cs412 software security
play

CS412 Software Security Security Policies Mathias Payer EPFL, - PowerPoint PPT Presentation

May 23, 2023 •107 likes •532 views

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a

  1. CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security

  2. Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a statement of intent, and is implemented as a procedure or protocol. (Wikipedia) Mathias Payer CS412 Software Security

  3. Isolation Isolation is the process or fact of isolating or being isolated. Two components are isolated if their interactions are restricted. The OS isolates process from each other and only allows interaction through a well-defined API Enabled through virtual memory and privilege domains Mathias Payer CS412 Software Security

  4. Least privilege Least privilege requires that each component has the minimum amount of privileges to function. If any privilege is removed, the component stops to function Mathias Payer CS412 Software Security

  5. Compartmentalization General technique of separating two or more parts of a system to prevent malfunctions from spreading between or among them. Requires combination of isolation and least privilege. Strong policy to contain faults to single components Forward reference: confused deputies are still a problem Mathias Payer CS412 Software Security

  6. Memory Safety Memory safety is a property that ensures that all memory accesses adhere to the semantics defined by the source programming language. Mathias Payer CS412 Software Security

  7. Memory unsafety? In short: I manipulate where the moving objects (sprites) are located or where they despawn, then I swap the item in Yoshi’s mouth with a flying ?-block (thus the yellow glitched shell) and using a glitch (stunning) to spawn a sprite which isn’t used by SMW and since it tries to jump to the sprite routine location, it indexes everything wrong and jumps to a place I manipulated earlier with the sprites (OAM) and because of the P-Switch it jumps to controller registers and from there the arbitrary code execution is started. Even shorter: Magic (by Masterjun3) https://www.youtube.com/watch?v=OPcV9uIY5i4 Mathias Payer CS412 Software Security

  8. Practical memory safety The gap between the operational semantics of the programming language and the underlying instructions provided by the ISA allow an attacker to step out of the restrictions imposed by the programming language and access memory out of context. Memory unsafe languages like C/C++ do not enforce memory safety and data accesses can occur through stale/illegal pointers. Mathias Payer CS412 Software Security

  9. Memory safety Memory safety is a general property that can apply to a program, a runtime environment, or a programming language See Mike Hicks: Memory Safety A program is memory safe, if all possible executions of that program are memory safe. A runtime environment is memory safe, if all runnable programs are memory safe. A programming language is memory safe, if all expressible programs are memory safe. Memory safety prohibits buffer overflows, NULL pointer dereferences, use after free, use of uninitialized memory, or double frees. Mathias Payer CS412 Software Security

  10. Memory unsafety (C/C++ view) Memory safety violations rely on two conditions: Pointer goes out of bounds or becomes dangling The pointer is dereferenced (used for read or write) Mathias Payer CS412 Software Security

  11. Spatial memory safety Spatial memory safety is a property that ensures that all memory dereferences are within bounds of their pointer’s valid objects. An object’s bounds are defined when the object is allocated. Any computed pointer to that object inherits the bounds of the object. Any pointer arithmetic can only result in a pointer inside the same object. Pointers that point outside of their associated object may not be dereferenced. Dereferencing such illegal pointers results in a spatial memory safety error and undefined behavior. Mathias Payer CS412 Software Security

  12. Spatial memory safety char *ptr = malloc(24); for (int i = 0; i < 26 ++i) { ptr[i] = i+0x41; } Classic buffer overflow Array is sequentially accessed past its allocated length Mathias Payer CS412 Software Security

  13. Temporal memory safety Temporal memory safety is a property that ensures that all memory dereferences are valid at the time of the dereference, i.e., the pointed-to object is the same as when the pointer was created. When an object is freed, the underlying memory is no longer associated to the object and the pointer is no longer valid. Dereferencing such an invalid pointer results in a temporal memory safety error and undefined behavior. Mathias Payer CS412 Software Security

  14. Temporal memory safety char *ptr = malloc(26); free(ptr); for (int i = 0; i < 26; ++i) { ptr[i] = i+0x41; } Mathias Payer CS412 Software Security

  15. Towards a definition Memory safety is violated if undefined memory is accessed, either out of bounds or deallocated. Pointers become capabilities, they allow access to a well-defined region of allocated memory. A pointer becomes a tuple of address, lower bound, upper bound, and validity. Pointer arithmetic updates the tuple. Memory allocation updates validity. Dereference checks capability. Capabilities are implicitly added and enforced by the compiler. Mathias Payer CS412 Software Security

