sign in sign up
<<
Home , Time bomb (software)

Security - 2017 GenCyber Camp

Bo Luo Associate Professor Director, Information Assurance Lab, ITTC The University of Kansas, Lawrence, KS, USA [email protected]; http://www.ittc.ku.edu/~bluo Software Security Modularization Abstraction Information hiding Simplicity Minimization Software Security .What is “secure” program? . Means different things to different people .Is it secure if ? . takes too long to break through security controls . runs for a long time without failure . it conforms to specification . free from all faults

3 Software Security .Complete Program Security . Can we make programs completely secure? . Not easy .Why? .Software testing: make sure that code does what it's supposed to do .Software security: verify that code doesn't do anything it isn't supposed to do. Much harder

.Program errors could be exploited by adversaries to: gain control of the system, deploy Trojan horses, etc.

4 Software Security .IEEE Terminology . error – human action that causes an incorrect result . fault – incorrect step, process or data definition in a program . failure – system doesn’t behave according to requirements

. a fault is an inside view - seen by developers . a failure is an outside view - seen by users

5 Software Security .Faults in Programs . Program errors could be exploited by adversaries to: gain control of the system, deploy Trojan horses, etc. .Which is better: . finding and fixing 20 faults in a module? . finding and fixing 100 faults? .Finding 100 could mean . you have better testing methods OR . code is really bad; 100 were just the tip of the iceberg .Software testing literature: . finding many errors early → probably find many more

6 Software Security .Types of flaws . validation error . domain error . serialization and aliasing . inadequate . boundary condition violation . other exploitable logic errors

.From Landwehr: Taxonomy of Security Flaws

.Let’s see an example.

7 Software Security .TOCTTOU: Time of Check to Time of Use .Real world example, purchase at a store: Time of check

. Costs $100 . You count out the money on the counter

. Cashier turns around, you take $20 back Time of use

. Cashier doesn't notice . Still get the $100 item

8 Software Security .Software security example: pseudocode for opening file stuff.txt: Time of check

if (permission(user, stuff.txt)) open(stuff.txt) else return failure Time of use

9 Software Security .Software security example: pseudocode for opening file stuff.txt: Time of check

if (permission(user, stuff.txt)) open(stuff.txt) else return failure Time of use

. Suppose that stuff.txt is a symlink . What would happen if we switched the link to a different file?

10 Software Security .TOCTTOU is unlikely? . Timing would have to be perfect. .But: . can run program over and over . only have to get it right once . can run many other programs to lengthen time between check and open

11 Software Security .Malicious code: designed to do things “it isn’t supposed to do” . virus . . . time bomb (special case of logic bomb) . worm

12 Software Security .Trojan horses: program with . Open, known effect . And a secret effect .Example: game that searches hard drive for passwords .Propagating Trojans: Trojans which make copies of themselves

13 Software Security .The secret effects of Trojan horses . Control the ( ) . Steal information: passwords, bank accounts, credit card numbers, SSN, etc. . Install (malicious) software . Monitor and control hardware: key logger, watch screen, view webcam . More?

14 Software Security . . Holds a computer system, or the data it contains, hostage against its user by demanding a ransom. . Disable an essential system service or lock the display at system startup . Encrypt some of the user's personal files, originally referred to as cryptoviruses, cryptotrojans or cryptoworms . Victim user has to . enter a code obtainable only after wiring payment to the attacker or sending an SMS message . buy a decryption or removal tool

CS426 Fall 2010/Lecture 15 15 Software Security .Ransomware

CS426 Fall 2010/Lecture 15 16 Software Security .Viruses: program which . infects other files (inserts itself into) . performs some action .Many types: . boot sector . executable file infector . multipartite (different targets e.g. either boot sector or exe) . encrypted viruses . polymorphic viruses . macro virus

17 Software Security .Software Security Controls? .Patching OS and applications . Importance of patching . Timing: vulnerability window . 0-day vulnerabilities . Vulnerability scanning

18 Software Security .Operating Systems Controls . trusted software . protection, confinement . limited privilege . logging

19 Software Security .Developmental Controls . Good software engineering practice! . Modularity . Abstraction . Encapsulation, information hiding . Separation, isolation . Simplicity . Minimization . Least astonishment . Testing . Peer reviews . Designing good specs . Fail safe mechanisms

20 Abstraction .Abstraction: representation of an object or concept that includes only the most significant attributes . Something such as a door, a speedometer, or a data structure in computer science. . Abstraction decouples the design from the implementation. . A map is an abstraction of the earth. .The concept of abstraction is fundamental in programming (and computer science) Abstraction .The goal in abstraction, from a viewpoint is to remove any clutter that can distract and possibly be used in an incorrect way. .Abstraction only provides the essential details of what is being modeled and provide the minimum information necessary to accomplish the task. Modularity .Process abstraction .Modular programming . software design technique . separating the functionality of a program into independent, interchangeable modules. Modularity .Process abstraction .Modular programming . software design technique . separating the functionality of a program into independent, interchangeable modules. .Each module (sub-program) . Everything necessary to execute a unique part of the desired functionality . A single entry point . Well designed interfaces: provide all the detail needed for one module to replace another and achieve the needed results. Modularity .Hardware modularity . 1980s and 1990s: desktop computers were more of a hobbyist effort. . Computers could be modified to add hardware and increase performance. . Memory could be added. . There were different sound and video cards available. . Disk drives came in different sizes. . All of the components depended on having a well defined interface. . Thus if a component from one manufacturer failed, it was easy to get another part from another manufacturer and replace it. Modularity allowed parts with the same interfaces to be interchangeable with others. Information Hiding .Information hiding: does not allow certain aspects of an object to be observed or accessed. .Data and information hiding keeps the programmer from having complete access to data structures. .It allows access to only what is necessary. Information Hiding .Example: . Manipulating a stack requires three operations: . Push, pop and view the data item on the top of the stack. . Information hiding allows the programmer to not be concerned with how the stack is implemented. . The stack could be a linked list, tree structure, or an array. . None of the details of how the stack is implemented are necessary. Simplicity of Design .Simplicity as a design goal. . Simplicity is a design principle at Apple, especially with the iPhone. There is a single button. . People understand how to use the device without having to read a manual. . All unnecessary complexity has been removed. Simplicity of Design .Computers enable highly complex system . Today’s systems have large, high-dimensional state spaces and highly non-linear behavior Simplicity of Design .Computers enable highly complex system . Today’s systems have large, high-dimensional state spaces and highly non-linear behavior

Complexity is the enemy of security! Simplicity of Design .Why? . Simple systems with linearity, continuity and small state spaces are easy to analyze and easy to test . Complex systems are less predictable . Complexity breeds bugs . Simplicity is especially important when human users are involved .Value simplicity and remove unnecessary complexity For example: . Build code that only does what you need . Reuse components that are considered secure . Consistent in implementation of especially those “tried and true” Minimization .Attack surface: places in a program where users and other programs can enter and extract data. .Secure the program is difficult . the sheer size . increased complexity .Goal of minimization: simplify and decrease the number of ways that software can be exploited. . Turning off ports that are not needed . Reduce the amount of code running . Use the concept of least privilege . Turn off unneeded features.