software security
play

Software Security Ge Zhang Security: When is it software problem - PDF document

Nov 08, 2023 •327 likes •976 views

Software Security Ge Zhang Security: When is it software problem Network Problem: caused by the flaws in networking mechanisms such as network protocols. OS Problem: caused by the flaws in OS mechanisms such OS resource management

  1. Software Security Ge Zhang

  2. Security: When is it software problem � Network Problem: caused by the flaws in networking mechanisms such as network protocols. � OS Problem: caused by the flaws in OS mechanisms such OS resource management policies. � Software Problem: caused by the flaws in software implementation or design � Employee Problem: people do not pay attention on security

  3. Why is software security a challenge � Complexity of systems and software. � Security is not a static feature. � Different goals between software projects and security: � Goals of software projects: functionality, usability, efficiency, time-to-market. � Goals of security: confidentiality, integrity, availability… � Software experts are not security experts.

  4. Causes for Security problems (in programming) � Flaws and oversights in the design and implementation � What is written is not what is meant

  5. Principles for security design 1 � Secure the weakest link � a software system is only as secure as its weakest component

  6. Principles for security design 2 � Practice Defense in Depth

  7. Principles for security design 3 � Fail securely

  8. Principles for security design 4 � Follow the Principle of least privilege

  9. Principles for security design 5 � Compartmentalize

  10. Principles for security design 6 � Keep it simple

  11. Principles for security design 7 � Promote privacy

  12. Principles for security design 8 Remember that hiding secrets is hard � Many people assume that code � compiled into binary is sufficiently well protected against attackers. Reverse Engineering � Sometimes, attackers do not need to � have the source code. Enigma machine �

  13. Principles for security design 9 � Be reluctant to trust

  14. Principles for security design 10 � Use your community resources � “Many-eyeballs phenomenon”; � Not a panacea

  15. Verification Architectural Analysis � Information gathering � Understand the requirements of a system � Attempts to understand the proposed architecture at a high level � Have a number of questions about the system and the environment. Answer the questions. � Analysis � Attack trees � Reporting � Ranking, order � Easy to understand

  16. Implementation Security Analysis � Auditing source code � Implementation should meet the design � Look for implementation specific vulnerabilities. (e.g., buffer overflow, race conditions, SQL injections) � Source-level security auditing tools � RATS, Flawfinder, Findbugs, etc

  17. What’s wrong? � #include "string" int main() � � { int is_successful = 0; //flag � char passwd[4]; � while(is_successful == 0) � � { printf("Please input your password:\n"); � scanf("%s", passwd); � � if (strcmp(passwd,"007") == 0) is_successful = 1; � } � � printf("You are James Bond, now!\n"); } �

  18. Buffer overflow

  19. Buffer overflow

  20. Buffer � What is buffer Chunks of the same data type are allocated, the • memory region is called buffer In the stack • • Non-static local variables: int array[4]; In the heap • • Malloc, new: int *pArray = new int[4]; � What is buffer overflow When a program writes past the boundary of a • buffer.

  21. Process memory organization � A process in memory: - code (Program code; marked read-only, so any attempts to write to it will result in segmentation fault) - data segment (Global and static variables) - stack, heap (Dynamic variables)

  22. Process memory organization

  23. More about the stack � Stack frames � Example: foo(){ } bar(){ foo(); } main(){ bar(); }

  24. More about the stack � What a stack frame should hold for a subroutine? � Parameters to the function � The return address � The old frame pointer � Local variables

  25. How stack is used

  26. Buffer Overflows void function(char *str) { char buffer[8]; strcpy(buffer,str); } void main() { char large_string[256]; int i; for( i = 0; i < 255; i++) large_string[i] = 'A'; function(large_string); }

  27. Buffer Overflows

  28. Buffer Overflows

  29. Buffer Overflows

  30. Buffer Overflows

  31. Buffer Overflows

  32. Buffer Overflows

  33. Buffer Overflows

  34. Buffer Overflows

  35. A short discussion � Which consequences can be result in?

  36. Prevention � Avoid the usage of suspect functions � strcpy(), sprintf(), fscan(), gets() � Do bound checking yourself (input verification) � Choose a language which is more immune (e.g., Java)

