openoffice v3 x security design weaknesses
play

OpenOffice v3.x Security Design Weaknesses Eric Filiol - PowerPoint PPT Presentation

Nov 04, 2022 •251 likes •642 views

4/20/09 OpenOffice v3.x Security Design Weaknesses Eric Filiol filiol@esiea.fr Jean-Paul Fizaine fizaine@esiea-ouest.fr Ecole Suyprieure en Informatique, Electronique et Automatique (ESIEA - Laval) Operational virology and cryptology Lab.

  1. 4/20/09 OpenOffice v3.x Security Design Weaknesses Eric Filiol filiol@esiea.fr Jean-Paul Fizaine fizaine@esiea-ouest.fr Ecole Suypérieure en Informatique, Electronique et Automatique (ESIEA - Laval) Operational virology and cryptology Lab. Black Europe 2009

  2. 4/20/09 INTRODUCTION • For years Microsoft Office has been THE reference suite – For document production. – For document exchange. • Very soon infested by macro-viruses. – Concept virus (1995). • Still a real threat. – E. g. China vs German chancery (2007). • Need for an alternative? 2

  3. 4/20/09 INTRODUCTION • Recent evolution – Use free Office suite – The best candidate: OpenOffice. • Very popular: – Seemingly no cost. – Wrong feeling of security « It is free and open therefore it is (or must be) secure! » – Fully compatible with Microsoft Office – … more than Microsoft with itself. • Worldwide use in civilian and governmental (incl. military) spheres. Official document format for : – French Gendarmerie, French Ministry of Economy and Finance – And many others in Europe… 3

  4. 4/20/09 INTRODUCTION • The “natural” confidence in Open Software makes security analysis most of the times useless. • Question: it is possible to have both security and openness at the same time? • What the exact level of security with respect to malware when considering OO. • BadBunny macro worm (2008). 4

  5. 4/20/09 INTRODUCTION • In 2006 and 2007 security analysis showed that OO 2.x was absolutely not secure. – All data given to OO developers • End of 2008, release of OO3 – Presented as a significant evolution! – What about security two years after? 5

  6. 4/20/09 INTRODUCTION • Our talk deals with an in-depth analysis of OO3 with respect to malware attacks – How to exploit the confidence in cryptographic primitives? – How to design powerful attacks? • We do not consider implementation vulnerabilities! • We consider conceptual design flaws only! • Wlog we consider OOwriter only! 6

  7. 4/20/09 INTRODUCTION • To prevent stupid comments: – We are not hidden Microsoft moles! – There are problems for M$ too. – But unfortunately less than for OO since it has less powerful primitives inside. • We just want to make decision-makers to be aware of the existing risks – … and make them responsible, if such a thing is possible! – Reducing costs is most of the times not compatible with security. 7

  8. 4/20/09 AGENDA • Introduction. • History of OO 2.x security. • ODF Format and Security Primitives. • Viral Attacks through OO3 documents – Unencrypted documents – Encrypted documents – Digitally signed documents • Conclusion: Enhancing OO Security. 8

  9. 4/20/09 Demos • A lot of demos to come. • Complete code and techniques available in the white paper! • Fully and easily implementable by malware in an automatic way. 9

  10. History of OO 2.x security

  11. 4/20/09 OO2 Security History • First in-depth security analysis – De Drézigué et al. (2006) Journal in Computer virology – Filiol & Fizaine (2007) Virus Bulletin Journal. – Lagadec (2007) Journal in Computer Virology • A lot of « hot » reactions. – Many stupid, ideologic comments but who did really read the papers? 11

  12. 4/20/09 OO2 Security History (2) • A lot of contacts with the OO developers (German part) – All proof-of-concepts communicated to them during the OO International Conference in Lyon, France (2006). – We suggested to design the Trusted OpenOffice suite: • Parts or sensitive functions of the suite could be enabled/disabled by the system admistrator according to the security policy in place. • To answer the permanent stupid comments, we published technical data (Virus Bulletin). 12

  13. 4/20/09 OO2 Security History (3) • OpenOffice malware appear – Proof-of-concept (Filiol & Fizaine, 2006 & 2007). – BadBunny (2007). – What about the next ones? • Unfortunately, results are not taken into account! – No real security concern. – OO embed cryptography! – The OO suite « spreads » more and more. 13

