DOCSLIB.ORG

Instituto Tecnológico Y De Estudios Superiores De Monterrey a Unified

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Instituto Tecnológico Y De Estudios Superiores De Monterrey a Unified Instituto Tecnol´ogico y de Estudios Superiores de Monterrey Monterrey Campus GRADUATE PROGRAM IN MECHATRONICS AND INFORMATION TECHNOLOGIES A Unified Software Security Enhancement Proposal Based on a Thorough Software Security Compendium. THESIS PRESENTED AS A PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Master of Science in Information Technology BY: Armando de Anda Gonz´alez Monterrey, N.L., November 2007 Instituto Tecnol´ogico y de Estudios Superiores de Monterrey Monterrey Campus DIVISION OF MECHATRONICS AND INFORMATION TECHNOLOGIES GRADUATE PROGRAM IN MECHATRONICS AND INFORMATION TECHNOLOGIES The members of the thesis committee hereby approve the thesis of Armando de Anda Gonz´alez to be accepted as partial fulfillment of the requirements for the Degree of Master of Science, in: Information Technology Thesis Committee: Arturo Galv´an Rodr´ıguez, Ph. D. Thesis advisor Suku Nair, Ph. D. MSc Alejandro Parra Briones Synodal Synodal Graciano Dieck Assad, Ph. D. Director of the Graduate Programs in Mechatronics and Information Technologies November 2007 A Unified Software Security Enhancement Proposal Based on a Thorough Software Security Compendium. BY: Armando de Anda Gonz´alez THESIS Presented to the Graduate Program in Mechatronics and Information Technologies This Thesis is a partial requirement for the degree of Master of Science in: Information Technology Instituto Tecnol´ogico y de Estudios Superiores de Monterrey Monterrey Campus November 2007 To God, for the wonderful gift of life and with whom anything is possible. To the love of my life, Paola, for being my inspiration, my strength, my everything. To my parents, Armando and Layda, the greatest example of love and sacrifice. To my aunt Martha, for believing in me and keeping this dream alive. To my aunt Sayde, my second mother, for your prayers and guidance. To my brother Juan, and to my sisters Layda and Diana, no matter the distance always united. To my many relatives and friends who are such an important part of my life. vii ix Acknowledgements First of all, I want to thank the members of my dissertation committee. Thanks to my principal advisor, Dr. Arturo Galv´an for his time, guidance, advice, and for believing in my proposal. While at Southern Methodist University, I worked under the supervision of Dr. Suku Nair, and I thank him for introducing me to me this fascinating subject and giving me the freedom to explore it. And to professor Alejandro Parra, whose technical competence is admirable, thank you for being so kind in accepting my invitation to review this work. I must thank Dr. David Garza and Dr. Hesham El-Rewini for making my time at SMU possible; it was such a gratifying and growing experience. Special thanks to Ana Isabel Cerda, whose advice on the little things made a huge difference. Finally, I must thank all the support I have received from professors and fellow students during all these years of graduate and undergraduate school at UAC, SMU, and ITESM. They all contributed to the preparation and development of my skills and values to face all challenges. xi Abstract The research presented is to fulfill the requirements of master degree in Science of Information Technologies of ITESM (Instituto Tecnol´ıgico y de Estudios Superiores de Monterrey). The use of information systems has augmented enormously. Computers have become a widely used tool in all disciplines and a medium to facilitate many aspects of our lives, but at the same time, vulnerabilities that endanger the personal data, reputation of organizations and lives of users are being discovered regularly. This dissertation is a fusion of knowledge which aims to provide a panoramic view at the problem and main countermeasures to developers, testers and end users. It will also serve as a break down of the problem, so the dissertation may be employed as a starting point for interested entities, whether research individuals or organizations, to facilitate the communication, exchange of data, combination and evaluation of information in the subject. This research will be useful in the avoidance of overlapping work and assist in the development of parallel efforts that could easily converge to bring us closer to making software behave. Several techniques and strategies have been proposed to mitigate the threats, but it has been a disseminated effort which makes more difficult the tasks of gathering, exchange and comparison of information, hence making it difficult to identify where we stand. This work is motivated by the current importance of security in software, and the work pretends to be a guide of Software Security Topics being its main contributions a proposed Questionnaire for Security Enhancement in the Software Life-Cycle, the coherent fusion of knowledge in the field, and at the same time break down of the problem of security. Contents 1 Introduction 1 1.1 Problems Behind Software Security . .. 