欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PPT文档下载
    分享到微信 分享到微博 分享到QQ空间

    Databases- A class break by design! Is there a class defense-.ppt

    • 资源ID:372909       资源大小:1.39MB        全文页数:44页
    • 资源格式: PPT        下载积分:2000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要2000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    Databases- A class break by design! Is there a class defense-.ppt

    1、Databases: A class break by design! Is there a class defense?,Dr Steve Moyle Founder/CTO SecernoE: T: +44 7801749587,Edinburgh Chapter February 2008,2,“Sensitive customer information is like asbestos. Weve been building housing with it for years and only recently discovered its toxic when airborne”

    2、.Andrew Jaquith Yankee, September 2007,3,“In my opinion, database security is riddled with holes and its the biggest problem we face in IT today.Database attacks offer the biggest potential for fraudulent activity and damage to companies reputations and customer confidence”.David Litchfield, Managin

    3、g Director NGSS Keynote, Black Hats Conference Las Vegas, August 2006,4,Databases: The class break by design! Is there a class defense?,Outline Class breaks Database principles The infinite language space Class Defenses Informed Security Automatic unique language subspace,5,Databases the good news,U

    4、biquitous persistent storage fielded in millions of systems Skills availability Standards based common language Long history Multi featured Aggregated storage of valuable data,6,Ubiquitous persistent storage,How many fielded systems? $14 billion database market in 2005 Source: Gartner 2005 135,166,4

    5、73 “up” web sites Source: Netcraft September 2007 How many “unknown” systems? Products built on a database that the owner knows nothing about Persistent storage Microsoft was rumoured to have considered it as an alternative component of their operating system for its file-store,7,Mature market,Marke

    6、tplace of alternatives “simple” for customers to switch Database skill sets DBAs Applications Development (But what about database security?) Very stable technology 80% budget spent “keeping the lights on” Difficult to start again with a “clean sheet”Competition is good for customers as it drives st

    7、andardisation but standardisation leads to a single point of failure,8,Databases are one of many components in complicated systems Abstracting complexity into large components obfuscates security issues Evolution of data usage Data processing systems Client-server SOAHow many legacy database systems

    8、 secure in yesteryear are wrapped to deliver SOA?,Aggregated data aggregating risk,9,Databases the not so good news,Ubiquitous persistent storage fielded in millions of systems every one has got one Skills availability every one knows how they work Standards based common language Long history old fa

    9、shioned Multi featured vast vulnerability surface Aggregated storage of valuable data all eggs in a single basket,Class Breaks,11,Class breaks,What is a “class break?” In network security jargon, thats what happens when one breach leads to a whole new “class” of attacks on various systems, using sim

    10、ilar methods. Source: http:/www.doubletongued.org/index.php/citations/class_break_1/“Technological advances bring with them standardization, which also adds to security vulnerabilities, because they make it possible for attackers to carry out class breaks: attacks that can break every instance of so

    11、me feature in a security system. Class breaks mean that you can be vulnerable simply because your systems are the same as everyone elses. And once attackers discover a class break, theyll exploit it again and again until the manufacturer fixes the problem (or until technology advances in favor of th

    12、e defender again).“ Source: Bruce Schneier, “Beyond Fear“, 2003, pp 93-4,12,Classic class break,Combining control and data channels“For decades, phone companies have been fighting against class breaks. In the 1970s, for example, some people discovered that they could emulate a telephone operators co

    13、nsole with a 2600-Hz tone, enabling them to make telephone calls for free, from any telephone” Source: Bruce Schneier, “Beyond Fear“, 2003, pp 93-4,13,Lessons from history,What can go wrong when combining static data & dynamic control in the one channel? Microsoft Word Words/Paragraphs + Word Basic

    14、Macros Macro viruses Web browsers Static Web pages + JavaScript Cross-site scripting (XSS) Databases Valuable data + Data Control Language, Data Manipulation Language SQL Injection, ,Remote Database Control,14,Principles of databases,History Original research due to Ted Codd in the 1960s Codds 12 ru

    15、les for defining a fully relational database Source: E.F. Codd, : “Is Your DBMS Really Relational?“, ComputerWorld, 1985The “breakthrough” everything is a relation (i.e. a table of records)Everything is accessed by the same language Structured Query Language is the most popular computer language use

    16、d to create, modify, retrieve and manipulate data from relational database management systems.,15,Codds Principles: Rule #4,Codds 12 rules for defining a fully relational databaseRule 4: Dynamic On-line Catalog Based on the Relational Model The database description is represented at the logical leve

    17、l in the same way as ordinary data, so authorized users can apply the same relational language to its interrogation as they apply to regular data.,16,Database Class break Component #1,Database nitric acid (nitro)Combining control and data channelsTo be a relational database it must combine data and