  14. 4/20/09 OO2 Security History (4) • The risk is still very high: – A lot of possible native programming languages (OOBasic, Python, Perl, Ruby…). • Available for Windows, Linux, Apple… • Enables multi-platform malware. • Complies with the Open Document Format 1.x 14

  15. 4/20/09 OO2 Security History (5) • Which attacks were possible? – Macro management modification: • Change or pervert the macro security level • Possibility to insert malicious macros in OO libraries – Modification of the application menus (problem of application integrity management). Interesting to use with k-ary malware. – Modify integrity of plain document (insert macro) • Weak management of cryptography. Possibility to transparently remove: – Encryption. – Digital signature. 15

  16. 4/20/09 OO2 Security History (6) • We designed proof-of-concepts for technical validation. • We will not present the viral algorithmics: – Not specific to OO but to macro viruses – With OO3, nothing has really changed with respect to the malware technologies – Please refer to the bibliography. • We are going to explain how to exploit user’s confidence in cryptography (encryption, signature) to design powerful malware attacks. 16

  17. 4/20/09 OO3 Release • December 2008: release of OO3 • Presented as a major evolution of the suite - Compatibility with Vista! - A few bugs fixed - Easy-to-useness increased - … - But what about security? - Are cryptographic (encryption, signature) a real protection against OO malware. - In fact most of the attacks still remain effective! 17

  18. ODF Format and Security Primitives. ODF - Formal approach

  19. 4/20/09 OO3 Document Structure • Any OO document is just a ZIP archive. • With very simple tools (compression utility, text editor…) it is possible to analyse and modify any such document. – Demo 1 • Two essential files: – Content.xml (document visible content). – Manifest.xml: describes the document structure (files, directories…) – Demo 2 19

  20. 4/20/09 OO3 Macro Location • Where are located macros in OO3 documents? – Located in a specific directory (one per language). – Contains the files • Script-lb.xml (generic information with respect to macros) • Script-lc.xml (additional information + security flags) Library:readonly=‘‘false’’ Library:passwordprotected=‘’false’’ – The macro code itself! – Demo 3 20

  21. 4/20/09 OO3 Cryptographic Features Formalization • OO3 security is based on – Password-based encryption. – Digital signature. • There are (too) many ways to apply them. • Need for a formal approach for an exhaustive description. • Graph-based description – Digital signature – Digital Signature with encryption. 21

  22. 4/20/09 OO3 Encryption • Blowfish in CFB mode . – Use of IV for key differentiation! – In this respect far better than M$ Office (Filiol, 2009). • Key derivation algorithm : PBKDF2 • SHA-1 for integrity . • The manifest.xml file is itself not encrypted ! – Major weakness that can be exploited by malware ! • Demo 4 22

  23. 4/20/09 OO3 Encryption (2) • Macro and macro-related files are themselves encrypted – Demo 5 • As we will see, it is only an apparent protection in most critical cases. 23

  24. 4/20/09 OO3 Signature • Let us recall that signature is THE cryptographic primitive dedicated to give confidence about – Document integrity – Document origin (who is the sender) • There are two ways of applying signature – File  Digital Signature… menu – Tools  Macros  Digital Signature … menu • Based on X509 certificates – Demo 6 (signature of document without macro) – Creation of a documentsignatures.xml file – Both the manifest.xml and documentsignatures.xml files are not signed! 24

  25. 4/20/09 OO3 Signature and Encryption • The overall structure remains the same. – Refer to the white paper. • The documentsignatures.xml is not encrypted! – Another critical weakness! • Let us now consider documents with macros. – Two different cases to consider! – But in both cases the critical files are not signed! 25

  26. 4/20/09 File  Digital Signature Case • A documentsignature.xml file is created • The whole document is signed (including macros) ! – Significant evolution compared to OO2. – Older attacks now fails! – But new ones are possible (see further)! • Demo 7 26

  27. 4/20/09 Tools  Macros  Digital Signature Case • A macrosignatures.xml file is created • Only the macro tree is signed (including the macros) – Possible to modify the rest of the document while the user relies on partial signature! – Other attacks are possible with respect to macros (see further). • Demo 8 27

  28. 4/20/09 Summary • There is still critical weaknesses with respect to signature and encryption implemenation/ management. – A few older attacks from 2006/2007 are no longer directly valid. – New ones are possible. • The existence of two different methods for signature is non sensical and is bound to fool the user and ease malware attacks. • Cryptographic primitives provides a false sense of security to the user! • Let us now explain why. 28