1 1.1.1 Software Security Difficulties . 2 1.1.2 TheTrinityofTrouble . .. .. 4 1.1.3 The Thirteen Security Snares . 4 1.2 ProblemDefinition ............................. 6 1.3 Objectives ................................. 7 1.4 Hypothesis.................................. 8 1.5 Methodology ................................ 8 2 The Software Security Context 9 2.1 FundamentalConcepts ........................... 9 2.1.1 SecurityServices .......................... 10 2.1.2 STRIDE............................... 11 2.2 Whatsoftwareisvulnerable?. 12 2.3 Whyissoftwarevulnerable? . 13 3 Attackers and Motives 15 3.1 LawenforcementEntity .......................... 15 3.2 SecurityAuditors .............................. 16 3.3 UnethicalHackers.............................. 17 3.4 ScriptKiddies................................ 18 3.5 IndustrialSpies ............................... 18 3.6 Insider.................................... 19 3.7 Cyberterrorist................................ 20 4 Top Vulnerabilities 21 4.1 BufferOverflows .............................. 21 4.1.1 Consequences ............................ 23 4.1.2 BufferOverflowTaxonomy. 24 4.1.3 Attacks ............................... 26 4.2 Cross-SiteScripting(XSS) . 28 4.2.1 Consequences ............................ 28 4.2.2 Attacks ............................... 29 xiii xiv CONTENTS 4.2.3 Conclusion.............................. 33 4.3 SQLInjection ................................ 34 4.3.1 Consequences ............................ 35 4.3.2 Attacks ............................... 35 4.3.3 Conclusion.............................. 39 4.4 RaceConditions............................... 40 4.4.1 Attacks ............................... 42 4.4.2 Conclusion.............................. 45 4.5 DesignVulnerabilities. 45 4.6 Deployment Vulnerabilities . .. 46 4.7 Authentication and Password Vulnerabilities . ....... 47 4.8 Encryption Vulnerabilities . .. 48 5 Security in the Software Development Process 51 5.1 Secure Software Development Lifecycle . .... 52 5.2 MicrosoftSDL................................ 56 5.3 CLASP ................................... 59 5.4 iCMMandCMMIsecurity......................... 61 5.5 CorrectnessbyConstruction . 67 6 Standards and Best Practices 71 6.1 ISO/IEC27002 ............................... 71 6.2 CommonCriteria(ISO15408) . 77 6.3 TheStandardofGoodPractice . 81 6.4 MisuseandAbusecases .......................... 85 6.5 ReducingAttackSurface . .. .. 87 6.6 ShadesofAnalysis ............................. 89 6.6.1 WhiteBoxAnalysis. .. .. 89 6.6.2 BlackBoxAnalysis ......................... 90 6.6.3 GrayBoxAnalysis. ......................... 90 6.7 PenetrationTesting............................. 91 6.8 Other Practices and Recommendations . .. 91 6.8.1 KeepitSimple ........................... 91 6.8.2 Acknowledge human imperfection . 92 6.8.3 ValidatedallInput . .. .. 92 6.8.4 InitializeMemory.......................... 92 6.8.5 DesignSafeDefaultConfigurations . 92 6.8.6 Ensure that the Bounds of No Memory Region Are Violated .. 92 6.8.7 UseCorrectAuthentication . 92 6.8.8 Remember it is hard to keep secrets . 93 6.8.9 LeastPrivilege ........................... 93 6.8.10 SecuringtheWeakestLink . 93 6.8.11 FailSecurely............................. 93 6.8.12 SeparationofPrivilege . 93 CONTENTS xv 6.8.13 KeepSystemlogs .......................... 94 6.8.14 CodingPractices . .. .. 94 6.8.15 Firewalls............................... 94 6.8.16 IntrusionDetectionSystems . 95 6.8.17 AntivirusandMalwaredetectors . 95 6.8.18 Detecting and preventing Buffer Overflows . .. 95 7 Tools for Software Security 97 7.1 NISTToolTaxonomy............................ 97 7.2 StaticAnalysis ............................... 100 7.2.1 LexicalTools ............................ 100 7.2.2 SemanticTools ........................... 101 7.3 DynamicAnalysis.............................. 103 7.4 LibraryandCompilerApproaches . 104 7.5 Packet Manipulation and Password Cracking Tools . ..... 105 7.6 Personal Firewalls (software implementations) . ........ 107 7.7 Antivirus and Malware detection Tools . 108 7.8 IntrusionDetectionTools: . 108 7.9 Cryptography ................................ 109 7.9.1 SymmetricCryptography. 110 7.9.2 Asymmetric or Public Key Cryptography . 110 7.9.3 HashandMAC ........................... 110 7.10Protocols .................................. 111 7.11Application ................................. 111 7.12email..................................... 112 8 Security Metrics 113 8.1 AtInceptionPhase ............................. 114 8.1.1 Application Insecurity Index . 114 8.1.2 LegislationandCompliance . 114 8.1.3 HowmuchSecurity? . 117 8.2 AttheDevelopment ...........................
