software security
play

Software Security CSM27 Computer Security Dr Hans Georg Schaathun - PowerPoint PPT Presentation

Nov 09, 2022 •1.05k likes •1.56k views

Software Security CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2009 Week 9 Dr Hans Georg Schaathun Software Security Autumn 2009 Week 9 1 / 30 The session Outline The session 1 Examples 2

  1. Software Security CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2009 – Week 9 Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 1 / 30

  2. The session Outline The session 1 Examples 2 Overflows 3 Coding Practices 4 Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 2 / 30

  3. The session Session objectives Be aware of implementation errors leading to security vulnerabilities Discuss dangers of broken abstraction Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 3 / 30

  4. The session Source Most of this material is due to Robert C Seacord Examples from Secure Coding in C and C++ Practices from https://www.securecoding.cert.org/confluence/ display/seccode/Top+10+Secure+Coding+Practices Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 4 / 30

  5. The session Security or Useability This chapter is largely about software bugs Is this security? . . . or is it useability? Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 5 / 30

  6. The session Security or Useability This chapter is largely about software bugs Is this security? . . . or is it useability? Answer is yes Bugs are user (programmer) mistakes – useability. Many bugs cause security vulnerabilities. Useability is a prerequisite of security. Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 5 / 30

  7. The session Security or Useability This chapter is largely about software bugs Is this security? . . . or is it useability? Answer is yes Bugs are user (programmer) mistakes – useability. Many bugs cause security vulnerabilities. Useability is a prerequisite of security. Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 5 / 30

  8. Examples Outline The session 1 Examples 2 Overflows 3 Coding Practices 4 Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 6 / 30

  9. Examples Why is this code insecure? bool IsPasswordOkay ( void ) { char Password [12] ; gets ( Password ) ; i f ( ! strcmp ( Password , " goodpass " ) ) return true ; else return ( false ) ; } void main ( void ) { bool PwStatus ; puts ( " Enter password : " ) ; PwStatus = IsPasswordOkay ( ) ; i f ( PwStatus == false ) { puts ( " Access denied " ) ; e x i t ( − 1) ; } else puts ( " Access granted " ) ; } Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 7 / 30

  10. Examples String handling Why is this insecure? int main ( int argc , char ∗ argv [ ] ) { char a [16] ; char b [16] ; char c [32] ; strcpy ( a , " 0123456789abcdef " ) ; strcpy ( b , " 0123456789abcdef " ) ; strcpy ( c , a ) ; s t r c a t ( c , b ) ; p r i n t f ( "a = %s \ n" , a ) ; return 0 ; } Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 8 / 30

  11. Examples String handling A C string is an array of characters (bytes). represented by pointer to start of array 0 byte marks the end of the string. E.g. 16-character string requires 17 bytes Easy to forget. Hard bug to spot. Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 9 / 30

  12. Overflows Outline The session 1 Examples 2 Overflows 3 Coding Practices 4 Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 10 / 30

  13. Overflows Integer Overflows Integers in mathematical terms is an infinite set {−∞ , . . . , − 2 , − 1 , 0 , 1 , 2 , . . . , ∞} Integers in computing terms is a finite set 8-bit: { 0 , 1 , 2 , 3 , . . . , 254 , 255 } 32-bit: { 0 , 1 , 2 , 3 , . . . , 2 32 − 2 , 2 32 − 1 } This is (often) a broken abstraction What is 212 + 64? Using 8-bit integers in C, we get 20! Safe languages would raise an exception (run-time). If your language has no built-in protection you have to make your own protection manually Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 11 / 30

  14. Overflows Integer Overflows Integers in mathematical terms is an infinite set {−∞ , . . . , − 2 , − 1 , 0 , 1 , 2 , . . . , ∞} Integers in computing terms is a finite set 8-bit: { 0 , 1 , 2 , 3 , . . . , 254 , 255 } 32-bit: { 0 , 1 , 2 , 3 , . . . , 2 32 − 2 , 2 32 − 1 } This is (often) a broken abstraction What is 212 + 64? Using 8-bit integers in C, we get 20! Safe languages would raise an exception (run-time). If your language has no built-in protection you have to make your own protection manually Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 11 / 30