  29. Viral Attacks through OO3 documents

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite Word processor - Writer Spreadsheet - Calc Presentation - Impress Page 2 OpenOffice.org A complete office suite www.openoffice.org

239 views • 19 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives

Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives

Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives Understand design concepts of OS-layer Access Control Announcements, etc: MP3 Soft Extension: Submit by April 25th for -10pts MP4 due

489 views • 26 slides
EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri Blumenthal (analysis done by Sarvar Patel) Member of Technical Staff EAP-SIM Draft and its Security Claims Current EAP-SIM provides

342 views • 7 slides
Anatomy of an Apache OpenOffice Extension Pedro Giffuni pfg@apache.org AOO Architecture: Jigsaw

Anatomy of an Apache OpenOffice Extension Pedro Giffuni pfg@apache.org AOO Architecture: Jigsaw

Anatomy of an Apache OpenOffice Extension Pedro Giffuni pfg@apache.org AOO Architecture: Jigsaw Puzzle 26/11/14 2 So how do I develop for Apache OpenOffice - Develop within the main OpenOffice platform (yes, it is open): - Mostly C++

162 views • 12 slides
Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen michael.boelen@cisofy.com Nijmegen, 2016-05-10 Meetup: Linux Usergroup Nijmegen Goals 1. Perform a security audit 2. Learn what to protect 3. Determine why 2 Agenda

558 views • 52 slides
Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Photos placed in horizontal position with even amount of white space between photos and header Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F. Clem IAEA-CN-254-298 Sandia National Laboratories is

503 views • 17 slides
Five weaknesses of ASPIC+ Leila Amgoud amgoud@irit.fr Amgoud (IRIT) Weaknesses of APSIC+ 1 /

Five weaknesses of ASPIC+ Leila Amgoud amgoud@irit.fr Amgoud (IRIT) Weaknesses of APSIC+ 1 /

Five weaknesses of ASPIC+ Leila Amgoud amgoud@irit.fr Amgoud (IRIT) Weaknesses of APSIC+ 1 / 12 Motivation Argumentation = an activity of reason aimed to increase (or decrease) the acceptability of a controversial standpoint by putting

975 views • 38 slides
Introducing weaknesses into security devices Tuning to a different key! Arron finux Finnon

Introducing weaknesses into security devices Tuning to a different key! Arron finux Finnon

Introducing weaknesses into security devices Tuning to a different key! Arron finux Finnon #BerlinSides - 29/12/11 Summary Lets have a look at a VERY famous exploit, a VERY famous Exploit Framework and a VERY famous

763 views • 35 slides
How UNAIDS works Strengths and weaknesses in the governance of UNAIDS Strengths Inclusiveness

How UNAIDS works Strengths and weaknesses in the governance of UNAIDS Strengths Inclusiveness

How UNAIDS works Strengths and weaknesses in the governance of UNAIDS Strengths Inclusiveness of decision making Involvement of civil society, PLWH Things can change Strengths and weaknesses in the governance of UNAIDS Weaknesses

209 views • 7 slides
Weaknesses of Probabilistic Context-Free Grammars Michael Collins, Columbia University Weaknesses

Weaknesses of Probabilistic Context-Free Grammars Michael Collins, Columbia University Weaknesses

Weaknesses of Probabilistic Context-Free Grammars Michael Collins, Columbia University Weaknesses of PCFGs Lack of sensitivity to lexical information Lack of sensitivity to structural frequencies S NP VP NNP Vt NP IBM bought NNP

805 views • 9 slides
Abusing Performance Optimization Weaknesses to Bypass ASLR Byoungyoung Lee Yeongjin Jang Tielei

Abusing Performance Optimization Weaknesses to Bypass ASLR Byoungyoung Lee Yeongjin Jang Tielei

Abusing Performance Optimization Weaknesses to Bypass ASLR Byoungyoung Lee Yeongjin Jang Tielei Wang Chengyu Song Long Lu Taesoo Kim Wenke Lee Georgia Tech Information Security Center (Rough) System Attack Trends Executing existing code

661 views • 50 slides
Apache OpenOffice: The Task Pane Adventure or how, when and why the Tool Panel element may

Apache OpenOffice: The Task Pane Adventure or how, when and why the Tool Panel element may

Apache OpenOffice: The Task Pane Adventure or how, when and why the Tool Panel element may become your new best friend speaker: Fabrizio Marchesano Softeco Sismat, Italy About me (some very interesting information you can't live without...

