IoT devices and web applications often provide services by utilizing its underlying OS commands instead of implementing the whole service from scratch. For example, the majority of modern Wi-Fi routers provide network ping service for users to check if their network setup is correct; and its implementation is built on top of existing Linux `ping` command instead of re-implementing the entire ICMP protocol. Re-using OS commands has the benefit of providing fast/accurate service development with minimal engineering effort. However, improper data sanitization exposes such service to OS command injection which is a serious yet easy-to-overlook security flaw. Exploiting OS command injection is way too easy compared to other system exploitation techniques; however, its security impact is high. In this tutorial, I will demonstrate advanced OS command injection techniques against common bash shells and explain how we can bypass various filters/restrictions. Also I will provide a docker-based platform as a small series of CTF/Wargame challenges to practice such exploitation techniques as a lab exercise.
Daehee Jang is an assistant professor at Sungshin W. University, Security Engineering Department. He received Ph.D. of Information Security at KAIST in 2019; and he worked as postdoctoral researcher at Georgia Tech until 2020. He participated in various global hacking competitions (such as DEFCON CTF) and won several awards. He received a special prize from 2016 KISA annual event for finding 0-day security vulnerabilities in many software products. Also, he is the founder of pwnable.kr wargame - an education platform for training hacking skills.
Prerequisites for this tutorial:
Tutorial exercises require a web browser such as Chrome. Please prepare an Internet-available laptop if you want to try out the tutorial tasks.
Ensuring confidentiality and integrity of sensitive workloads is becoming increasingly more difficult with today's computing systems. Modern software is growing more and more complex and inevitably contains bugs. The presence of vulnerabilities in user programs and even operating system kernels render the protection of secrets a daunting challenge. Trusted Execution Environments (TEEs) ensures confidentiality and integrity of sensitive program code and data by constructing a safe and isolated execution compartment within the system by leveraging hardware support for isolation in modern architectures.
Intel has introduced Software Guard eXtension (SGX) in its processor architecture to provide secure enclaves for protecting program secrets. This tutorial will discuss the security model, design patterns, and applications of SGX. Then, we will write a simple SGX-protected program together to provide a hands-on experience with trusted execution environments.
Prof. Hojoon Lee is currently an assistant professor at the Dept. of Computer Science and Engineering at Sungkyunkwan University since September 2019. Prior to his current position, he spent one year as a postdoctoral researcher at CISPA under the supervision of Prof. Michael Backes. He received my Ph.D. from KAIST in 2018, advised by Prof. Brent Byunghoon Kang and his B.S. from The University of Texas at Austin. His main research interests lie in retrofitting security in computing systems against today’s advanced threats. His research interests include but are not limited to Operating System Security, Trusted Execution Environments, Program Analysis, Software Security, and Secure AI Computation in Cloud.
Prerequisites for this tutorial:
This tutorial will require a Linux-based system that can run docker containers. We will provide docker images that have SGX SDK preinstalled. Note that an SGX-capable Intel system is not required since our example will use the simulation mode provided by the SDK. So bring your laptop and make sure you have access to a Linux machine via SSH or a local virtual machine if your laptop is not running Linux already.