Title: SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation
1 SEED A Suite of Instructional Laboratories for
Computer SEcurity EDucation
- Wenliang (Kevin) Du
- Department of Electrical Engineering Computer
Science - Syracuse University
- Email wedu_at_ecs.syr.edu
- URL http//www.cis.syr.edu/wedu/seed/
2Objectives
- Improve experiential learning in computer
security education - Develop effective security-related labs (or
course projects) - Targeting both security and non-security courses.
3Overview
- Philosophies behind our approach
- Lab environment
- The design of SEED labs
- Overview of the labs (about 20)
- Discussions
4About SEED Project
- Funded by the NSF CCLI Program
- Phase I (75K) was funded in 2002
- Phase II (450K) was funded in 2007
- Four universities are main partners.
- Several more universities are using.
- Web page for all the developed labs
- http//www.cis.syr.edu/wedu/seed/
5Philosophy 1
- Computer security education should focus on both
the fundamental security principles and
security-practice skills. - Principles A wide spectrum.
- Skills designing, programming, testing,
analyzing, innovating, and applying. - Focused and comprehensive labs
6Philosophy 2
- Computer security education should be integrated
into many other courses, including Operating
Systems, Networking, Computer Architecture,
Compilers, Software Engineering, etc.
7A Generic Environment
- Use for most of the labs
- Learning a new environment is not easy
- Not too expensive
- Most schools do not have budget for this
8Finding a System
- A system that can be used to demonstrate a
variety of security principles. - Interesting can motivate students
- Meaningful not a toy
- Manageable doesnt take months to understand
What can be more comprehensive than operating
systems?
9A Unified Lab Environment
Labs
Minix
Linux
Virtual Machine (e.g. vmware)
Host OS (Windows, Linux, etc.)
10Cost of Environment
- Software cost
- vmware is free for academic use
- Minix and Linux are open-source and free
- Hardware cost
- Use students personal computer
- At least 1.5GB RAM, the more the better
- Use a general computer lab
- Administrator install vmware
- Students buy a portable hard drive (gt 6 G)
11Laboratories
- Three types of labs
- Design/Implementation Labs
- Exploration Labs
- Vulnerability/Attack Labs
- They cover different sets of skills
- The time needed for these labs varies (1 week to
6 weeks)
12Design/Implementation Labs
Design/Implementation Labs
Minix
Virtual Machine (e.g. vmware)
Objectives to build and integrate security
mechanisms in systems, and to
apply security principles in
system building.
13Design Labs
Minix OS
Existing Components
Students Tasks
- Properties of this design
- Focused on targeted principles
- Each lab takes 2-6 weeks
- Difficulties can be adjusted
Capability
Sandbox
Encrypted File System
MAC
System Randomization
Access Control List
RBAC
IPSec
Firewall
IDS
14Lab Development
- Learning objectives
- The principles covered by each lab
- Simplification of the system
- Multi-year project ? Few weeks
- Self-contained
- Not over-simplified
- Reduce non-security critical tasks
- Simplification
- Develop supporting materials
15Exploration Labs
Exploration Labs
Minix
Linux
Virtual Machine (e.g. vmware)
Objectives to explore how security mechanisms
work, and to apply security
principles in evaluating
those mechanisms.
16Exploration Labs
Minix/Linux OS
tour
Other Components
Security Component
- Guided Tour
- Small experiments
- Guided activities
- Interact with security components
- Observe
- Explain the observations
Set-UID
PAM Pluggable Authentication Module
Reference Monitor
Intel 80x86 Protection Mode
All the design labs can be transformed to
exploration labs
SYN Cookie
17Vulnerability/Attack Labs
Vulnerability/Attack Labs
Minix
Linux
Virtual Machine (e.g. vmware)
Objectives to learn from mistakes, to see how a
flaw leads to security
breaches, to carry out real
attacks in the lab environment, and to apply
security principles in defense.
18Vulnerability/Attack Labs
Real-World Vulnerabilities
- Students Tasks
- Find out those vulnerabilities
- Exploit the vulnerabilities
- Fix the vulnerabilities
- 4. Design countermeasures
Fault Injection
Linux/Minix OS
User Space
Kernel Space
19Vulnerability Laboratories
- Buffer-overflow Lab
- Return-to-libc Attack Lab
- Race-condition Lab
- Format-string Lab
- Sandbox(chroot)Lab
- Attack Lab on TCP/IP
- Attack Lab on DNS (Pharming Attacks)
- Cross-Site Scripting Lab
- SQL injection attack Lab
- Set-UID vulnerability Lab
- Lab on various OS kernel vulnerabilities
20Our 2nd Philosophy
- Computer security education should be integrated
into many other courses, including Operating
Systems, Networking, Computer Architecture,
Compilers, Software Engineering, etc.
21Examples for Operating Systems
- File Systems
- Encrypted File System (EFS) Lab
- Access Control
- Capability Lab
- RBAC (Role-Based Access Control) Lab demo
- Memory Management
- Memory Randomization Lab
- Privilege Escalation
- Set-UID Lab
- Privilege Restriction
- Chroot Sandboxing Lab
- Set-RandomUID Sandboxing Lab
22OS (continued)
- Enhancing OS to protect against attacks on
vulnerable programs. - Buffer-overflow Lab demo
- Format-string Lab
- Race condition Lab
- Sandbox Lab
23Networking
- TCP/IP Protocols
- TCP/IP attack Labs (e.g. SYN flooding, TCP RST
attacks, TCP session hijacking, Port scanning) - SYN-Cookie Labs (defend against DOS attacks)
- DNS Protocol
- Pharming Attacks Labs
- IP Routing
- IPSec/VPN Labs
- Firewall Labs
24For Other Courses
- Computer Architecture
- 80386 Protection Mode Lab
- Compilers
- Return-to-libc lab (how stack works)
- Software Engineering
- Capability, RBAC labs (requirement analysis,
design architecture, testing)
25Web Programming
- Hardening systems to defeat attacks on web
applications. - SQL Injection
- XSS
26Evaluation
- Survey-based evaluation
- Anonymous survey after each lab
- Group interview (by a specialist) each semester
- Student feedbacks
- Interview experiences
- Job experiences
- Peer reviews
- Publications
- Interviews
27Experience
- Developed 20 Labs during the last 6 years
- Used in 3 courses at Syracuse University
- One senior-level and two graduate-level
- Also used by several other universities
- Including non-secure courses.
- The results are very encouraging
- Evaluation results can be found in our published
papers and web sites.
28Discussion Topics
- Ideas of labs for various courses
- Dissemination
- We need to get others to use the labs, how?
- Reach out to our own community.
- A barrier interested ? use
29Initiative Open-source Library of Labs
- Hosting and Coordinating
- Organizers and Industry/NSF sponsors
- Contributing mechanisms
- Portal or repository
- Categorization mechanisms
- By courses, topics, principles, difficulties,
book chapters - Feedback mechanism
- Anonymous comments, endorsements by employers
- of downloads
- Discussion Forums