Load more

Recommended publications
  • Anyconnect および Host Scan のアンチウイルス/アンチスパイウェア
    AnyConnect および Host Scan のアンチウイルス/アンチスパイウェア/ファイアウォール サポート表 AnyConnect ポスチャ モジュールにより、AnyConnect Secure Mobility クライアントはホストにインス トールされているオペレーティング システム、およびアンチウイルス、アンチスパイウェア、ファイアウォールの 各ソフトウェアを識別できます。 Host Scan アプリケーションはポスチャ モジュールのコンポーネントに含まれ る、こうした情報を収集するアプリケーションです。 AnyConnect 3.0 より、Host Scan パッケージは AnyConnect Secure Mobility クライアントおよび Cisco Secure Desktop(CSD)の共有コンポーネントになっています。 それ以前は、Host Scan パッケージは CSD を インストールすることによってのみ利用可能になるコンポーネントの 1 つでした。 Host Scan パッケージを CSD から分離したのは、CSD の一部として提供されていたときよりも、ユー ザが頻繁に Host Scan サポート表を更新できるようにするためです。 このサポート表には、ユーザが動的なア クセス ポリシーで使用しているアンチウイルス/アンチスパイウェア/ファイアウォール アプリケーションの製品 名とバージョン情報が記載されています。 シスコでは、Host Scan パッケージに Host Scan アプリケーション、 Host Scan サポート表、および他のコンポーネントを含めて提供しています。 Host Scan サポート表のリスト アンチウイルス アプリケーション総合リスト アンチスパイウェア アプリケーション総合リスト ファイアウォール アプリケーション総合リスト Windows 用アンチウイルス Windows 用アンチスパイウェア Windows 用ファイアウォール Linux 用アンチウイルス Linux 用ファイアウォール Mac OS 用アンチウイルス Mac OS 用アンチスパイウェア Mac OS 用ファイアウォール A B C D E F G H I J K L M N O P Q R S T U V W X Y Z AA AB AC AD AE ファイル データ ファ バージョ データ ファイ データ ファイル データ ファイ エンジンのバー RTP の RTP の 前回のスキャン スキャン/クリー システムのフル アンイン GUI のアク トレイ アイコンの トレイ アイコン 有効期 脅威ログの取 スキャン プログラ フル スキャンの進捗 インストール ディ 一括スキャ メモリ スキャ アンチウイルス製品名 ライブ更新 サービス GUI の表示 のスキャ 有効日の取得 更新の進捗表示 プログラム言語の取得 イル dir の取 市場での別名 ン ルの時刻 のバージョン ルの署名 ジョン チェック 設定 時刻 ニング スキャン ストール ティブ化 表示 の非表示 限 得 ムの実行 表示 レクトリの取得 ン ン 1 ン 得 2 3 360Safe.com 4 360 Antivirus 1.x 9989999898888898 8888 8 9 8 9 9 9 88 5 360杀毒 1.x 9999988898888898 8889 8 8 8 9 9 9 88 6 AEC, spol. s r.o. 7 TrustPort Antivirus 2.x 8888998899888999 9888 8 9 8 9 8 988 8 Agnitum Ltd.