434 views • 14 slides
What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv INTRO / Who We Are We are Nguyet & Doug Collectively,

634 views • 39 slides
Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Calum Benson

Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Calum Benson

Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Calum Benson Matthias Mller-Prove Jiri Mzourek Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Agenda Our projects Open

296 views • 13 slides
Recovering the OpenOffice.org Code History Why Code History? first-hand reference on how

Recovering the OpenOffice.org Code History Why Code History? first-hand reference on how

Recovering the OpenOffice.org Code History Why Code History? first-hand reference on how code evolved when the developer knew most about it detailed references to external resources developers have limited memories original

703 views • 20 slides
The Securitization Process Securities Borrowers Lenders sell Securitizer sold to take loans

The Securitization Process Securities Borrowers Lenders sell Securitizer sold to take loans

The Securitization Process Securities Borrowers Lenders sell Securitizer sold to take loans to creates financial out loans. securitizer. derivative institutions. securities backed by pools of loans. Borrowers Lenders Buyers of

280 views • 8 slides
Atlas Refinement with Bounded Packing Efficiency Hao-Yu Liu , Xiao-Ming Fu, Chunyang Ye,

Atlas Refinement with Bounded Packing Efficiency Hao-Yu Liu , Xiao-Ming Fu, Chunyang Ye,

Atlas Refinement with Bounded Packing Efficiency Hao-Yu Liu , Xiao-Ming Fu, Chunyang Ye, Shuangming Chai, Ligang Liu University of Science and Technology of China Atlas Normal Color Texture Packing Efficiency (PE) PE=86.1% PE=45.6% High

607 views • 43 slides
Insurance Graphic Organizer REMINDER: Insurance Graphic Organizer Discussion To be done at home.

Insurance Graphic Organizer REMINDER: Insurance Graphic Organizer Discussion To be done at home.

Insurance Graphic Organizer REMINDER: Insurance Graphic Organizer Discussion To be done at home. Review done at the beginning of next class. Bring your questions and answers. These activities contain extra information not included in class.

293 views • 10 slides
Sustainability one that meets the transportation and other needs of the present without

Sustainability one that meets the transportation and other needs of the present without

Sustainability one that meets the transportation and other needs of the present without compromising the ability of future generations to meet their needs. Agenda Tallahassee International Airport (TLH) mission statement

895 views • 56 slides
Polygonal Splines and Their Applications Motivation Polynomial for Numerical Solution of PDE 1

Polygonal Splines and Their Applications Motivation Polynomial for Numerical Solution of PDE 1

Ming-Jun Lai Polygonal Splines and Their Applications Motivation Polynomial for Numerical Solution of PDE 1 Splines Spline Method for PDE GBC BB functions Ming-Jun Lai Polygonal Spline Space Department of Mathematics Hexahedral Spline

440 views • 40 slides
Adaptivity and blowup detection for nonlinear evolution PDEs Emmanuil Georgoulis and Department

Adaptivity and blowup detection for nonlinear evolution PDEs Emmanuil Georgoulis and Department

Adaptivity and blowup detection for nonlinear evolution PDEs Emmanuil Georgoulis and Department of Mathematics Department of Mathematics University of Leicester National Technical University of Athens UK Greece Based on joint work with:

671 views • 32 slides
Generalized Barycentric Coordinates Kai Hormann Faculty of Informatics Universit della

Generalized Barycentric Coordinates Kai Hormann Faculty of Informatics Universit della

Generalized Barycentric Coordinates Kai Hormann Faculty of Informatics Universit della Svizzera italiana Lugano Universit della Svizzera italiana, Lugano Cartesian coordinates point (2,2) with x -coordinate: 2 y -coordinate: 2

738 views • 31 slides
Myself Researcher at CNR-IMATI & Member of the Shape and Seman<cs Modelling

Myself Researcher at CNR-IMATI & Member of the Shape and Seman<cs Modelling

Myself Researcher at CNR-IMATI & Member of the Shape and Seman<cs Modelling Group (since 2001) Laplacian Spectral Functions, Kernels, and Distances Responsible of the research line Numerical Geometry and Signal

662 views • 29 slides

More recommend