  16. Towards a definition Capability-based memory safety enforces type safety for two types: pointer-types and scalars Pointers (and their capabilities) are only created in a safe way. Pointers can only be dereferenced if they point to their assigned, still valid region Mathias Payer CS412 Software Security

  17. Memory safety: Java Replaces pointers with references (no direct memory access) No way to free data, implicit memory reuse after garbage collection Language and runtime system enforce safety, overhead? Mathias Payer CS412 Software Security

  18. Memory safety: Rust Strict type system and ownership implement memory safety References are bound to variables Clear ownership protects against data races: single mutable reference or zero or more immutable references Variables that go out of scope are reclaimed Zero-cost abstraction http://theburningmonk.com/2015/05/ rust-memory-safety-without-gc/ Mathias Payer CS412 Software Security

  19. Memory safety: C/C++ How can we enforce memory safety for C/C++? What makes C/C++ memory unsafe? Mathias Payer CS412 Software Security

  20. Memory safety: C/C++ Two approaches: Remove unsafe features (dialect) Protect the use of unsafe features (instrumentation) Mathias Payer CS412 Software Security

  21. Memory safety: C/C++ dialects Extend C/C++ with safe pointers, enforce strict safety rules “Simple” approach: restrict C to safe subset (e.g., Cyclone) Limit pointer arithmetic, add NULL checks Use garbage collection for heap and region lifetimes for stack Tagged unions (restricting conversions) Normal, never NULL , and fat pointers (a fat pointer consists of address, base, size) Exceptions and polymorphism to replace setjmp Focuses on both spatial and temporal memory safety Mathias Payer CS412 Software Security

  22. Memory safety: C/C++ instrumentation Must track either pointers or allocated memory Check pointer validity when dereferencing Object based: cannot detect sub-object overflows, overhead for large lookups. Advantage that meta data is disjoint resulting in good compatibility Fat pointers: low compatibility due to inline metadata, can detect sub-object overflows Both object-based and fat-pointer based approaches fail to protect against arbitrary casts. Mathias Payer CS412 Software Security

  23. Memory safety: C/C++ SoftBound Compiler-based instrumentation to enforce spatial memory safety for C/C++ Idea: keep information about all pointers in disjoint metadata, indexed by pointer location Source code unchanged, compiler-based transformation Reasonable overhead of 67% for SPEC CPU2006 Mathias Payer CS412 Software Security

  24. Memory safety: C/C++ SoftBound char acctID[3]; char *id = &(acctID); lookup(&id)->bse = &(acctID); // store bounds lookup(&id)->bnd = &(acctID)+3; void acctInit() { char *p = id; // local, remains in register char *p_bse = lookup(&id)->bse; // propagate char *p_bnd = lookup(&id)->bnd; do { char ch = readchar(); check(p, p_bse, p_bnd); // check *p = ch; p++; } while (ch); } Mathias Payer CS412 Software Security

  25. Memory safety: C/C++ SoftBound instrumentation 1 Initialize (disjoint) metadata for pointer when it is assigned 2 Assignment covers both creation of pointers and propagation 3 Check bounds whenever pointer is dereferenced Mathias Payer CS412 Software Security

  26. Memory safety: C/C++ CETS Temporal memory safety is orthogonal to spatial memory safety The same memory area can be allocated to new object How do you ensure that a pointer references the new object and not the old object? How do you detect stale pointers? Garbage collection? Not reuse memory? Mathias Payer CS412 Software Security

  27. Memory safety: C/C++ CETS CETS leverages memory object versioning. Each allocated memory object and pointer is assigned a unique version. Upon dereference, check if the pointer version is equal to the version of the memory object. Two failure conditions: area was deallocated and version is smaller (0) or area was reallocated to new object and the version is bigger. Mathias Payer CS412 Software Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Model for Control-Flow Hijack Attacks Figure 1 Mathias Payer CS412 Software Security Widely-adopted defense mechanisms Hundreds of

1.34k views • 57 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
CS412 Software Security Basic Principles Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Basic Principles Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Basic Principles Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software Security Allow intended use of software, prevent unintended use that may cause harm. Mathias Payer CS412 Software

735 views • 36 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Advanced Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Advanced Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Advanced Mitigations Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Model for Control-Flow Hijack Attacks Figure 1: Mathias Payer CS412 Software Security Advanced mitigations Stack integrity

298 views • 26 slides
CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Mobile Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Mobile computing You are tasked in developing a mobile computing system. What features do you need? How do you ensure device

383 views • 24 slides
CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Exploitation: Disclaimer This section introduces software exploitation We will discuss both basic and advanced exploitation

