SEED: Using Instructional System for SEcurity EDucation
Download
Report
Transcript SEED: Using Instructional System for SEcurity EDucation
SEED: A Suite of Instructional Laboratories
for Computer SEcurity EDucation
Wenliang (Kevin) Du
Zhouxuan Teng & Ronghua Wang
Department of Electrical Engineering & Computer Science
Syracuse University
3/10/07
ACM SIGCSE'07
1
Objectives
•
Improve experiential learning in computer
security education
• Undergraduate & Graduate
•
•
Develop effective labs (or course projects)
for security courses
Evaluate the effectiveness of these labs
3/10/07
ACM SIGCSE'07
2
About SEED Project
•
Funded by the NSF CCLI Program
• Phase I ($75K) was funded in 2002
• Phase II ($450K) was funded in 2007
•
•
•
Four years of experience and development
Four universities involved
Web page for all the developed labs
• http://www.cis.syr.edu/~wedu/seed/
3/10/07
ACM SIGCSE'07
3
Teaching Philosophy
•
Computer security education should focus on:
• fundamental security principles
•
Students should be given opportunities to
experience, apply, to integrate, and to
experiment with these principles.
3/10/07
ACM SIGCSE'07
4
Labs Environment
•
•
One environment that supports all labs
Desired properties
• Low cost
• No physical lab space is needed: we focus on
software security
• Repeatable
3/10/07
ACM SIGCSE'07
5
Lab Environment
Labs
Minix
Linux
Virtual Machine
(e.g. vmware)
Host OS (Windows, Linux, etc.)
3/10/07
ACM SIGCSE'07
6
Instructional OS (Minix)
•
•
Widely used by many courses, e.g., Operating
Systems, Networking, etc.
Advantage:
•
•
•
•
•
Real OS, not a toy program
Much smaller than production OS
Less secure than production OS
Easy to understand and modify
Disadvantage:
• Lack of tools
• Lack of advanced security features
3/10/07
ACM SIGCSE'07
7
Labs
•
Three types of Labs
• Design/Implementation Labs
• Exploration Labs
• Vulnerability Labs
3/10/07
ACM SIGCSE'07
8
Design/Implementation Labs
Design/Implementation
Labs
Minix
Virtual Machine
(e.g. vmware)
3/10/07
ACM SIGCSE'07
9
Design Labs
Minix OS
Existing Components
Students’ Tasks
Properties of this design:
• Focused on targeted principles
• Each lab takes 2-6 weeks
• Difficulties can be adjusted
Capability
RBAC
3/10/07
Encrypted
File System
Sandbox
Access Control List
MAC
IPSec
ACM SIGCSE'07
System
Randomization
Firewall
IDS
10
Exploration Labs
Exploration
Labs
Minix
Linux
Virtual Machine
(e.g. vmware)
3/10/07
ACM SIGCSE'07
11
Exploration Labs
“tour”
Minix/Linux OS
Other Components
Security Component
Guided Tour:
• Small experiments
• Guided activities
• Interact with security components
• Observe
• Explain the observations
Set-UID
SYN
Cookie
3/10/07
PAM: Pluggable
Authentication Module
Intel 80x86 Protection
Mode
Reference
Monitor
All the design labs can
be transformed to exploration labs
ACM SIGCSE'07
12
Vulnerability/Attack Labs
Vulnerability/Attack
Labs
Minix
Linux
Virtual Machine
(e.g. vmware)
3/10/07
ACM SIGCSE'07
13
Vulnerability/Attack Labs
Real-World Vulnerabilities
Fault Injection
Students’ Tasks:
1. Find out those vulnerabilities
2. Exploit the vulnerabilities
3. Fix the vulnerabilities
4. Design countermeasures
Linux/Minix OS
User
Space
Kernel
Space
3/10/07
ACM SIGCSE'07
14
Vulnerability Laboratories
•
•
•
•
•
•
•
Buffer-overflow Lab
Race-condition Lab
Format-string Lab
Sandbox(chroot)Lab
Attack Lab on TCP
Attack Lab on ARP, IP,
ICMP
Attack Lab on DNS
3/10/07
•
•
•
•
Integer overflow
SQL injection attack Lab
Set-UID vulnerability Lab
Lab on various OS kernel
vulnerabilities
ACM SIGCSE'07
15
Example: Capability Lab (1)
•
Learning objectives:
• Capability-based access control
• Principle of least privilege
• Reference monitor
•
Lab Tasks
• 5 capabilities
• Capability management functionalities (enabling,
disabling, deleting, delegating, revoking capabilities)
•
Time: 4-6 weeks
3/10/07
ACM SIGCSE'07
16
Capability Lab (2)
•
An actual capability system is very
complicated
• Simplification: 5 capabilities (Solaris has 80)
• CAP_READ, CAP_KILL, etc.