  37. A short discussion � Is strncpy() more secure? � Is the following code secure? char dest[4]; char source[]=”Hello!”; strncpy(dest, source, sizeof(dest));

  38. Review � What is software security? � Why software security is so challenge? � 10 principles of secure design � Buffer overflow � No bound checking � In stack or in heap � Why it is a serious problem? Overwritten data � Consequence of buffer overflow � Counteracts

  39. SQL injection

  40. Web application processing Take user input from a web form and pass it to a server-side 1. script via HTTP methods such as POST or GET. Process request, open connection to database. 2. Query database and retrieve results. 3. Send processed results back to user. 4.

  41. Example $name = $HTTP_POST_VARS["name"]; $passwd = $HTTP_POST_VARS[“passwd"]; $query = “select name from users where name = ‘”.$name.”’ and passwd = ‘”.$passwd.”’” ; $result = mysql_query($query);

  42. What is SQL Injection?

  43. Further? � Delete: Select users from table where name = ‘ whatever’; DROP TABLE users; - - ’ � Another way to bypass Authentication � select * from users where username=‘ admin’;-- ’ and password=‘whocares’;

  44. Prevention? A short discussion � Firewall? � System patch?

  45. Prevention � Check and filter user input. � Length limit on input (most attacks depend on long query strings). � Different types of inputs have a specific language and syntax associated with them, i.e. Name, email, etc � Do not allow suspicious keywords (DROP, INSERT, SELECT, SHUTDOWN) as name for example. � “Warning: illegal use of this application has been detected. You IP address has been recorded…”

  46. Race Condition

  47. Discussion � Public class Counter extends HttpServlet{ int count =0; public void doGet(HttpServletRequest in, HttpServletResponse out) throws ServeletException, IOException{ out.setContentType(“text/plain”); Printwriter p = out.getWriter(); count++; p.println(count+”hits so far!”); } }

  48. Race Conditions � A race condition occurs if an assumption needs to hold true for a period of time, but actually may not. � Possible problem areas Multi threaded � programming File and database access � � “Window of vulnerability” The time interval in which � assumption can be invalidated

  49. Time Action 2 Window of Vulnerability Time Interval Action 1

  50. Improved? � Public class Counter extends HttpServlet{ int count =0; public synchronized void doGet(HttpServletRequest in, HttpServletResponse out) throws ServeletException, IOException{ out.setContentType(“text/plain”); Printwriter p = out.getWriter(); count++; p.println(count+”hits so far!”); } }

  51. Race Conditions � TOCTTOU (Time of check to time of use) flaws � Time window of vulnerability � Check action � Use action � Variable

  52. What is “TOCTTOU Flaw”? � Semantic Characteristic � Occurs when two events occur and the second depends upon the first one Time Syscall 1 Syscall 2 (Time Of Check) (Time Of Use) Time Interval where attacker can race in and invalidate the assumption that syscall 2 depends upon

  53. File System TOCTTOU: Name-Object Binding Flaws Symbolic Link Races (Temporary File Race) � if ((fd = open (pathname, O_WRONLY))<0) if(error == ENOENT) { if ((fd = creat(pathname, mode))<0) err_sys(“creat error”); }

  54. File System TOCTTOU: Name-Object Binding Flaws � UNIX system provides two different forms of naming, with different semantics � File path name � File descriptor � The difference comes from the way the addresses resolve to the actual objects � File path names are resolved by indirection, requiring the naming and addressing at least one intermediate object other than the actual file object being addressed (indirect pointer to object) � File descriptors are resolved by accessing the file being addressed (direct pointer to object) � Indirect -> Opens up window of vulnerability

  55. PRNG

  56. slide 56 How Random is “Random?”

