I. Summary and Review of the Course ------------------------------------------ SUMMARY AND REVIEW We will discuss the course So, please interact: - Offer opinions - Give feedback - Ask questions If you are watching on video, I welcome feedback by email or phone ------------------------------------------ A. The big picture ------------------------------------------ THE BIG PICTURE Why is software security important? Does the real world have complete security? ------------------------------------------ Why are incomplete techniques more effective in the real world? B. Review of syllabus ------------------------------------------ WHAT WE STUDIED Context: - Real World Security Bugs Defense Techniques - Threat Modeling - Static and Dynamic Analysis - Program Analysis - Symbolic Execution - Concolic Execution - Fuzzing - Taint Analysis - Information Flow Security Memory Attacks - Smashing the Stack attacks - Defenses: - Baggy Bounds Checking - W xor X permissions - ASLR - Reference Monitors (CFI, XFI) Web Attacks - XSS - CSRF (aka XSRF) - Defenses: - Allow lists - Output encoding - Taint tracking - CSP - Concolic execution (Andrilla) - Semantic/logic bugs (shop for free) - Formal methods (Alloy Analyzer) - Traffic Analysis (side channel attacks) ------------------------------------------ What is the difference between static and dynamic analysis? What are the advantages and disadvantages of static techniques vs. dynamic techniques? Is it possible to combine static and dynamic techniques? Which defensive techniques are easiest to implement? Which defensive techniques can completely prevent attacks? If we can't stop an attack completely, what else can be done? Are there general techniques that work for the defense? What topics have been omitted that should be taught? What were the most interesting topics? 1. Lessons Learned? What are the most important lesson(s) you learned? Are there general techniques (or attacks) that we can learn from? What are the most interesting thing(s) you learned? Where is more research and development needed? What should a software development shop do for secure development? What techniques do you plan to use in the future? 2. Attack and Threat Models What is an attack model? Why is it useful? How could we judge different attack models? How is an attack model different from a threat model? What is the use of a threat model? 3. Thinking like an attacker Why is it useful to think like an attacker? What are some general ideas/tactics found in the attacks studied? C. Where do we go from here? 1. practical/industry paths forward What careers or contributions can be made in industry using what we have learned in this class? 2. practical tools needed What tools are needed to help make software more secure in practice? 3. research needed What are the gaps in our knowledge of software security? Are there other areas (besides software security) that need research to make digital life more secure? 4. academic paths forward D. about the class What could be improved about the class? What was omitted from the class that should have been discussed? What was good about the class and shouldn't be changed? ------------------------------------------ CLASS OBJECTIVES main objective: you can supervise an enterprise's software system safety - [Strategize] plan a strategy to assure software safety - [Design] Design a set of mitigations to the likely and important threats - [Implement] Implement a tool to support a secure development process - [Evaluate] Evaluate the adequacy of a threat model and mitigations ------------------------------------------ Did we give you background for doing those? Are those the right objectives?