1

Integration of Information Security Laboratories into

Computer Architecture Courses to Enhance

Undergraduate Education

Jayantha Herath, Sarnath Ramnath, Susantha Herath, *Ajantha Herath

St. Cloud State University, *University of Dubuque

2

Active Learning Environments

• Computer Architecture –1 • Digital Logic Circuit Design Course• Performance focus• http://web.stcloudstate.edu/jherath/CompArch-1

• Introduction to Programming in C++ • http://web.stcloudstate.edu/jherath/Cplusplus

• Intermediate Computer Architecture • Performance focus• Interface to CS-1 and Computer

Architecture-1• http://web.stcloudstate.edu/jherath/CompArch-2• Need to interface with other courses

• Information Assurance and Computer Security Course

3

Computer Architecture-1Digital Logic CircuitDesignCS-1

Networking

Databases OperatingSystems

Storage

CompilerDesign

Interfacing

CS-2Intermediate Computer Architecture

4

Implementation of basic programming constructs I/O arithmetic expressions memory operations register operations if-else and switch conditional operations for-while iterative computation controls simple and recursive functions in several

different ISAs.

Pipeline processor design using VHDLMain focus - Performance

5

Main Message

Computer Architecture should be learning more than traditional performance issues Secure Networking Secure Storage Secure Databases Secure Operating system

6

Problems Information assurance and network

security tracks have been developed over the recent years without providing necessary and sufficient background knowledge in logic, storages and processor architecture.

Passive Learning

Interfacing laboratories for ArchitectureSymposium

7

TUTOR 1.32> MS 2000 'ABCDEFGHIJKLMNOPWRSTUVWXYZ' 

TUTOR 1.32> MS 2020 'abcdefghijklmnopwrstuvwxyz'

 

TUTOR 1.32> MS 2040 '0123456789'

 

MEMORY DISPLAY

 

TUTOR 1.32> MD 2000 256

002000 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 ABCDEFGHIJKLMNOP

002010 57 52 53 54 55 56 57 58 59 5A FF FF FF FF FF FF WRSTUVWXYZ......

002020 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop

002030 77 72 73 74 75 76 77 78 79 7A FF FF FF FF FF FF wrstuvwxyz......

002040 30 31 32 33 34 35 36 37 38 39 FF FF FF FF FF FF 0123456789......

....

002090 12 EB 00 13 12 EB 00 0E 12 FC 00 20 12 EA 00 02 .k...k...|. .j..

0020A0 12 EA 00 12 12 EA 00 03 12 EA 00 02 12 FC 00 21 .j...j...j...|.!

....

0020F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................

 Figure 1. Setting and Displaying the Content of Storage

First Close Lab in Computer Architecture-2

8

00000000 50 4f 53 54 20 2f 63 67 69 2d 62 69 6e 2f 6c 6f POST /cg i-bin/lo

00000010 67 69 6e 2e 63 67 69 20 48 54 54 50 2f 31 2e 31 gin.cgi HTTP/1.1

00000020 0d 0a 41 63 63 65 70 74 3a 20 61 70 70 6c 69 63 ..Accept : applic

00000030 61 74 69 6f 6e 2f 76 6e 64 2e 6d 73 2d 65 78 63 ation/vn d.ms-exc

00000040 65 6c 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f el, appl ication/

00000050 6d 73 77 6f 72 64 2c 20 61 70 70 6c 69 63 61 74 msword, applicat

 Figure 2(a) Packet Sniffer Output - www.rediff.com 00000000 16 03 00 04 79 02 00 00 46 03 00 2f ed 29 44 2a ....y... F../.)D* 00000020 7a b2 b5 95 40 08 c3 74 ae 70 98 20 49 08 00 00 z...@..t .p. I...

00000030 82 32 61 be ad eb b1 27 ee 5e 93 e6 b3 1e ac 79 .2a....' .^.....y

00000040 7e 80 31 0b d2 2e b9 70 3b e5 55 b3 00 03 00 0b ~.1....p ;.U.....

00000050 00 03 5a 00 03 57 00 03 54 30 82 03 50 30 82 02 ..Z..W.. T0..P0..

00000060 bd a0 03 02 01 02 02 10 3c f4 4e cc 7b c3 e6 34 ........ <.N.{..4

00000070 b0 3f 2d 8e b8 78 41 27 30 0d 06 09 2a 86 48 86 .?-..xA' 0...*.H.

