CS 161 Discussion 2
Announcements
HW 2 is out (due Sunday) [Buffer Overflows + Basic Encryption]
Project 1 is due next Tuesday (7/7)
There’s a really good GDB walkthrough on Piazza (see Section Slides).
Come to OH if you need help!
Moving on to encryption this week :)
Software Vulnerabilities
Buffer Overflows
Occurs when attackers write to memory regions they shouldn’t be writing to.
Attackers can force crashes, insert shellcode, or manipulate parameters/flags!
Stack Smashing
Occurs when attackers overwrite the return instruction pointer (RIP) to point to a desired location.
Attackers can execute shellcode!
Integer Conversion Vulnerabilities
When we don’t pay attention to signed & unsigned integers, bad things can happen.
Attackers can bypass bounds checking and/or allocate large amounts of memory!
Format String Vulnerabilities
Occurs when we don’t use the printf(...) command properly.
Attackers can...
Do Question 1 on Worksheet
Alone // Breakout Room // Discuss
Do Question 2
Please use the green checkmark in Zoom to indicate when you’re done!
tinyurl.com/161-poll
Do Question 3
The TCB
The TCB (Trusted Computing Base) is a part of a system that must operate correctly if we want the security goals of the system to be assured.
Q: Why do we want our TCB to be as small as possible?
Do Question 3 on Worksheet
Notes
Feel free to email me at shomil@berkeley.edu with any questions about the course or anything else!
My office hours are from 3 PM - 4 PM on T/Th.
See pinned Piazza posts for link to these slides!
Appendix: Privilege Separation v. Least Privilege
P.S. = means
L.P = goal
You achieve least privilege by separating important privileges to different people.
Appendix: Least Privilege v. Separation of Responsibility
L.P. = “Can you do something?”
S.o.R = “Can you do something by yourself?”
ex: two officers needed to open the blast door
LP: non-officers can’t open the door
SoR: no one officer can open the door