defensive coding techniques pt 2
play

Defensive Coding Techniques (Pt. 2) Engineering Secure Software - PowerPoint PPT Presentation

Dec 09, 2022 •278 likes •476 views

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Last Time... Always code defensively Validating input Principles

  1. Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. Last Time... Always code defensively Validating input ● ● Principles Sanitizing input ● ● Writing insecure code is easy ○ Exception handling ● Maintainability still counts ○ Know thy API’s ○ Subclassing ● ○ Complexity is the enemy of security Immutability ● Don’t be paranoid ○ Tree of knowledge ○ Concurrency ● ● public static final SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. Cloning is Insecure (and Medically Unethical!) Every Java object has a clone() method ● Shallow Copy: Obj Obj2 = Obj1.clone() ○ ObjA Obj1 Val SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. Cloning is Insecure (and Medically Unethical!) Every Java object has a clone() method ● Shallow Copy: Obj Obj2 = Obj1.clone() ○ ObjA Obj1 Obj2 Val SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. Cloning is Insecure (and Medically Unethical!) Every Java object has a clone() method ● Shallow Copy: Obj Obj2 = Obj1.clone() ○ What happens when: Obj1.ObjA.value = “blah” ○ ObjA Obj1 Obj2 Val SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. Cloning is Insecure (and Medically Unethical!) Every Java object has a clone() method ● Deep Copy ○ Object Serialization ■ Defensive Copying ■ Copy Constructors ■ Factory Methods ■ ObjA ObjB Obj1 Obj2 ValA ValB SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. Cloning is Insecure (and Medically Unethical!) Every Java object has a clone() method ● Deep Copy ○ Object Serialization ■ public final class Galaxy { Defensive Copying ■ // Regular Constructor Copy Constructors ■ public Galaxy(Double mass, String name) { this.mass = mass; Factory Methods ■ this.name = name; } // Copy Constructor public Galaxy(Galaxy galaxy) { this(galaxy.getMass(), galaxy.getName()); } public Double getMass() { return mass; } public String getName() { return name; } } SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Cloning is Insecure (and Medically Unethical!) Every Java object has a clone() method ● Often error-prone ○ Doesn’t do what you think it does ○ Most people don’t abide by the contract ○ Even the Java architects don’t like it ● The Java Language Secure Coding Guidelines from Oracle ○ recommend not using java.lang.Cloneable entirely Use your own copy mechanism if needed ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. Don’t Be a Serial Killer! Serialization is often unnecessary; difficult to get right ● Deserializing is essentially constructing an object without ● executing the constructor If you use it, don’t assume the constructor will be executed ○ Can reverse-engineer to violate constructor post-conditions ○ Complex input! ○ Note: serialized != encrypted ● Confidentiality disclosure ○ Use transient for variables that don’t need serialization ○ e.g. environment info, timestamps, keys ■ SWEN-331: Engineering Secure Software Benjamin S Meyers 9

  10. Memory Organization Assumptions Don’t rely upon the memory organization of the compiler/OS ● e.g. C-code: ● char a=5; char b=3; *(&a+1)=0; /* b is now 0 */ /* this may work, but not advisable */ Lots of problems with this ● Compilers change ○ OS’s change ○ Development environment vs. customer environment ○ Really difficult to debug ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 10 10

  11. Dead Store Removal Don’t leave sensitive data sitting in memory longer than needed ● Hibernation features dump RAM to HDD ○ Segfault → core dump → passwords! ○ The following is usually a good idea… ● void GetData(char *MFAddr) { char pwd[64]; if (GetPasswordFromUser(pwd, sizeof(pwd))) { if (ConnectToMainframe(MFAddr, pwd)) { /* Interact with mainframe */ } memset(pwd, 0, sizeof(pwd)); /* Clear password */ } } … BUT C++ .NET and GCC 3.X will optimize away that last call, since ● pwd is never used again Some libraries have specific functions to avoid such ○ optimizations, e.g. explicit_bzero on OpenBSD SWEN-331: Engineering Secure Software Benjamin S Meyers 11 11

