SEED:

Developing Instructional Laboratories for Computer SEcurity EDucation

Vulnerability and Attack Labs

People learn from mistakes. In security education, we study mistakes that lead to software vulnerabilities. Studying mistakes from the past not only help students understand why systems are vulnerable, why a "seemly-benign" mistake can turn into a disaster, and why many security mechanisms are needed. More importantly, it also helps students learn the common patterns of vulnerabilities, so they can avoid making similar mistakes in the future. Moreover, using vulnerabilities as case studies, students can learn the principles of secure design, secure programming, and security testing.

(1) Software in general

  1. Shellshock Vulnerability Lab (new): exploit Bash's Shellshock vulnerability
  2. Set-UID Program Vulnerability Lab: exploit the vulnerabilities of the privileged Set-UID programs. (Survey Results)
  3. Buffer Overflow Vulnerability Lab: exploit the buffer overflow vulnerability using the shell-code approach. (Survey Results)
  4. Return-to-libc Attack Lab: exploit the buffer-overflow vulnerabilities using the return-to-libc attack. (Survey Results)
  5. Format String Vulnerability Lab: exploit the format string vulnerability. (Survey Results)
  6. Race Condition Vulnerability Lab: exploit the race condition vulnerability. (Survey Results)
  7. Chroot Sandbox Vulnerability Lab: explore how the chroot sandbox can be broken. (Survey Results)

(2) Network Protocols

  1. TCP/IP Attack Lab: exploit the vulnerabilities of the TCP/IP protocols. (Survey Results)
  2. DNS Pharming Attack Lab: exploit the vulnerabilities of the DNS protocol to launch Pharming attacks. (Survey Results)

(3) Web Applications

    The following labs need to use the Ubuntu9.11 VM:
  1. Cross-site Scripting Attack Lab on PhpBB: exploiting cross-site scripting vulnerabilities. (Survey Results)
  2. Cross-site Request Forgery Attack Lab on PhpBB: exploiting cross-site request forgery vulnerabilities. (Survey Results)
  3. SQL Injection Attack Lab on PhpBB: experience the SQL-Injection attacks. (Survey Results)
  4. ClickJacking Attack Lab: experience the ClickJacking attacks.
    The following labs need to use the Ubuntu11.04 or Ubuntu12.04 VM:
  1. Cross-site Scripting Attack Lab on Collabtive: exploiting cross-site scripting vulnerabilities.
  2. Cross-site Request Forgery Attack Lab on Collabtive: exploiting cross-site request forgery vulnerabilities.
  3. SQL Injection Attack Lab on Collabtive: experience the SQL-Injection attacks.

Design/Implementation Labs

The objective of the design/implementation labs is to provide students with opportunities to apply security principles in designing and implementing systems. They help students achieve learning by system development.

(1) Networking

  1. Linux Firewall Lab: implement a simple firewall (called "miniFirewall") for Linux. This lab involves Loadable Kernel Module and Netfilter. (Survey Results)
  2. Minix Firewall Lab implement a simple firewall (called "miniFirewall") for Minix. (Survey Results)
  3. IPSec Lab: implement a simplified IPSec protocol (called "miniIPSec") for Minix (a comprehensive project). (Survey Results)
  4. Virtual Private Network (VPN) Lab: implement a simple VPN (called "miniVPN") in Linux (a comprehensive project). Unlike IPSec-based VPNs, this lab does not need to modify the Linux kernel. All the implementations are in the user space. This lab involves encryption, hash, public key certificates, SSL, and network tunneling techniques (TUN/TAP). (Survey Results)

(2) System

  1. Role-Based Access Control (RBAC) Lab design and implement an integrated access control system for Minix that uses both capability-based and role-based access control mechanisms. Students need to modify Minix kernel to implement both capability and RBAC (this is a comprehensive project for access control). (Survey Results)
  2. Capability Lab: design and implement a capability-based access control system for Minix (this is a comprehensive project).
  3. Encrypted File System Lab: design and implement an encrypted file system for Minix (a comprehensive project).
  4. Set-RandomUID Lab: design and implement a simple sandbox for Minix.
  5. Address Space Layout Randomization (ASLR) Lab randomize stack and heap in Minix to improve security.

Exploration Labs

The objective of the exploration labs is two-fold: the first is to enhance students' learning via observation, playing and exploration, so they can see what security principles ``feel'' like in a real system; the second objective is to provide students with opportunities to apply security principles in analyzing and evaluating systems. The exploration labs provide a feasible means by which the students have "a direct encounter with the phenomena being studied rather than merely thinking about the encounter, or only considering the possibility of doing something about it".
  1. Linux Firewall Exploration Lab: This is the redesign of the Linux Firewall Design/Implementation Lab. The focus is shifted from programming to exploration. Students will explore various firewall-related technologies, such as netfilter, web proxy, URL rewriting, and using SSH tunnels to evade egress filtering.
  2. Packet Sniffing and Spoofing Lab: explore how sniffing and spoofing tools are implemented. (Survey Results)
  3. Linux Capability Exploration Lab: explore the capability-based access control in Linux. (Survey Results)
  4. Web Browser Access Control Lab: explore the Same-Origin Access Control Policy in web browsers. (Survey Results)
  5. Crypto Lab I -- Secret-Key Encryption : explore secret-key encryption and its applications using OpenSSL. (Survey Results)
  6. Crypto Lab II -- One-Way Hash Function: explore one-way hash function and its applications using OpenSSL. (Survey Results)
  7. Crypto Lab III -- Public-Key Cryptography and PKI: explore public-key cryptography, digital signature, certificate, and PKI using OpenSSL.
  8. Pluggable Authentication Modules (PAM) Lab: explore a flexible authentication technique.
  9. SYN Cookies Lab: explore the SYN Cookies mechanism in Linux.