionnaires• The quality of lab design and supporting
materials• Students’ perspective in the labs:
• How interested they are• Whether the labs are worthwhile• Whether the labs spark their interests in security
• Participants: 30 students on average
3/10/07 ACM SIGCSE'07 22
Evaluation Results (1)
A: Strongly disagree B: Disagree C: Neutral D: Agree E: Strongly agree
Survey: Your level of interest in this lab is high.
Set-UID Lab Capability Lab IPSec Lab
3/10/07 ACM SIGCSE'07 23
Evaluation Results (2)
A: Strongly disagree B: Disagree C: Neutral D: Agree E: Strongly agree
Set-UID Lab Capability Lab IPSec Lab
Survey: The lab is a valuable part of this course.
3/10/07 ACM SIGCSE'07 24
Evaluation Results (3)
A: Strongly disagree B: Disagree C: Neutral D: Agree E: Strongly agree
Set-UID Lab Capability Lab IPSec Lab
Survey: The lab sparks your interest in computer security.
3/10/07 ACM SIGCSE'07 25
Summaries
• SEED lab environment is low-cost, portable, easy to use
• We have developed 15 labs• We have used them during the last 4 years
• Some other universities are also using them
• Anyone interested are free to use them
• Evaluation results are encouraging
3/10/07 ACM SIGCSE'07 26
NSF CCLI Showcase
• Time: 10:30 - 12:00• Place: Exhibit Hall• I will handout hardcopies of all our labs• Project web site:
• http://www.cis.syr.edu/~wedu/seed
• or google: wedu seed