    [Show full text]
  • Personal Firewalls Are a Necessity for Solo Users
    Personal firewalls are a necessity for solo users COMPANY PRODUCT PLATFORM NOTES PRICE Aladdin Knowledge Systems Ltd. SeSafe Desktop Windows Combines antivirus with content filtering, blocking and $72 Arlington Heights, Ill. monitoring 847-808-0300 www.ealaddin.com Agnitum Inc. Outpost Firewall Pro Windows Blocks ads, sites, programs; limits access by specific times $40 Nicosia, Cyprus www.agnitum.com Computer Associates International Inc. eTrust EZ Firewall Windows Basic firewall available only by download $40/year Islandia, N.Y. 631-342-6000 my-etrust.com Deerfield Canada VisNetic Firewall Windows Stateful, packet-level firewall for workstations, mobile $101 (Canadian) St. Thomas, Ontario for Workstations users or telecommuters 519-633-3403 www.deerfieldcanada.ca Glucose Development Corp. Impasse Mac OS X Full-featured firewall with real-time logging display $10 Sunnyvale, Calif. www.glu.com Intego Corp. NetBarrier Personal Firewall Windows Full-featured firewall with cookie and ad blocking $50 Miami 512-637-0700 NetBarrier 10.1 Mac OS X Full-featured firewall $60 www.intego.com NetBarrier 2.1 Mac OS 8 and 9 Full-featured firewall $60 Internet Security Systems Inc. BlackIce Windows Consumer-oriented PC firewall $30 Atlanta 404-236-2600 RealSecure Desktop Windows Enterprise-grade firewall system for remote, mobile and wireless users Varies blackice.iss.net/ Kerio Technologies Inc. Kerio Personal Firewall Windows Bidirectional, stateful firewall with encrypted remote-management option $39 Santa Clara, Calif. 408-496-4500 www.kerio.com Lava Software Pty. Ltd. AdWare Plus Windows Antispyware blocks some advertiser monitoring but isn't $27 Falköping, Sweden intended to block surveillance utilities 46-0-515-530-14 www.lavasoft.de Network Associates Inc.
    [Show full text]
  • Kerio Powerpoint Template
    Bezpečnost v IT: Firewally Jan Ježek, Kerio Technologies / Samepage Labs Úvod Jan Ježek • Do r. 2012 vedoucí vývoje produktu Kerio Control (dříve Kerio WinRoute Firewall, ještě dříve WinRoute Pro) • Kerio Technologies teké známé díky: Kerio Connect, Kerio Operator Samepage Program přednášky • Firewall: co to je / původ / dělení / historie • Princip fungování / komponenty • Překlad adres (NAT) • Doplňkové funkce • Obcházení firewallu / lidský faktor Program přednášky • Firewall: co to je / původ / dělení / historie • Princip fungování / komponenty • Překlad adres (NAT) • Doplňkové funkce • Obcházení firewallu / lidský faktor Firewall: co to je? Firewall: co to je? Firewall = „Protipožární zeď“ Původ slova není znám. Poprvé snad ve filmu WarGames. Firewall: co to je? Definice: Jeden bod mezi dvěma sítěmi, kterým musí procházet veškerý provoz mezi nimi. Bariéra mezi námi a nimi, pro libovolnou hodnotu „nimi“. Dělení firewallů Podle použití: • Síťové • Osobní • Serverové • Web Application Firewalls Podle platformy: • Hardwarové • Softwarové • Virtuální • Cloudové – spravované (managed) Historie firewallů Počátky lze vysledovat na přelomu 80. a 90. let: • Objevuje se Internet ;-) • resp. přestává být doménou „kolegů z univerzit“ 2.11.1988 – první internetový červ „Morris“ • Robert Tappan Morris, student na Cornell University, NY • Údajně 6000 nakažených počítačů (10% tehdejšího internetu) • Přinesl vystřízlivění ohledně bezpečnosti • Červ neměl škodit (dle Morrise) • 400 hodin prací, $10,000 pokuta, podmínka Historie firewallů 1987 – AT&T Gate
    [Show full text]
  • A Buffer Overflow Study
    A Bu®er Overflow Study Attacks & Defenses Pierre-Alain FAYOLLE, Vincent GLAUME ENSEIRB Networks and Distributed Systems 2002 Contents I Introduction to Bu®er Overflows 5 1 Generalities 6 1.1 Process memory . 6 1.1.1 Global organization . 6 1.1.2 Function calls . 8 1.2 Bu®ers, and how vulnerable they may be . 10 2 Stack overflows 12 2.1 Principle . 12 2.2 Illustration . 12 2.2.1 Basic example . 13 2.2.2 Attack via environment variables . 14 2.2.3 Attack using gets . 16 3 Heap overflows 18 3.1 Terminology . 18 3.1.1 Unix . 18 3.1.2 Windows . 18 3.2 Motivations and Overview . 18 3.3 Overwriting pointers . 19 3.3.1 Di±culties . 20 3.3.2 Interest of the attack . 20 3.3.3 Practical study . 20 3.4 Overwriting function pointers . 24 3.4.1 Pointer to function: short reminder . 24 3.4.2 Principle . 24 3.4.3 Example . 25 3.5 Trespassing the heap with C + + . 28 3.5.1 C++ Background . 28 3.5.2 Overwriting the VPTR . 31 3.5.3 Conclusions . 32 3.6 Exploiting the malloc library . 33 3.6.1 DLMALLOC: structure . 33 3.6.2 Corruption of DLMALLOC: principle . 34 II Protection solutions 37 4 Introduction 38 1 5 How does Libsafe work? 39 5.1 Presentation . 39 5.2 Why are the functions of the libC unsafe ? . 39 5.3 What does libsafe provide ? . 40 6 The Grsecurity Kernel patch 41 6.1 Open Wall: non-executable stack .
