🔒

MIT Security Course Lecture 1

Jun 7, 2024

View transcript

MIT OpenCourseWare Security Course Notes

Introduction

  • Instructor: Led by a professor, co-lecturer: James Mickens from Microsoft Research.
  • TAs: Stephen, Webb, [INAUDIBLE], James.

Course Structure

  • Goal: Understand how to build secure systems, why they fail, and how to fix them.
  • Textbook: No recommended textbook; based on research papers.
  • Reading Assignments: Read and submit answers/questions by 10:00 PM before lecture.
  • Lectures: Discussion-based around the assigned papers.

Class Components

  • Lectures: Cover various security topics, discuss assigned research papers.
  • Lab Assignments: Practical assignments throughout the semester, covering a range of security problems in web servers.
    • Lab 1: Buffer overflows in C and Assembly.
    • Lab 2: Python-based.
    • Lab 3: Different language.
    • Lab 5: JavaScript.
    • Expectation: Learn multiple programming languages.

Administrative Details

  • Office Hours: TAs available for help.
  • Piazza: Platform for submitting questions online.
  • Lecture Recordings: Available online.

Ethical Guidelines

  • Conduct security research responsibly.
  • Don't perform illegal activities or misuse knowledge.
  • Guidelines available online.

What is Security?

  • Definition: Achieving goals despite adversaries.
  • Policies: Confidentiality, Integrity, Availability.

Threat Model

  • Assumptions: Define adversary's capabilities (e.g., do not have passwords, physical access).
  • Importance: Conservatively assume worst-case scenarios.

Mechanisms

  • Definition: Software/hardware enforcing security policies.
  • Example Mechanisms: Cryptography, Authentication.

Challenges in Security

  • Negative Goal: Ensuring nothing breaks despite all possible attacks.
  • Changing Threat Models: Assumptions may evolve over time.
  • Complex Systems: Composed of many parts, error-prone.
  • Iterative Process: Continuous improvement needed.

Examples of Security Failures

Policy Failures

  • Account Recovery: Weakens the system, case of Sarah Palin's Yahoo account.
  • Interconnected Systems: Mat Honan's case, weak policies across services (Apple, Amazon).

Threat Model Failures

  • Human Factors: Weak passwords, phishing.
  • Technological Evolution: Old assumptions may no longer hold true (e.g., Kerberos key length).
  • Government Capability: Backdoors in hardware (NSA).

Mechanism Failures

  • Programming Bugs: E.g., Apple's iCloud login issue.
  • Implementation Errors: E.g., Android Bitcoin SecureRandom() bug.

Mechanism Bug Examples

  • Stack Overflows: Buffer overflows overwrite return addresses, leading to exploits.
    • Lab 1 focuses on this topic.
  • Examples in History: DARPA's red team attacks, poor source code protection.
  • Modern Concerns: SSL names encoding and null-termination in C.

Mitigating Mechanism Failures

  • Defensive Programming: Avoid unsafe functions like getS().
  • Modern CPU Features: Non-executable stacks.
  • Segmentation and Permissions: Prevent code execution from data segments.
  • Minimize Trusted Computing Base: Fewer components enforcing security policies.

Conclusion

  • Important Note: Start early on labs, seek help if needed.
  • Look Forward: To more specific details in subsequent lectures and assignments.

Full transcript