  12. Environment & File Confusion In C/C++, the putenv() and getenv() methods vary between OS ● Change depending on the compiler and platform ○ Sometimes case-sensitive, sometimes not ○ An attacker can add an environment variable (e.g. to his own ○ JVM) that overrides yours putenv(“TEST_ENV=foo”); putenv(“Test_ENV=bar”); const char *temp = getenv(“TEST_ENV”); if (temp == NULL) { /* Handle error */ } printf(“%s\n”, temp); /* “foo” on Linux, “bar” on Windows */ Same with file names in Windows (insensitive) and Linux ● Do not rely on case sensitivity when interacting with platform ● SWEN-331: Engineering Secure Software Benjamin S Meyers 12 12

  13. Native Wrappers If you use another language, you inherit all of the risks in that ● language e.g. Java Native Interface (JNI) can execute a C program with a ○ buffer overflow Also: treat native calls as external entities ● Perform input validation and sanitization ○ Loaded at runtime → spoofing opportunity ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 13 13

  14. Watch Character Conversions Most apps require Internationalization (I18N) in some form ● Need to convert one character set to another for translation ○ When apps get big, I18N is usually an afterthought ○ Not all character sets are the same size! ● Assume 4-bytes for a character? Buffer overrun on Chinese chars ○ Not every byte maps to a character ○ Sometimes multiple bytes map to a single character ○ Recommendations ● Use unicode (UTF-8 or UTF-16) ○ Don’t write your own converters ○ Check: web servers, database systems, command inputs ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 14 14

  15. Let Your GET Mean GET HTTP protocols have different actions ● GET -- for retrieving data (typically) ○ POST, DELETE, etc. -- modify stuff ○ HTTP protocol specifies that GET actions should never have a ● persistent effect (e.g. database) Even though you can encode parameters into URL’s ○ Greatly helps mitigate Cross-Site Request Forgery (CSRF) ○ Rarely respected ○ Good: <a href=“index.jsp?navigation=home”>Home</a> ● Bad: <a href=“index.jsp?changeName=Bobby”>Change Name</a> ● SWEN-331: Engineering Secure Software Benjamin S Meyers 15 15

  16. DoS in Many Forms Denial of service occurs in many, many ways ● Overflow the hard drive ○ Overflow memory → page faults ○ Poor hashcodes → constant hash collisions ○ Slow database queries ○ Deadlocks, race conditions, other concurrency issues ○ Network bandwidth issues ○ Recommendations ● Black-box stress testing ○ White-box, unit-level stress testing ○ Focus less on user inputs, more on the logic ○ Learn the art of profiling, e.g. java -agentlib:hprof ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 16 16

  17. Don’t Forget Configuration Files Vulnerabilities can also exist in system configurations ● e.g. log overflow, hardcoded credentials, authorization problems ○ Makefiles and installation definitions ● Insecure compiler optimizations, e.g. dead store removal opts. ○ Using out-of-date, vulnerable dependencies ○ Also: ● I18N configurations ○ General configurations ○ Example configurations ○ Recommendation ● Bring these up in code inspections ○ Look at the defaults , and what is missing ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 17 17

  18. Other Defensive Coding via VOTD Resource exhaustion Secure logging ● ● Log overflow ○ Check the limits of your input ● (Lack of) Log neutralization ○ Integer overflows ○ Limit use of privileged ● Buffer overflows ○ features of the language Don’t trust user input ● Use the Java security ○ SQL injection ○ Manager XSS ○ Classloader override ○ OS command injection ○ Complex file system ○ Error message information interaction ● Reflection abuse ○ leakage More serialization restrictions ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 18 18