    [Show full text]
  • Chapter 10 Buffer Overflow Buffer Overflow
    Chapter 10 Buffer Overflow Buffer Overflow ● Common attack mechanism ○ first wide use by the Morris Worm in 1988 ● Prevention techniques known ○ NX bit, stack canaries, ASLR ● Still of major concern ○ Recent examples: Shellshock, Hearthbleed Buffer Overflow/Buffer Overrun Definition: A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system. Buffer Overflow Basics ● Programming error when a process attempts to store data beyond the limits of a fixed-sized buffer ● Overwrites adjacent memory locations ○ locations may hold other program variables, parameters, or program control flow data ○ buffer could be located on the stack, in the heap, or in the data section of the process ● Consequences: ○ corruption of program data ○ unexpected transfer of control ○ memory access violations Basic Buffer Overflow Example Basic Buffer Overflow Stack Values Buffer Overflow Attacks Attacker needs: ● To identify a buffer overflow vulnerability in some program that can be triggered using externally sourced data under the attacker’s control ● To understand how that buffer is stored in memory and determine potential for corruption Identifying vulnerable programs can be done by: ● inspection of program source ● tracing the execution of programs as they process oversized input ● using tools such as fuzzing to automatically identify
    [Show full text]
  • Towards Efficient Heap Overflow Discovery
    Towards Efficient Heap Overflow Discovery Xiangkun Jia, TCA/SKLCS, Institute of Software, Chinese Academy of Sciences; Chao Zhang, Institute for Network Science and Cyberspace, Tsinghua University; Purui Su, Yi Yang, Huafeng Huang, and Dengguo Feng, TCA/SKLCS, Institute of Software, Chinese Academy of Sciences https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jia This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX Towards Efficient Heap Overflow Discovery Xiangkun Jia1;3, Chao Zhang2 , Purui Su1;3 , Yi Yang1, Huafeng Huang1, Dengguo Feng1 1TCA/SKLCS, Institute of Software, Chinese Academy of Sciences 2Institute for Network Science and Cyberspace 3University of Chinese Academy of Sciences Tsinghua University {jiaxiangkun, yangyi, huanghuafeng, feng}@tca.iscas.ac.cn [email protected] [email protected] Abstract to attack. As the heap layout is not deterministic, heap Heap overflow is a prevalent memory corruption vulner- overflow vulnerabilities are in general harder to exploit ability, playing an important role in recent attacks. Find- than stack corruption vulnerabilities. But attackers could ing such vulnerabilities in applications is thus critical for utilize techniques like heap spray [16] and heap feng- security. Many state-of-art solutions focus on runtime shui [43] to arrange the heap layout and reliably launch detection, requiring abundant inputs to explore program attacks, making heap overflow a realistic threat. paths in order to reach a high code coverage and luckily Several solutions are proposed to protect heap overflow trigger security violations.
