armor within defending against vulnerabilities in third
play

Armor Within: Defending against Vulnerabilities in Third-Party - PowerPoint PPT Presentation

Jan 17, 2023 •97 likes •381 views

Armor Within: Defending against Vulnerabilities in Third-Party Libraries Sameed Ali , Prashant Anantharaman, Sean Smith Dartmouth College, NH, USA sameed.ali.gr@dartmouth.edu 1 Outline Motivation Our Evaluation Conclusions Approaches 2

  1. Armor Within: Defending against Vulnerabilities in Third-Party Libraries Sameed Ali , Prashant Anantharaman, Sean Smith Dartmouth College, NH, USA sameed.ali.gr@dartmouth.edu 1

  2. Outline Motivation Our Evaluation Conclusions Approaches 2

  3. Crafted input attacks on libraries Third-party library input not ● validated by main application App and library in same address ● space Otherwise secure software ● compromised by a crafted input attack on a third-party library 3

  4. 4

  5. 5

  6. 6

  7. 7

  8. An example: CVE-2004-0597 š The adversary tricks the browser into sending a malicious PNG file into the libPNG library. š The exploited software module can then access sensitive information in other parts of the address space. 8

  9. Outline Motivation Our Evaluation Conclusions Approaches 9

  10. Proposed Solution 1. Compartmentalize application address space (via ELFbac) 2. LangSec validation applied to input of third-party software modules 3. Inject LangSec validation parser/filter in the software via a. Object rewriting b. Binary rewriting 4. Ensure CFI so validation not bypassed (via ELFbac policy) 10

  11. CVE-2004-0597: LibPNG The adversary tricks the ● browser into sending a malicious PNG file into the libpng library. The exploited software ● module can then access sensitive information in other parts of the address space. 11

  12. CVE-2004-0597: LibPNG The adversary tricks the ● browser into sending a malicious PNG file into the libpng library. The exploited software ● module can then access sensitive information in other parts of the address space. 12

  13. CVE-2004-0597: LibPNG The adversary tricks the ● browser into sending a malicious PNG file into the libpng library. The exploited software ● module can then access sensitive information in other parts of the address space. 13

  14. What does a LS parser/filter look like? 14

  15. A simple PNG LS parser/filter using Hammer 15

  16. Ensuring control flow integrity 16

  17. š Assumption: Constituent software modules compiled objects available š Rewrite the Symbol table of the Filter Injection target object via object š Library symbols point to with rewriting LangSec filter functions š Link the objects together to generate the binary š Inject ELFbac policy 17

  18. š Lift binary to LLVM IR code š Insert LangSec validation filter via a Filter Injection custom LLVM IR pass via LLVM š Compile LLVM to generate required binary š Inject ELFbac policy 18

  19. Outline Motivation Our Evaluation Conclusions Approaches 19

  20. Evaluation To evaluate our system, we answer the following questions: Is Armor Within effective against known vulnerabilities? ● How much overhead do our LangSec filters add to existing binaries? ● Can Armor Within effectively inject parsers in existing binaries? ● 20

  21. Evaluating against known vulnerabilities Armor Within was able to successfully detect and mitigate the following vulnerabilities: CVE-2016-1838: Denial-of-service heap-based buffer over-read ● vulnerability in LIBXML CVE-2004-0597: Stack-Overflow remote code execution vulnerability in ● LibPNG CVE-2010-1205: Buffer overflow in LibPNG ● We ran these experiments on a Desktop computer equipped with a Xeon E3-1245 processor and 8 Gigabytes of RAM. The computer ran Ubuntu Linux version 12.04 with the ELFbac Linux kernel patch. 21

  22. Overheads added by our LangSec filters 22

  23. Outline Motivation Our Evaluation Conclusions Approaches 23

  24. Conclusions š Armor Within comprises two techniques to inject LangSec parsers in binaries: Object rewriting š Binary rewriting š š First technique is suited to dynamically linked libraries, whereas second technique works for statically linked libraries. š Our tools were effective and added minimal overhead in terms of memory and CPU time to existing binaries. 24

  25. Future Work Armor Within, works with Hammer parsers. We are working to make the ● tool more generic and can accept any parser combinator toolkit. For control-flow integrity, we used ELFbac in this paper. We are working ● to make our tools to be agnostic of the control-flow integrity techniques. We are working on a parser generator that converts BNF syntax to ● parser-combinator syntax. 25

