Introduction to Computer Security

Learning the Lingo and Thinking Like a Hacker

Gregory M. Kapfhammer

September 2, 2024

What is infosec?

Prevent unauthorized access to data on a computer system
Data is both sensitive and valuable and must be protected
Risk management is the focus of information security
Malware often helps an attacker gain access to a system
System failure often occurs during an attack with malware

Key Questions: Have you ever been the subject of an information security attack? What was the attack vector? Could it have been prevented? What strategies would have enabled your defense?

Learning the Lingo: PDR

Key security acronyms describing design principles:
- PDR: Prevention, Detection, Reaction
  - Prevention: Stopping an attack before it starts
  - Detection: Identifying an attack in progress
  - Reaction: Stopping an attack before it causes damage

Key Questions: From your perspective, which of these three is the most important? Should an individual or an organization disclose information about a security breach? Why or why not?

Learning the Lingo: CIA

Key security acronyms describing design principles:
- CIA: Confidentiality, Integrity, Availability
  - Confidentiality: Keeping secret information secret
  - Integrity: Data has not been corrupted or tampered with
  - Availability: Systems are up and running for valid users

Key Questions: What is an attack a “hacker” could take to comprise one of the CIA principles? How would the attack compromise the CIA principles? What could be done to prevent the attack?

Learning the Lingo: DRY

Key strategy for ensuring system security:
- DRY: Don’t Repeat Yourself
  - Guideline for automation and system design
  - Avoid manual repetition by using scripts and tools
  - Reuse verified resources across multiple systems

Key Questions: What are some practical ways to introduce DRY into your systems and development practices? What is the downside of the DRY strategy? How does this connect to zero-touch deployment?

Learning the Lingo: AAA

Strategies for ensuring system security:
- AAA: Authentication, Authorization, Accounting
  - Authentication: Confirming someone’s identity
  - Authorization: Keeping track of entity’s resource access
  - Accounting: Tracking the usage of resources

Key Questions: Why are these appropriate strategies for ensuring system security? What are the limitations of each strategy? What is the fundamental trade-off in computer security? Why?

Key Dilemma: people may have key computer security requirements but limited computer security expertise

Key Trade-off: making a system secure often makes it less usable!

Key Questions: When you are using computer hardware and software do you tend to err towards security or usability? What are some strategies for making software both secure and usable?

Examples of four programs that may have security flaws! Any ideas?

Web browsers like firefox or chrome
Servers like sshd or httpd
LLM interaction with llm or litellm
Terminal window history with atuin or zsh

Key Questions: What could be a security vulnerability in each of these programs? How could they be prevented and detected? What should be the reaction to the detection of a security vulnerability?

Overall goals of “security synapse”

High-Level Concepts
- Concepts such as confidentiality and integrity
- Test all aspects of the system to ensure correctness
- Make a benchmark framework to measure performance
Low-Level Implementation Details
- Use cryptography to secure transferred data
- Use hashing to verify data integrity
- Secure implementation in programming languages

Implementation: which languages are reputed to be the most or least secure? Why? Do you agree with consensus?

Let’s Make a Computer Security Synapse

Obfuscate a file using a symmetric key
Compute the SHA256 hash of a file
Illustrate an insecure memory access
Use a synthetic JSON file to illustrate concepts
Make sure to pip install cryptography!

What Does the JSON File Look Like?

{
    "vulnerabilities": [
        {
            "id": "CVE-2021-1234",
            "description": "Buffer overflow in XYZ software",
            "severity": "High",
            "exploit_available": true
        },
        {
            "id": "CVE-2021-2345",
            "description": "SQL injection in ABC database",
            "severity": "Medium",
            "exploit_available": false
        },
        {
            "id": "CVE-2021-3456",
            "description": "Cross-site scripting in DEF web application",
            "severity": "Low",
            "exploit_available": true
        }
    ]
}

Encrypting a File

from cryptography.fernet import Fernet
import json

def encrypt_file(file_path: str, key: str):
    """Encrypt a file using a symmetric key."""
    # load the file
    with open(file_path, 'r') as file:
        data = json.load(file)
    # convert the dictionary into a string
    data_string = json.dumps(data, sort_keys=True)
    # create a Fernet object
    fernet = Fernet(key)
    # encrypt and return the data
    encrypted_data = fernet.encrypt(data_string.encode())
    return encrypted_data

# generate a symmetric key
key = Fernet.generate_key()
# encrypt the file
encrypted_data = encrypt_file('security.json', key)