    18、control in the same Physical channel (the network) Logical channel (the language),17,The Language space,How many sentences are allowed in a language? How many SQL statements can we write? Can we index an infinite space?,18,Database Class break Component #2,Database glycerineConsider the Database as

    19、a scripting engine SQL is a powerful, common, standard scripting (a.k.a. macro) language. What functionality can be achieved with a modern database? Data access (e.g. read) yes Data manipulation (e.g. write) yes operating system interaction sure Anything that is computable (?),19,The database vulner

    20、ability surface,The infinite language spaceApplication programming errorsinappropriate setup E.g. Over provisioning, ACL,+,+,= ,20,How does an application talk to the database?,Assembling a Normal SQL statement SELECT * from dvd_stock where catalog-no = PHE8131 and location = 1The parameters in the

    21、statement come from user input (e.g. a web browser). The application layer accepts the values for catalog-no and location (PHE8131, 1) and pastes them into the pre-canned query template.SELECT * from dvd_stock where catalog-no = and location =,PHE8131,1,21,Database answers,Results from a Normal quer

    22、y.Statement: SELECT * from dvd_stock where catalog-no = PHE8131 and location = 1Output:,Star Trek - The Next Generation Season 2 39.35 15 Star Trek - The Next Generation Season 3 39.35 12 Star Trek - The Next Generation Season 4 39.35 13 Star Trek - The Next Generation Season 5 39.35 17,22,Assemblin

    23、g an abnormal SQL statement: SQL Injection,Instead of inputting a sensible value for catalog-no in the web browser the user enters union select name, id, 0 from sysobjects where xtype=U;- which the application layer pastes into the pre-canned query template.,SELECT * from dvd_stock where catalog-no

    24、= , and location =,union select name, id, 0 from sysobjects where xtype=U;-,1,23,Codds Achilles heal,Using “union“ in the select returns meta-data about the tables within the database. Statement: SELECT * from dvd_stock where catalog-no = union select name, id, 0 from sysobjects where xtype=U;- and

    25、location = 1 Output:,adult_display 1269579561 0 anonemail 1285579618 0 card_prefix 1301579675 0 catalog 1317579732 0 catalog_redirects 1349579846 0 certs 1365579903 0 country 1381579960 0 director 1397580017 0 directorlink 1413580074 0 dvd_customers 1429580131 0 dvd_orderitems 1461580245 0 dvd_order

    26、s 1445580188 0 dvd_stock 1477580302 0 dvd_users 1493580359 0:,(Slide B-03),24,“Airborne” Sensitive Customer Information,Credit card detail records. Statement: SELECT * from dvd_stock where catalog-no = union select cardNo, customerId, 0 from DVD_Orders - and location = 1Output:,4511222233334444 1185

    27、3 0 4612345678901234 11853 0 4675883388338833 11588 0 4514861356415750 11204 0,25,What does the attacker actually see?, union select cardNo, customerId, 0 from DVD_Orders -,26,How did this situation occur?,Developers love adding features but do they ever delete features?We can define developers (fro

    28、m the perspective of application security) as: Vulnerability Surface Expansion Engineers,27,External Attack Its Personal,SQL injection remains a serious type of attack affecting databases, with 250% year on year growth (MITRE).,28,Codds principles and the infinite language space,Database nitro-glyce

    29、rineThe same language is used to interact with meta-data as data The SQL language allows infinite statements to be acceptedHow does one defend in an infinite space?,Class Defenses,30,Defending Class Breaks,Schneiers view: “manufacturer fixes the problem (or until technology advances in favor of the

    30、defender again).”But Manufacturers have (or nearly have) fixed their end! What “technology advances favor the defender”?,31,Can patching really help?,Microsoft SQL Server users ,Source: David Litchfield Which database is more secure? Oracle vs. Microsoft, 21st November 2006,Year,Number of Published

    31、Vulnerabilities,32,Class defenses,What is a “class defense?”,An approach that leads to a whole new “class” of defenses on various systems, using similar methods.,Source: Steve Moyle, RSA Europe, October 2007,33,Defending in an infinite language space,How does one defend in an infinite space? By defi

    32、ning the sub-set of the space that is normal for the system in its (unique) context still potentially infiniteHow does one define the appropriate language subspace? .,34,“Legal” SQL vs. Normal behaviour,How hard is it to stop hacking? It is hard to define normal SQL behaviour because it is applicati

    33、on specific.,Previous,New behaviour,Where we have observed the system,Do you want your databases answering these queries?,The space of legal SQL is infinite,Novel queries, not previously observed,Sinister queries, previously observed,35,Separation of control,S Q L,Data Definition Language: Meta Data

    34、,Data Manipulation Language: Queries,Data Control Language: Access Permissions,Application: Previous,Developers/DBAs only,Never applications,36,How does one define the appropriate language subspace?,Pre-defined black lists Unique database deployment contexts cannot be foreseen Error rates unacceptab