00000080 f7 0d 01 01 05 05 00 30 5f 31 0b 30 09 06 03 55 .......0 _1.0...U

 Figure 2 (b) Packet Sniffer Output - www.hotmail.com

Open Lab 1 for Computer Architecture-2Packet Sniffing Using Ethareal

Communication networksPassive monitoring

9

Another Lab - Logic Attack to Access Databases [4]

username AND password to access database Convert to username AND password OR any

expression always TRUE

Normal Access SQL Logic expression String query = "SELECT * FROM users_table " +

" WHERE username = " + " ‘ " + username + " ‘ " +" AND password = " + " ‘ " + password + " ‘ " ;

Logic AttackAttacker enters arbitrary username: anyname, but special “password” of: Aa ‘ OR ‘ ‘ = ‘

Dynamically-constructed query becomes: SELECT * FROM users_table WHERE username = ‘anyname‘ AND password = ‘Aa‘ OR ‘ ‘ = ‘ ‘;

Where clause: F AND F OR T => F OR T => T ! All user rows returned to application

10

Computer Forensics-Labs

Criminal cases: Data representation Unaltered data

Data collected from: Hard drives Log files Documents

Creator signaturesContent analysisOrigin of source code or ideas

11

A Lab to interface Operating System Concepts - State of Utah vs. Carl Payne [5]Summer 1996: FiberNet, ISP, clash with Payne who helped found.

September 96 Terminate Payne.

October 30, 1996 Payne’s last day of work.

November 6, 1996 Attack on FiberNet’s computers.

State Alleged: Payne

a disgruntled employee with knowledge to carry out the attack. created a “back door” on his last week of employment. used his dial-up account to log into Fibernet’s systems and erase

everything.

12

/etc/shadow(printed November 6, 1996 by prosecution expert witness)

What are the numbers

6445 9800 9807 9818

????Number of days since January 1, 1970

13

/etc/shadow(Printed November 6, 1996 by prosecution expert witness)

9818 = November 11, 19966445 = August 25, 19879807 = November 7, 19969800 = October 31, 1996

14

Another Open Lab – Storage Issues

Data Sanitization AutoClave

http://staff.washington.edu/jdlarios/autoclave http://wipe.sourceforge.net for linux Free Writes just zeroes, DoD specs, or the

Gutmann patterns. Very convenient and easy to use. Erases the entire disk including all swap space.

Data Retrieve - Forensics tools The Coroner’s Toolkit

www.porcupine.org/forensicsl/tct.htm

15

US vs. John Doe

1992 Dr. John Doe joined University A as an Associate Professor of medicine, received tenure in one-year, and promoted to Full Professor in the following year.

Twenty seven years of professional experience Generated clinical income for the University via his

specialist clinics where he cared for hundreds of chronically ill patients with bone diseases and external funds.

2001 - Resigned from the University A, started working as a tenured Professor at University B in State J.

16

Worm spread in U- May 16, 2001

Around 10:50 AM CDT, users of U started receiving infected emails.

Some users opened the attachment in the emails. They saw a message window,Followed by rapid flashes of infected

emails sending out.Network began to slowdown due to

emails spread by worm.Some users reported it to

the helpdesk and to IST staff.

17

May 16, 2001 While at University A, John opened an e-

mail from a friend of his native country, via the Yahoo e-mail, with an attachment file bearing the name of a town familiar to him.

John opened the attachment without knowing that it was a worm arriving from an infected machine.

A few days later his supervisors accused him of creating and transmitting a virus.

his computer was confiscated.

18

One and half years after John opened the e-mail attachment, he was informed that a grand jury indicted him for violating 18 USC 1030.

19

The grand jury charged that Professor John Doe did knowingly cause the transmission of a program, information, code or command, and as a result of such conduct, did intentionally cause damage without authorization to a protected computer, which is used in interstate and foreign commerce and communication, and, by such conduct, caused loss to one or more persons during a one-year period aggregating at least $5K in value.

20

Professor Doe started finding an attorney to represent himself, many attorneys asked him to pay $150,000 upfront to represent him in the case. Found one for $5000 and he quitsThen found another for $50,000Lawyers, judges, juries do not know computer related issues

21

Annual Regional Symposiums

1.  Symposium on Computer Architecture -2002 http://web.stcloudstate.edu/jherath/hipe2002

2. Symposium on Information Assurance and Security -2003 http://web.stcloudstate.edu/sherath/SIAS2003

3.  Information and Network Security Workshop-2003 http://web.stcloudstate.edu/sherath/INSW2003

22

Main Message Revisited

Computer Architecture should be more than learning traditional performance issues Secure Storage Secure Databases Secure applications Secure operating system Secure network environment

Need Architecture Laboratories to address security issues of processors and Storages.

23

1. Symposium on Information Assurance and Security -2003 http://web.stcloudstate.edu/sherath/SIAS2003

2.  Information and Network Security Workshop-2003 http://web.stcloudstate.edu/sherath/INSW2003

3.  Pfleeger, Security in Computing, http://www.prenhall.com

4.  http://www.cs.uwec.edu/~wagnerpj/security/5.  http://www.simson.net/2002-11-Forensics.ppt6. http://www.ethereal.com/distribution/win32/7.  http://winpcap.mirror.ethereal.com/install/

default.htm