Showing the Encrypted File

# generate a key
key = Fernet.generate_key()
# encrypt the file
encrypted_data = encrypt_file('security.json', key)
print(encrypted_data)

b'gAAAAABnTzNr1qgHEGGohsxt8xOZADR_keQom-BXN69UurTbYA8mlC7mZsV7IyKglRAmQDV-xG7nD7XG3lMLSBTa3FpYXfDiZMxkp6rORux374rbt9gBOx1wg5l78PjZOluin2-jzJKaPM4xXVZwd7ky8__WbLJCiLag8WHivW_9EkzFTaRwA-JBB_YI3GYoQtAveE-Te7drB6N9AN6tDB-pykpJAIsSYWUPNwcJCh14DbyWMakbipDLQgesF29OUdQMVFBufQVsNhLYm16M12dGVETcBoB-qlJvOyUdgGOp__qyTc1Z6UlCAf5lt-UiUjyIefK92zHuu1e97VifthGabczgRosU8NfnLKCSHWF4ytOytpMoUMkNCNkUbtW9cQqs-VBMYJWDj7--3nhffGJpXNV1reyKAKH3z9top9jE7mVluIcPifVSBIsChjAVmBrPLb1YAApNEs6L_aW4qcNS0CcrjZDEalK0zT6lOqIrU6FhYJJmFAS_JdSHlRJ1Ep4s9Nvr0ts8C3NOwz_5-Mmhaae4CrzuA6AEvkCEhMXHKbpCmEFvYszfaFPhMUOfaVV7EhD6s8Xy6QjSz2ceOi6UJfy7GtqflA=='

How does the generate_key function work?
Output will vary each time encrypt_file is called
Is it possible to retrieve the original JSON file?
Reference: Cryptography Documentation for Fernet

Decrypting a File

def decrypt_file(encrypted_data: str, key: str):
    """Decrypt data using a symmetric key."""
    # create a Fernet object
    fernet = Fernet(key)
    # decrypt the data
    decrypted_data = fernet.decrypt(encrypted_data)
    # convert the decrypted data back into a dictionary
    original_data = json.loads(decrypted_data.decode())
    return original_data

# decrypt the data and display it
original_data = decrypt_file(encrypted_data, key)
print("\n" + str(original_data) + "\n")


{'vulnerabilities': [{'description': 'Buffer overflow in XYZ software', 'exploit_available': True, 'id': 'CVE-2021-1234', 'severity': 'High'}, {'description': 'SQL injection in ABC database', 'exploit_available': False, 'id': 'CVE-2021-2345', 'severity': 'Medium'}, {'description': 'Cross-site scripting in DEF web application', 'exploit_available': True, 'id': 'CVE-2021-3456', 'severity': 'Low'}]}

Computing a File’s Hash

import json, hashlib

def compute_hash(file_path):
    """Compute the SHA256 hash of a file."""
    with open(file_path, 'r') as file:
        data = json.load(file)
    # convert the dictionary into a string
    data_string = json.dumps(data, sort_keys=True)
    # create a new SHA256 hash object
    hash_object = hashlib.sha256()
    # update the hash object with the bytes of the string
    hash_object.update(data_string.encode())
    # get the hexadecimal representation of the hash
    hash_hex = hash_object.hexdigest()
    return hash_hex

# corrupted file: security.json
print(compute_hash('security.json'))

9b1db0f693fa050f9dae7543a160f6994a1dfe025813bca8b93c6b474129b7a8

Computing a Corrupted File’s Hash

import json, hashlib

def compute_hash(file_path):
    """Compute the SHA256 hash of a file."""
    with open(file_path, 'r') as file:
        data = json.load(file)
    # convert the dictionary into a string
    data_string = json.dumps(data, sort_keys=True)
    # create a new SHA256 hash object
    hash_object = hashlib.sha256()
    # update the hash object with the bytes of the string
    hash_object.update(data_string.encode())
    # get the hexadecimal representation of the hash
    hash_hex = hash_object.hexdigest()
    return hash_hex

# corrupted file: security-corrupted.json
print(compute_hash('security-corrupted.json'))

032fdb6e537fceb62af92fd313169377d10847bd5535bcaf7a5282ac3d19383d

Long-Running Process

import time
import os

def monitor_file_for_key(file_path, key):
    """Monitor a JSON file for a specific key and record it."""
    key_tracking_list = []
    while True:
        # check if the file exists
        if os.path.exists(file_path):
            # open the file in read mode
            with open(file_path, 'r') as file:
                # load the JSON data from the file
                data = json.load(file)
            # check if the key exists in the data
            if key in data:
                # add a reference to the data in the list
                key_tracking_list.append(data)
        # wait for a while before checking the file again
        time.sleep(1)

# start to monitor a changing JSON file and for a key
monitor_file_for_key("security.json", "CVE-2021-2345")

Memory Leaks Restrict Availability

Do not run this program for an extended time period!
The security.json file will be read every second
The in-memory key_tracking_list grows without bound
Memory leak occurs when no release of process memory
Why does monitor_file_for_key restrict availability?

Key Questions: What is the attack vector for this program? How would you make it more secure? Could a different programming language or a security tool detect and/or prevent this memory leak?