  19. Concept: Attack Surface Most exploits enter in through the UI ● Often the same interface the users see ○ Hence: input validation and sanitization ○ Attack surface ● The number and nature of the inputs for a given system ○ Can be quantified ○ Usually compared ○ Attack increases with… ● More inputs, e.g. new input fields, new features ○ Larger input space for a given input, e.g. allowing a markup ○ language instead of plaintext SWEN-331: Engineering Secure Software Benjamin S Meyers 19 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Defensive Coding vs. Risk Analysis Risk Analysis All about domain, assets,

561 views • 24 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter Buchlovsky 8. March 2004 University of Birmingham 1 Contents 1. Call-stacks, shellcode, gets 2. Exploits stack-based, heap-based 3. Defensive

1.56k views • 123 slides
Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State

Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State

Techniques, Fundamentals, and Drills Tom Howe Defensive Ends Coach Stephen F. Austin State University Initial Pass Rush Thoughts There are natural pass rushers but this phase can be developed and refined by all players It is very similar to a

377 views • 15 slides
A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques

A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques

A Technical Overview of AV1 Video Codec Jim Bankoski, Google AOMedia and AV1 Coding Techniques Outline Coding Performance Whats Next Q &amp; A AOMedia and AV1 Coding Techniques Outline Coding Performance Whats Next Q &amp; A Video

1.01k views • 56 slides
KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive July 2020 Investment strategy Defensive Investment climate Key rate trends and outlook The European and US economies are restarting relatively quickly. 3,0 3,0 High-frequency indicators

388 views • 11 slides
In the next 15 minutes we will: Look at some different techniques to help your children with

In the next 15 minutes we will: Look at some different techniques to help your children with

In the next 15 minutes we will: Look at some different techniques to help your children with revision. - Mnemonics - Memorising techniques - Creating a journey story The 4 key things that aid memory 1. Dual coding (words and pictures /

616 views • 15 slides
KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive

KBC Investment Strategy Presentation Defensive June 2020 Investment strategy Defensive Investment climate Substantial economic contraction, uncertain outlook Key rate trends and outlook 3,0 3,0 Initial estimates suggest that the euro

457 views • 11 slides
Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive

Outline CSci 5271 Bernsteins perspective Introduction to Computer Security Day 8: Defensive programming and design, Announcements intermission part 2 Stephen McCamant Techniques for privilege separation University of Minnesota, Computer

577 views • 5 slides
Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and

Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and

Animation Techniques in Astronomy aka a Smorgasbord of Data Management, Coding Hacks and Stuff Ive Been Working on in Houdini/Blender/VR in the context of the larger problems we face in Astronomy Who Are you? Jill P. Naiman NSF+ITC

878 views • 59 slides
New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou.

New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou.

New Techniques for Coding Political Events Across Languages Yan n Lia iang (ylia liang ng@ou. ou.edu du) University of Oklahoma Yan Liang, Andrew Halterman, Khaled Jabr, Christan Grant, Jill Irvine Large - Events Limited Who terabytes

244 views • 23 slides
Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec

Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec

Daalas advanced coding techniques FFmpeg implementation and how they fit in AOMedias codec Rostislav Pehlivanov atomnker@gmail.com 2016-01-30 Some things happened... AOMedias codec has begun development

672 views • 28 slides
CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

7/22/2019 GREATER NY HEALTHCARE FACILITIES ASSOCIATION THE PROOF IS IN THE pudding CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA Vice President The CHARTS Group CMSs MESSAGE: If you do

836 views • 42 slides
Coding and Applications in Sensor Networks Why coding? Information compression

Coding and Applications in Sensor Networks Why coding? Information compression

Coding and Applications in Sensor Networks Why coding? Information compression Robustness to errors (error correction codes) Two categories: Source coding Channel coding Source coding Compression. What is the

916 views • 72 slides
Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A

Risk-Based Coding and Reimbursement What is Risk-Based Coding? Risk-Based Coding Overview A diagnosis coding methodology utilized in risk adjustment models to adjust cost for all patients within a health plan or group Risk

385 views • 23 slides
Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding?

Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding?