831 views • 48 slides
CS412 Software Security Reverse Engineering Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Reverse Engineering Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Reverse Engineering Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Basics: encodings Code is data is code is data Learn to read hex numbers: 0x38 == 0011'1000 Python: hex(int('00111000', 2))

696 views • 54 slides
CS412 Software Security Software Bugs Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Software Bugs Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Software Bugs Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security From Software Bugs to Attack Primitives Attack primitives are exploit building blocks Software bugs map to attack primitives , i.e.,

512 views • 23 slides
CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias

CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias

CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Why testing? Testing is the process of executing a program to find errors. An error is a deviation between observed

657 views • 39 slides
CS412 Software Security Program Testing Sanitization Mathias Payer EPFL, Spring 2019

CS412 Software Security Program Testing Sanitization Mathias Payer EPFL, Spring 2019

CS412 Software Security Program Testing Sanitization Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Why testing? Testing is the process of executing a program to find errors. An error is a deviation between

503 views • 28 slides
deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Main Memory - II Paging Segmentation Tevfik Ko ar Louisiana State University March 8

Main Memory - II Paging Segmentation Tevfik Ko ar Louisiana State University March 8

CSC 4103 - Operating Systems Roadmap Spring 2007 Dynamic Loading &amp; Linking Contiguous Memory Allocation Lecture - XII Fragmentation Main Memory - II Paging Segmentation Tevfik Ko ar Louisiana State University

543 views • 6 slides
Modern C ++ for Computer Vision and Image Processing Lecture 5: I/O Files, Classes Ignacio

Modern C ++ for Computer Vision and Image Processing Lecture 5: I/O Files, Classes Ignacio

Modern C ++ for Computer Vision and Image Processing Lecture 5: I/O Files, Classes Ignacio Vizzo and Cyrill Stachniss C ++ Utilities C ++ includes a variety of utility libraries that provide functionality ranging from bit-counting to partial

843 views • 55 slides
DEXs and Shamirs November 25, 2019 guha.jayachandran@sjsu.edu How to Trade? Directly with

DEXs and Shamirs November 25, 2019 guha.jayachandran@sjsu.edu How to Trade? Directly with

DEXs and Shamirs November 25, 2019 guha.jayachandran@sjsu.edu How to Trade? Directly with counterparty or Through an exchange Why do Exchanges Exist? Why do Exchanges Exist? So you dont need to know your counterparty. The exchange

612 views • 28 slides
Project 5: Virtual Memory COS 318 Fall 2013 Project 5 Schedule Design Review Monday, Nov

Project 5: Virtual Memory COS 318 Fall 2013 Project 5 Schedule Design Review Monday, Nov

Project 5: Virtual Memory COS 318 Fall 2013 Project 5 Schedule Design Review Monday, Nov 25 10-min time slots from 10am to 8pm Due date: Wed Dec 4, 11:55pm General Suggestions Project is not divided into phases. Follow

592 views • 14 slides
Swapping ! Active processes use more physical memory than system has Address Binding Swap out

Swapping ! Active processes use more physical memory than system has Address Binding Swap out

Swapping ! Active processes use more physical memory than system has Address Binding Swap out can be fixed P1 or relocatable Operating Systems I at runtime P2 Backing Store (Swap Space) OS Virtual Memory Main Memory Swapping

539 views • 8 slides
Virtual Memory Eric McCreath Introduction Virtual memory is a technique that permits processes

Virtual Memory Eric McCreath Introduction Virtual memory is a technique that permits processes

Virtual Memory Eric McCreath Introduction Virtual memory is a technique that permits processes to be executed even when they are not completely in memory. This has many advantages, including: programs can be larger than physical memory,

2.17k views • 14 slides
Announcement (No deadline extension for the rest of quarter) Project 2 final deadline is

Announcement (No deadline extension for the rest of quarter) Project 2 final deadline is

Announcement (No deadline extension for the rest of quarter) Project 2 final deadline is Tuesday midnight May 19 Project 0 resubmission for autograding : June 1 (changed) Project 0 score =max(old score, old score *0.10 + new score

578 views • 28 slides
pinned_vector A Contiguous Container without Pointer Invalidation Meeting C++ 2018 std::vector

pinned_vector A Contiguous Container without Pointer Invalidation Meeting C++ 2018 std::vector

pinned_vector A Contiguous Container without Pointer Invalidation Meeting C++ 2018 std::vector contiguous layout cache locality fastest iteration O(1) lookup random access amortized O(1) growth 2 std::vector contiguous layout cache

1.02k views • 77 slides

More recommend