• Supporting materials:
• Identify time-consuming places
• Analyze whether they are security relevant or not
• If not, tell students how to do those
3/10/07
ACM SIGCSE'07
17
(Crypto + System) Labs
•
Encrypted File System Lab
• Integrate crypto technologies with file systems
• 4-5 weeks
• Can also be used for Operating System course
•
IPSec Lab
• Integrate crypto technologies with TCP/IP
• 4-6 weeks
• Can also be used for Networking course
•
Key management issues: key agreement, key
storage, key update, etc.
3/10/07
ACM SIGCSE'07
18
Set-UID Exploration Lab
•
“Play” with the Set-UID mechanism in both
Minix and Linux, and answer:
•
•
•
•
•
3/10/07
How is it implemented?
Why is it necessary?
Why is it dangerous?
How to make Set-UID programs more secure?
Why does Linux appear more secure than
Minix against vulnerable Set-UID programs.
ACM SIGCSE'07
19
Buffer-Overflow Lab
•
Students are given:
• A vulnerability program: stack.c
• Shell code (binary code)
• Partially implemented exploit program: exploit.c
(shell code is also given)
•
Students need to:
• Finish exploit.c
• Construct a string that can be used to overflow the buffer
in the vulnerable program
• Invoke root shell.
•
Time: 1 week
3/10/07
ACM SIGCSE'07
20
Evaluation
•
Survey Questionnaires
• The quality of lab design and supporting
materials
• Students’ perspective in the labs:
• How interested they are
• Whether the labs are worthwhile
• Whether the labs spark their interests in security
•
Participants: 30 students on average
3/10/07
ACM SIGCSE'07
21
Evaluation Results (1)
Survey: Your level of interest in this lab is high.
A: Strongly disagree
D: Agree
B: Disagree
E: Strongly agree
Set-UID Lab
Capability Lab
3/10/07
ACM SIGCSE'07
C: Neutral
IPSec Lab
22
Evaluation Results (2)
Survey: The lab is a valuable part of this course.
A: Strongly disagree
D: Agree
Set-UID Lab
3/10/07
B: Disagree
E: Strongly agree
Capability Lab
ACM SIGCSE'07
C: Neutral
IPSec Lab
23
Evaluation Results (3)
Survey: The lab sparks your interest in computer security.
A: Strongly disagree
D: Agree
Set-UID Lab
3/10/07
B: Disagree
E: Strongly agree
Capability Lab
ACM SIGCSE'07
C: Neutral
IPSec Lab
24
Summaries
•
•
SEED lab environment is low-cost,
portable, easy to use
We have developed 15 labs
• We have used them during the last 4 years
• Some other universities are also using them
• Anyone interested are free to use them
•
Evaluation results are encouraging
3/10/07
ACM SIGCSE'07
25
NSF CCLI Showcase
•
•
•
•
Time: 10:30 - 12:00
Place: Exhibit Hall
I will handout hardcopies of all our labs
Project web site:
• http://www.cis.syr.edu/~wedu/seed
• or google: wedu seed
3/10/07
ACM SIGCSE'07
26