    [Show full text]
  • Comprehensively and Efficiently Protecting the Heap ∗
    Appears in the Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XII), October 2006. Comprehensively and Efficiently Protecting the Heap ∗ Mazen Kharbutli Xiaowei Jiang Yan Solihin Guru Venkataramani Milos Prvulovic Jordan Univ. of Science and Technology North Carolina State University Georgia Institute of Technology [email protected] {xjiang,solihin}@ece.ncsu.edu {guru,milos}@cc.gatech.edu Abstract of altering the program behavior when it uses V . Attackers may use The goal of this paper is to propose a scheme that provides com- a variety of well-known techniques to overwrite M with V ,suchas prehensive security protection for the heap. Heap vulnerabilities are buffer overflows, integer overflows,andformat strings, typically by increasingly being exploited for attacks on computer programs. In supplying unexpected external input (e.g. network packets) to the most implementations, the heap management library keeps the heap application. The desired program behavior alteration may include meta-data (heap structure information) and the application’s heap direct control flow modifications in which M contains control flow data in an interleaved fashion and does not protect them against information such as function pointers, return addresses, and condi- each other. Such implementations are inherently unsafe: vulnera- tional branch target addresses. Alternatively, attackers may choose bilities in the application can cause the heap library to perform un- to indirectly change program behavior by modifying critical data intended actions to achieve control-flow and non-control attacks. that determines program behavior. Unfortunately, current heap protection techniques are limited Researchers have shown that the stack is vulnerable to over- in that they use too many assumptions on how the attacks will writes, so many protection schemes have been proposed to protect be performed, require new hardware support, or require too many it.
    [Show full text]
  • Semi-Synchronized Non-Blocking Concurrent Kernel Cruising
    This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCC.2020.2970183, IEEE Transactions on Cloud Computing IEEE TRANSACTIONS ON CLOUD COMPUTING 1 Semi-synchronized Non-blocking Concurrent Kernel Cruising Donghai Tian, Qiang Zeng, Dinghao Wu, Member, IEEE,Peng Liu, Member, IEEE, Changzhen Hu Abstract—Kernel heap buffer overflow vulnerabilities have been exposed for decades, but there are few practical countermeasure that can be applied to OS kernels. Previous solutions either suffer from high performance overhead or compatibility problems with mainstream kernels and hardware. In this paper, we present KRUISER, a concurrent kernel heap buffer overflow monitor. Unlike conventional methods, the security enforcement of which is usually inlined into the kernel execution, Kruiser migrates security enforcement from the kernel’s normal execution to a concurrent monitor process, leveraging the increasingly popular multi-core architectures. To reduce the synchronization overhead between the monitor process and the running kernel, we design a novel semi-synchronized non-blocking monitoring algorithm, which enables efficient runtime detection on live memory without incurring false positives. To prevent the monitor process from being tampered and provide guaranteed performance isolation, we utilize the virtualization technology to run the monitor process out of the monitored VM, while heap memory allocation information is collected inside the monitored VM in a secure and efficient way. The hybrid VM monitoring technique combined with the secure canary that cannot be counterfeited by attackers provides guaranteed overflow detection with high efficiency.
    [Show full text]
  • An Examination of the Generic Memory Corruption Exploit Prevention
    AN EXAMINATION OF THE GENERIC MEMORY CORRUPTION EXPLOIT PREVENTION MECHANISMS ON APPLE'S LEOPARD OPERATING SYSTEM Haroon Meer SensePost, Rhodes University [email protected] AN EXAMINATION OF THE GENERIC MEMORY CORRUPTION EXPLOIT PREVENTION MECHANISMS ON APPLE'S LEOPARD OPERATING SYSTEM ABSTRACT The Win32 platform has long been the whipping boy of memory corruption attacks and malware, which has forced Microsoft into implementing aggressive anti-exploitation mechanisms into their newer Operating Systems. Apple's Mac OS X (Leopard) has had a much smoother run, both in the media, and in terms of high profile attacks and the reason for this is less clear. In light of Apple's increased market-share, a comparison between Microsoft's defences and Apple's defences is required as the number of anti-exploitation techniques increases with time. In order to produce a side-by-side comparison, an overview of memory corruption attacks is provided and the common generic anti-exploitation techniques for these attacks are enumerated and described. For each operating system, the quality and effective of each implemented defence is evaluated. The results of the study show that Leopard trails Windows Vista in both the number of defences, as well as the quality and effectiveness of the defences that are implemented. KEY WORDS exploit memory corruption stack heap shellcode overflow ret-2-libc 1 INTRODUCTION This paper will cover the basics of memory corruption exploits, and will then examine how Microsoft Windows Vista and Apple MacOS X Leopard combat these attacks in their default state. The intention is to examine how Apple’s Leopard measures up against the automatic exploit mitigations built into Vista.
