Due Date: December 17th, 2010, 5:00pm.
In this assignment, teams will configure the target systems and try to protect them from a non-trivial Common Weakness Enumeration (CWE) vulnerability (or class of vulnerabilities). Choose your vulnerability carefully as you will need to show that it is important that your application is protected from such attacks. Choosing a vulnerability that your program does not suffer from or for which there are already known complete fixes will impact your grade. I recommend choosing a vulnerability that you may not solve completely, but that you may teach me something about the solution.
To determine which vulnerability to choose, you will need to study the deployment of your application in the SIIS Eucalyptus cloud. Important things to look for include:
Installation Threats: What is the installation process? What processes have access to the application image? Can you check that files were installed correctly? For code? For data?
You should track the files loaded by the installation, so you can identify those that may be vulnerable.
Configuration Threats: Those of you using Ubuntu will have AppArmor's Linux Security Module and those with RedHat will have SELinux. How does AppArmor or SELinux protect your application? Is there a policy for that application? Can you find the policy? Can you find which subject labels (processes) can access which object labels (files)?
Network Threats: The systems will have an iptables firewall, so is this configured? What is the network accessibility of your system in general and this application in particular? Identify secure and insecure network communication channels.
Application Threats: What processes are part of the application? Which have direct network access? What label and UID do processes run under? How many processes use which labels and UIDs?
File Threats: What are the access rights to files in application (recorded from above)? Which are protected by MAC enforcement? Which by discretionary access control? How many processes can modify the discretionary file permissions?
Process Threats: For a few important processes for this application, identify the program interfaces to access external data. What interfaces receive untrusted data for sure? What interfaces are likely to receive untrusted data?
Also, look at the CWE document at different threats and consider how to test your program for such threats. You will want to include such tests in your report.
From this assessment, choose a CWE vulnerability that is relevant to your application. For this vulnerability, please define an ideal defense that would prevent all such attacks. In many cases, you will not be able to implement an ideal solution because it will block some functions that may be desirable or it will be too difficult/expensive to implement. Then, identify a compromise solution that you may prototype. Ideally, you would implement this solution for your application, but that may prove to be too difficult. In such case, you can implement the solution for a test program and argue why it would apply to your application.
The end result will be a research report (see the slides regarding Writing a Research Paper) containing the following sections:
Introduction: Goal is to prevent your vulnerability comprehensively for your application.
Background: What is the problem? What resources are available? What do you think the requirements of a valid solution would be?
Related Work: What has been tried? Why didn't it work?
Approach: What is your proposed approach and why do you think that it will work for your application? Should make an informal argument that it will solve the problem if done correctly.
Implementation: What did you build evaluate your solution? Why do you think that would be a sufficient experimental system?
Evaluation: What did you learn about the security, performance, usability, etc. of your proposed approach? How does deploying the application in the cloud impact the threat?
Discussion: What were the limitations of your experiment? What should be done in the future?
Conclusion: What did you learn?
A draft of the background and related work sections is due on 12/1. Project status slides are due on 12/2.
You are to complete this project within your team. At the discussion on December 7, present your status. You will get credit for your ideas that are useful to others.