  57. Random number used in security � Usage � Almost all network security protocols rely on the randomness of certain parameters � Nonce - used to avoid replay � session key � A random number should be unpredictable � Measure random numbers: entropy

  58. Requirements � Utopia � True random generators � High cost � Reality � Pseudo random number generators � Sequence appears random “Any one who consider arithmetical methods of producing random digits is, of course, in a state of sin.” John von Neumann [1951]

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a course on software security? Software plays a major role in the modern society But is a major source of security problems. Software is the

659 views • 30 slides
Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Agenda Securing the software

1.91k views • 65 slides
Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the program enforces expected C onfidentiality I ntegrity A vailability How can we look at software component and assess its

837 views • 49 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Some recent attacks 2 A game changer The Internet

1.17k views • 87 slides
Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2014 jan (sect) Software Security SoSe 2014 1 / 13 Recap: Overflow Bugs Ingredients: fixed-size buffer on the

429 views • 13 slides
CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
Where Do We Come From What Are We Where Are We Going John March-Russell Oxford University

Where Do We Come From What Are We Where Are We Going John March-Russell Oxford University

Where Do We Come From What Are We Where Are We Going John March-Russell Oxford University Where Do We Come From What Are We Where Are We Going (not Tahiti, Abingdon UK HEP!) John March-Russell Oxford University The Situation The

1k views • 79 slides
Optimization and Simulation Introduction to simulation Michel Bierlaire Transport and Mobility

Optimization and Simulation Introduction to simulation Michel Bierlaire Transport and Mobility

Optimization and Simulation Introduction to simulation Michel Bierlaire Transport and Mobility Laboratory School of Architecture, Civil and Environmental Engineering Ecole Polytechnique F ed erale de Lausanne M. Bierlaire (TRANSP-OR ENAC

864 views • 32 slides
Cryptographic Steganography CSM25 Secure Information Hiding Dr Hans Georg Schaathun University

Cryptographic Steganography CSM25 Secure Information Hiding Dr Hans Georg Schaathun University

Cryptographic Steganography CSM25 Secure Information Hiding Dr Hans Georg Schaathun University of Surrey Spring 2007 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 1 / 27 Learning Outcomes be able to apply cryptographic

834 views • 27 slides
Cyber@UC Meeting 52 BSides Recap and Memory Scanning If Youre New! Join our Slack:

Cyber@UC Meeting 52 BSides Recap and Memory Scanning If Youre New! Join our Slack:

Cyber@UC Meeting 52 BSides Recap and Memory Scanning If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

334 views • 18 slides
15-441: Computer Networks Recitation 11/15 Agenda 1. Quick Project 3 Reminder 2. Background on

15-441: Computer Networks Recitation 11/15 Agenda 1. Quick Project 3 Reminder 2. Background on

15-441: Computer Networks Recitation 11/15 Agenda 1. Quick Project 3 Reminder 2. Background on Bitrate Adaptation 3. Background on CDN &amp; DNS Redirect Project 3: Quick reminder CP1 CP2 Grade Deadline Grade Deadline 60% Nov 22 40%

684 views • 15 slides
Status Yu Zhang 08.24 1 cross check 785 events with same event and cfg file 612 evens

Status Yu Zhang 08.24 1 cross check 785 events with same event and cfg file 612 evens

Status Yu Zhang 08.24 1 cross check 785 events with same event and cfg file 612 evens showed on HGam meeting? 2 systematic add theory uncertainty 3 mH=123.5+/-1.5,mu=1.0+/-1.5 85pb -1 ,785 events 4 mu 5 MVA

606 views • 16 slides
MTP3550 Terminal Training Power On/Off Powering On Press and hold the On-Off/End/Home key

MTP3550 Terminal Training Power On/Off Powering On Press and hold the On-Off/End/Home key

MTP3550 Terminal Training Power On/Off Powering On Press and hold the On-Off/End/Home key MTP3550 performs a self-check and system registration routine. The display shows additional information while the MTP3550 is registering

221 views • 10 slides
Five LSE Giants Perspectives on Poverty #LSEBe Beveri veridge #LSEF EFestival al Dr Tani

Five LSE Giants Perspectives on Poverty #LSEBe Beveri veridge #LSEF EFestival al Dr Tani

Five LSE Giants Perspectives on Poverty #LSEBe Beveri veridge #LSEF EFestival al Dr Tani nia a Burch rchard ardt Professo ofessor r Steph ephen en P Jenk nkin ins Professor of Economic and Social Policy, LSE Director, Centre

730 views • 46 slides

More recommend