Coding and Applications in Sensor Networks Coding and Applications in Sensor Networks Why coding? Why coding? Information compression Robustness to errors (error correction codes) Two categories: Two categories: Source

505 views • 23 slides
802.1 Plenary - 03/2011 Opening Agenda Opening Agenda G General information... l i f i

802.1 Plenary - 03/2011 Opening Agenda Opening Agenda G General information... l i f i

802.1 Plenary - 03/2011 Opening Agenda Opening Agenda G General information... l i f i See: http://www.ieee802.org/1/files/public/minutes /802-1-general-info-v3 pdf /802 1 general info v3.pdf Decorum Press (i.e., anyone reporting

605 views • 25 slides
Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides

Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides

Solid State Drives (SSDs) Daniel Mosse (slides are modified from Dr. Ahmed Amers CS 1550 Slides and Sherif Khattab ) Historical Disk drive specifics IBM 360KB WD 18GB Seagate ST9250410AS floppy HD 250GB HD (16MB cache)

157 views • 11 slides
Energy of Wireless Devices 1 The Showstopper: Energy Need long lifetime with battery

Energy of Wireless Devices 1 The Showstopper: Energy Need long lifetime with battery

Energy of Wireless Devices 1 The Showstopper: Energy Need long lifetime with battery operation No infrastructure, high deployment &amp; replenishment costs Continual improvement in functionality, size, weight, and power

408 views • 25 slides
Internet2 and Middleware Updates Topics Internet2 New network, new network needs for

Internet2 and Middleware Updates Topics Internet2 New network, new network needs for

Internet2 and Middleware Updates Topics Internet2 New network, new network needs for middleware Budget, staffing, etc Strategic Planning and Governance Middleware Presenters Name Internet2 New Network Complete

406 views • 9 slides
Highly Available &amp; Scalable Solutions with RavenDB Oren Eini / Ayende Rahien

Highly Available &amp; Scalable Solutions with RavenDB Oren Eini / Ayende Rahien

Highly Available &amp; Scalable Solutions with RavenDB Oren Eini / Ayende Rahien ayende@ayende.com Hibernating Rhinos LTD Users RavenDB Usage Document database, Transactional, Freely queryable Sharding Architecture Data driven

583 views • 11 slides
MEMORY HIERARCHY RANDOM ACCESS MEMORY Key features RAM is traditionally packaged as a chip.

MEMORY HIERARCHY RANDOM ACCESS MEMORY Key features RAM is traditionally packaged as a chip.

MEMORY HIERARCHY RANDOM ACCESS MEMORY Key features RAM is traditionally packaged as a chip. Basic storage unit is normally a cell (one bit per cell). Multiple RAM chips form a memory. RAM comes in two varieties: SRAM (Static

542 views • 40 slides
Hierarchical Task Network (HTN) Planning Section 11.2 Sec. 11.2 p.1/25 Outline Example

Hierarchical Task Network (HTN) Planning Section 11.2 Sec. 11.2 p.1/25 Outline Example

Hierarchical Task Network (HTN) Planning Section 11.2 Sec. 11.2 p.1/25 Outline Example Primitive vs. non-primitive operators HTN planning algorithm Practical planners Additional references used for the slides: desJardins , M. (2001).

381 views • 25 slides
CS 730/730W/830: Intro AI Beyond STRIPS Hierarchy Wheeler Ruml (UNH) Lecture 18, CS 730 1 /

CS 730/730W/830: Intro AI Beyond STRIPS Hierarchy Wheeler Ruml (UNH) Lecture 18, CS 730 1 /

CS 730/730W/830: Intro AI Beyond STRIPS Hierarchy Wheeler Ruml (UNH) Lecture 18, CS 730 1 / 15 Beyond STRIPS Comparison Extensions Setting Break Hierarchy Beyond STRIPS Wheeler Ruml (UNH) Lecture 18, CS 730 2 / 15

271 views • 15 slides

More recommend