  26. Thank you! Questions? Sameed Ali sameed.ali.gr@dartmouth.edu Prashant pa@cs.dartmouth.edu Sean sws@cs.dartmouth.edu Code available at: https://bitbucket.org/sameed_ali/app-armor-poc/ 26

  27. Acknowledgements This material is based upon work supported by the United States Air Force and DARPA under Contract No. FA8750-16-C-0179. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of United States Government or any agency thereof. 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ArMOR : Defending Against Memory Consistency Model Mismatches in

ArMOR : Defending Against Memory Consistency Model Mismatches in

ArMOR : Defending Against Memory Consistency Model Mismatches in Heterogeneous Architectures Daniel Lus0g , Caroline Trippel, Michael Pellauer, and Margaret

427 views • 31 slides
Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
10/8/20 Armor Up, Armor Down: What this about and who we are The Inner Life of Cops,

10/8/20 Armor Up, Armor Down: What this about and who we are The Inner Life of Cops,

10/8/20 Armor Up, Armor Down: What this about and who we are The Inner Life of Cops, Firefighters and Medics Se Sessi ssion I: : Much Mo More Than a Job or Career Offer a different perspective Connect people who care about first

262 views • 3 slides
Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending

Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending

Presenting a live 90-minute webinar with interactive Q&A Law Firm Data Breaches and Legal Malpractice Risks Assessing Vulnerabilities, Defending Professional Liability Claims, Evaluating Insurance Coverage TUESDAY, MAY 3, 2016 1pm Eastern

942 views • 62 slides
Tie development of MEDIEVAL ARMOR over time WORCESTER ART MUSEUM ARMS & ARMOR PRESENTATION

Tie development of MEDIEVAL ARMOR over time WORCESTER ART MUSEUM ARMS & ARMOR PRESENTATION

Tie development of MEDIEVAL ARMOR over time WORCESTER ART MUSEUM ARMS & ARMOR PRESENTATION SLIDE 2 The Arms & Armor Collection Mr. Higgins, 1914.146 In 2014, the Worcester Art Museum acquired the John Woodman Higgins Collection of Arms

972 views • 18 slides
How StormGuard-Armor Stunningly Tames Bear Markers April 21, 2016 By Scott Juds, President &

How StormGuard-Armor Stunningly Tames Bear Markers April 21, 2016 By Scott Juds, President &

How StormGuard-Armor Stunningly Tames Bear Markers April 21, 2016 By Scott Juds, President & CEO, SumGrowth Strategies, Seattle, WA 1 Why StormGuard-Armor? Her es a Poster Child For the Problem Whats Going On? Well a Guy Walks

590 views • 22 slides
CARBON NANOTUBE SOFT BODY ARMOR CALISA HYMAS, SAMM GILLARD, STEVEN LACEY, KATHLEEN ROHRBACH,

CARBON NANOTUBE SOFT BODY ARMOR CALISA HYMAS, SAMM GILLARD, STEVEN LACEY, KATHLEEN ROHRBACH,

CARBON NANOTUBE SOFT BODY ARMOR CALISA HYMAS, SAMM GILLARD, STEVEN LACEY, KATHLEEN ROHRBACH, CHRIS BERKEY (TUBEY AND THE NANOS) MOTIVATION Hard body armor is made from heavy ceramic plates, and is used to stop higher caliber rounds.

674 views • 64 slides
Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Presenting a live 90 minute webinar with interactive Q&A Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults, and Bankruptcy TUES DAY, DECEMBER 21, 2010 1pm Eastern |

1.33k views • 131 slides
MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL GLOBAL EQUITIES OBAL EQUITIES TO US PRIV US PRIVATE CLIENT E CLIENTS Jonathan F Jonathan Foster ster President & CEO Angeles Wealth

643 views • 19 slides
Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Presenting a live 90-minute webinar with interactive Q&A Wrongful Death Claims and Survival Actions: Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex Valuation and Settlement Issues WEDNESDAY,

481 views • 26 slides
Eph. 6:11, Put on the full armor of God, so that you will be able to stand firm against the

Eph. 6:11, Put on the full armor of God, so that you will be able to stand firm against the

Satans Assaults on the Human Race D IRECT A SSAULTS Gen Matt Gen 3 4 6 Demon Demon Possession Possession Three Final Demon Gog Assaults & Magog I NDIRECT A SSAULTS Revolt Eph. 6:11, Put on the full armor of God, so that