    [Show full text]
  • Kerio-Control-Adminguide.Pdf
    ADMINISTRATOR GUIDE Find out how to install and configure Kerio Control in different environments and how to set up advanced features The information and content in this document is provided for informational purposes only and is provided "as is" with no warranties of any kind, either express or implied, including without limitation any warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software disclaims and in no event shall be liable for any losses or damages of any kind, including any consequential or incidental damages in connection with the furnishing, performance or use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no warranty, promise or guarantee about the completeness, accuracy, recency or adequacy of information contained in this document and is not responsible for misprints, out-of-date information, or errors. GFI reserves the right to revise or update its products, software or documentation without notice. You must take full responsibility for your use and application of any GFI product or service. No part of this documentation may be reproduced in any form by any means without prior written authorization of GFI Software. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical. GFI and Kerio Control are trademarks or registered trademarks of GFI Software or its affiliates in the US and other countries. Any other trademarks contained herein are the property of their respective owners.
    [Show full text]
  • A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities
    A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities Shuo Chen, Zbigniew Kalbarczyk, Jun Xu, Ravishankar K. Iyer Center for Reliable and High-Performance Computing Coordinated Science Laboratory University of Illinois at Urbana-Champaign 1308 W. Main Street, Urbana, IL 61801 {shuochen, kalbar, junxu, iyer}@crhc.uiuc.edu constructor [18]. This paper combines the two Abstract approaches: real data is analyzed, in conjunction with a This paper combines an analysis of data on security focused source-code examination, to develop a finite vulnerabilities (published in Bugtraq database) and a state machine (FSM) model to depict and reason about focused source-code examination to develop a finite state security vulnerabilities. machine (FSM) model to depict and reason about Using the Bugtraq list maintained in Securityfocus security vulnerabilities. An in-depth analysis of the [13], the study first identifies leading causes of security vulnerability reports and the corresponding source code vulnerabilities. 1 An in-depth analysis of the reported of the applications leads to three observations: (i) vulnerabilities shows: exploits must pass through multiple elementary activities, • (ii) multiple vulnerable operations on several objects are Exploits must pass through multiple elementary involved in exploiting a vulnerability, and (iii) the activities – at any one of which, one can foil the vulnerability data and corresponding code inspections exploit. • allow us to derive a predicate for each elementary Exploiting a vulnerability involves multiple activity. vulnerable operations on multiple objects. • Each predicate is represented as a primitive FSM Analysis of a given vulnerability along with (pFSM). Multiple pFSMs are then combined to create an examination of the associated source code allows us FSM model of vulnerable operations and possible to specify predicates that need to be met to ensure exploits.
    [Show full text]
  • X41 D-SEC Gmbh Dennewartstr
    Browser Security White PAPER Final PAPER 2017-09-19 Markus VERVIER, Michele Orrù, Berend-Jan WEVER, Eric Sesterhenn X41 D-SEC GmbH Dennewartstr. 25-27 D-52068 Aachen Amtsgericht Aachen: HRB19989 Browser Security White PAPER Revision History Revision Date Change Editor 1 2017-04-18 Initial Document E. Sesterhenn 2 2017-04-28 Phase 1 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 3 2017-05-19 Phase 2 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 4 2017-05-25 Phase 3 M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 5 2017-06-05 First DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 6 2017-06-26 Second DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 7 2017-07-24 Final DrAFT M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 8 2017-08-25 Final PAPER M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER 9 2017-09-19 Public Release M. VERVIER, M. Orrù, E. Sesterhenn, B.-J. WEVER X41 D-SEC GmbH PAGE 1 OF 196 Contents 1 ExECUTIVE Summary 7 2 Methodology 10 3 Introduction 12 3.1 Google Chrome . 13 3.2 Microsoft Edge . 14 3.3 Microsoft Internet Explorer (IE) . 16 4 Attack Surface 18 4.1 Supported Standards . 18 4.1.1 WEB TECHNOLOGIES . 18 5 Organizational Security Aspects 21 5.1 Bug Bounties . 21 5.1.1 Google Chrome . 21 5.1.2 Microsoft Edge . 22 5.1.3 Internet Explorer . 22 5.2 Exploit Pricing . 22 5.2.1 ZERODIUM . 23 5.2.2 Pwn2Own .
    [Show full text]