    35、leUser defined white lists Impractical to expect application owners to program all situations in advanceRegular expressions Too crude to adequately define the intent of a programming language Chomsky, 1956, 1959,| NOT,37,Syntax versus Semantics,Can search for the string union in the hope it will be

    36、a keyword unless there are references to “union bank” etc. which will trigger a false positive the developer has actually programmed SELECT lastname from boys union SELECT lastname from girls,But what about uni/* */on which is semantically equivalent? . or u/* */nion char(117,110,105,111,110),We don

    37、t like union in this context SELECT * from dvd_stock where catalog-no = union select cardNo, customerId, 0 from DVD_Orders - and location = 1,38,Grammatical Clustering A class defence for databases,Controlling computer behaviour requires the understanding of the conversations between components a la

    38、nguage approach combined with machine learning is the only effective way to do it Motivation Language transmits intent Malicious intent transmitted by language too Attackers thwarted by context dependent unique tripwires Only by understanding unique systems at the language level is this achievable e

    39、fficiently,39,Ingredients for Grammatical Clustering,Language (SQL),Observed StatementsSELECT Blob2 FROM catalog WHERE catalog-no = 0141318090; SELECT Blob2 FROM catalog WHERE catalog-no = 0141317388; SELECT Blob2 FROM catalog WHERE catalog-no = 0747573603; SELECT Blob2 FROM catalog WHERE catalog-no

    40、 = 0747573611; SELECT Blob2 FROM catalog WHERE catalog-no = 074757362X; SELECT Blob2 FROM catalog WHERE catalog-no = 0747573638; SELECT Blob2 FROM catalog WHERE catalog-no = 0747569401; SELECT * from dvd_stock where catalog-no = HEADHPS2 and location = 1 SELECT * from dvd_stock where catalog-no = HE

    41、ADHPS2 and location = 2 SELECT Blob2 FROM catalog WHERE catalog-no = 074754624X; SELECT Blob2 FROM catalog WHERE catalog-no = 0747551006; SELECT Blob2 FROM catalog WHERE catalog-no = 0747561079; SELECT Blob2 FROM catalog WHERE catalog-no = 0747568979; SELECT * from dvd_stock where catalog-no = PHE81

    42、31 and location = 1 SELECT Blob2 FROM catalog WHERE catalog-no = 0747545723; SELECT * from dvd_stock where catalog-no = PHE8131 and location = 2 SELECT Blob2 FROM catalog WHERE catalog-no = 0747554560; SELECT COUNT(*) AS fullCount FROM catalog WHERE (title LIKE %gotcha% ) AND Status = 1 AND NOT art-

    43、type = 7 AND NOT art-class = XXX SELECT * from dvd_stock where catalog-no = PHE8214 and location = 1 SELECT NTesting Connection. SELECT * from dvd_stock where catalog-no = PHE8214 and location = 2 EXECUTE msdb.dbo.sp_sqlagent_get_perf_counters SELECT * FROM prodtype WHERE art-class = XXX SELECT * FR

    44、OM certs WHERE cert-type = 18,40,Outputs from Grammatical Clustering,SELECT,FROM, * blob2 cert-type euroexchangerate catalog-no Hometext : location,WHERE, certs catalog dvd_users : dvd_stock prodtype, * blob2 cert-type euroexchangerate catalog-no Hometext : location,= 18, * Blob2 cert-type euroexcha

    45、ngerate catalog-no Hometext : location,= 1,SELECT * FROM certs WHERE cert-type = 18 SELECT * from dvd_stock where catalog-no = PHE8131 and location = 1,= PHE1831 and,1,2,41,Extract the database language space used and build security control policy,Automatic extraction of the actual language space us

    46、ed providing rich context dependent knowledge Build precise control policies based on live measurements Policies precise enough to determineSELECT * from dvd_stock where catalog-no = union select cardNo, customerId, 0 from DVD_Orders - and location = 1 is anomalous without needing to trigger an expl

    47、icit block list,42,Results,Attack detection & prevention Yes BLOCKING! Database misuse internal/external Understanding of application behaviour vulnerabilities are all lurking in the application layer Knowledge feedback loop to all Audit/compliance Operations Development ,43,Conclusions,Databases ar

    48、e massively vulnerable to class attacks by designCaused by their underlying principles and technology and multiplied by their ubiquity and the appalling quality of applications developmentDefending databases requires a strong understanding of what they should normally be doing (and restricting it)Techniques from machine learning and computational linguistics provide an approach that can be used as a “class defense”,Questions?,Dr Steve Moyle Founder/CTO SecernoE: T: +44 7801749587,


    注意事项

    本文(Databases- A class break by design! Is there a class defense-.ppt)为本站会员(吴艺期)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开