287 views • 17 slides
Blue Bible pg 1245 Ephesians 6:10-20 Blue Bible pg 1245 Ephesians 6:10-20 ESV The Whole Armor of

Blue Bible pg 1245 Ephesians 6:10-20 Blue Bible pg 1245 Ephesians 6:10-20 ESV The Whole Armor of

Ephesians 6:10-20 Blue Bible pg 1245 Ephesians 6:10-20 Blue Bible pg 1245 Ephesians 6:10-20 ESV The Whole Armor of God 10 Finally, be strong in the Lord and in the strength of his might. 11 Put on the whole armor of God, that you may be able

624 views • 23 slides
EEI Occupational Safety & Health Committee Conference Violence, Firearms and Body Armor

EEI Occupational Safety & Health Committee Conference Violence, Firearms and Body Armor

EEI Occupational Safety & Health Committee Conference Violence, Firearms and Body Armor September 28, 2010 1 Agenda Welcome and Introduction Credibility and Experience Customized Curriculum Scenario Based Validation

528 views • 28 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via

SybilGuard: Defending Against Sybil Attacks SybilGuard: Defending Against Sybil Attacks via Social Networks via Social Networks Intel Research Pittsburgh / CMU Haifeng Yu National University of Singapore Michael Kaminsky Intel Research

501 views • 22 slides
Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections

Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections

Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections Yiqing Hua Thomas Ristenpart Mor Naaman Cornell Tech, Cornell University Presentation for ICWSM 2020 Find the slides and paper on

357 views • 21 slides
Reducing Communication Channels in MPC Marcel Keller 1,2 Dragos Rotaru 1,3 Nigel Smart 1,3 T im

Reducing Communication Channels in MPC Marcel Keller 1,2 Dragos Rotaru 1,3 Nigel Smart 1,3 T im

Reducing Communication Channels in MPC Marcel Keller 1,2 Dragos Rotaru 1,3 Nigel Smart 1,3 T im Wood 1,3 1 University of Bristol 2 Data61 3 KU Leuven/COSIC ESAT 1/35 Outline Goal Generalising MPC Tools Performing MPC 2/35 Outline Goal

753 views • 72 slides
Transport Refrigeration Unit Enforcement Work Group Meeting July 29, 2020 1 Updated Concept for

Transport Refrigeration Unit Enforcement Work Group Meeting July 29, 2020 1 Updated Concept for

Transport Refrigeration Unit Enforcement Work Group Meeting July 29, 2020 1 Updated Concept for TRU Regulation Facility Registration, Fees, and Compliance Plan Reporting Expanded TRU Registration Requirements TRU Emission Standards

403 views • 15 slides
Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed

Universal Multi-Party Poisoning Attacks Saeed Mahloujifar Mohammad Mahmoody Ameer Mohammed Multi-Party Learning Distributions Data Providers 1 1 Model Multi-Party Learning (Round j) Distributions

540 views • 20 slides
Combating Election Misinformation Communicating Trusted Election Information July 30, 2020

Combating Election Misinformation Communicating Trusted Election Information July 30, 2020

Combating Election Misinformation Communicating Trusted Election Information July 30, 2020 #TrustedInfo2020 Housekeeping Be gracious about work-from-home setups Restart Zoom if needed Slides, captioned recordings, and a participant

903 views • 67 slides
Working with Third-Party Providers Transforming Professional

Working with Third-Party Providers Transforming Professional

4/21/14 Working with Third-Party Providers Transforming Professional Learning Webinar Series April 17, 2014 Call Procedures Engage fully, sharing

388 views • 6 slides
Gilad Asharov Gilad Asharov parties, each has some private input, wish to compute a function

Gilad Asharov Gilad Asharov parties, each has some private input, wish to compute a function

Gilad Asharov Gilad Asharov parties, each has some private input, wish to compute a function on their joint inputs average of salaries, auctions, private database query, private data mining parties, each has some private input, wish

1.28k views • 105 slides
Political Economy of Third Party Interventions Sabyasachi Das Souvik Dutta Abhirup Sarkar

Political Economy of Third Party Interventions Sabyasachi Das Souvik Dutta Abhirup Sarkar

Political Economy of Third Party Interventions Sabyasachi Das Souvik Dutta Abhirup Sarkar Ashoka University IIM, Bangalore ISI, Kolkata 17 th Nordic Conference on Development Economics June 12, 2018 Das, Dutta, Sarkar (2018) Pol Econ of

510 views • 26 slides

More recommend