  15. Overflows Integer Overflows Integers in mathematical terms is an infinite set {−∞ , . . . , − 2 , − 1 , 0 , 1 , 2 , . . . , ∞} Integers in computing terms is a finite set 8-bit: { 0 , 1 , 2 , 3 , . . . , 254 , 255 } 32-bit: { 0 , 1 , 2 , 3 , . . . , 2 32 − 2 , 2 32 − 1 } This is (often) a broken abstraction What is 212 + 64? Using 8-bit integers in C, we get 20! Safe languages would raise an exception (run-time). If your language has no built-in protection you have to make your own protection manually Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 11 / 30

  16. Overflows Stack Overrun Original stack frame argument a argument b argument c Return address Saved frame pointer local variable x local variable y Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 12 / 30

  17. Overflows Stack Overrun Original stack frame Overrun argument a argument a argument b argument b argument c argument c Return address Bad return address . . . Saved frame pointer . . . local variable x . . . local variable y Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 12 / 30

  18. Overflows The finger bug Command Argument Meaning push ’/sh,<nul>’ push1 $68732f push1 $6e69622f push ’/bin’ save address of start of string mov1 sp, r10 push 0 (argument 3) push1 $0 push 0 (argument 2) push1 $0 push string address (arg. 1) push1 r10 push argument count push1 $3 set argument pointer mov1 sp, ao chmk $3b make execve kernel call Executes execve("/bin/sh",0,0) on return Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 13 / 30

  19. Overflows The finger bug Command Argument Meaning push ’/sh,<nul>’ push1 $68732f push1 $6e69622f push ’/bin’ save address of start of string mov1 sp, r10 push 0 (argument 3) push1 $0 push 0 (argument 2) push1 $0 push string address (arg. 1) push1 r10 push argument count push1 $3 set argument pointer mov1 sp, ao chmk $3b make execve kernel call Executes execve("/bin/sh",0,0) on return Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 13 / 30

  20. Coding Practices Outline The session 1 Examples 2 Overflows 3 Coding Practices 4 Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 14 / 30

  21. Coding Practices 1. Validate input Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including command line arguments network interfaces environmental variables user controlled files Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 15 / 30

  22. Coding Practices 1. Validate input Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including command line arguments network interfaces environmental variables user controlled files Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 15 / 30

  23. Coding Practices Example: path names Suppose you write an application, where users upload files The user can specify a filename, e.g. holiday.jpg, ... and you prepend a directory name, e.g. /public/images/ How can this be exploited? Suppose the users use filename /../../etc/passwd. How do we avoid this? Input checking is possible; ../ is an illegal string. Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 16 / 30

  24. Coding Practices Example: path names Suppose you write an application, where users upload files The user can specify a filename, e.g. holiday.jpg, ... and you prepend a directory name, e.g. /public/images/ How can this be exploited? Suppose the users use filename /../../etc/passwd. How do we avoid this? Input checking is possible; ../ is an illegal string. Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 16 / 30

  25. Coding Practices Example: path names Suppose you write an application, where users upload files The user can specify a filename, e.g. holiday.jpg, ... and you prepend a directory name, e.g. /public/images/ How can this be exploited? Suppose the users use filename /../../etc/passwd. How do we avoid this? Input checking is possible; ../ is an illegal string. Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 16 / 30

  26. Coding Practices Character Encoding Vulnerabilities in Unicode Unicode collects characters for (almost) every language UTF-8 is the most common encoding of Unicode Variable length characters ASCII (American 7-bit character set) uses one byte Ensuring compatibility. Western European (non-ASCII) characters use two bytes More exotic characters require 3 or 4 bytes Dr Hans Georg Schaathun Software Security Autumn 2009 – Week 9 17 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a course on software security? Software plays a major role in the modern society But is a major source of security problems. Software is the

659 views • 30 slides
Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Agenda Securing the software

1.91k views • 65 slides
Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the program enforces expected C onfidentiality I ntegrity A vailability How can we look at software component and assess its

837 views • 49 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Some recent attacks 2 A game changer The Internet

1.17k views • 87 slides
Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2014 jan (sect) Software Security SoSe 2014 1 / 13 Recap: Overflow Bugs Ingredients: fixed-size buffer on the

429 views • 13 slides
CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
Linguistics &amp; Corpora Monday, February 2, 2015 Plan for Today: Character Encodings

Linguistics &amp; Corpora Monday, February 2, 2015 Plan for Today: Character Encodings

Linguistics &amp; Corpora Monday, February 2, 2015 Plan for Today: Character Encodings Regular Expressions http://www.xkcd.com/1209/ Last time Syntax Word Alignment: Alien Language Activity Python 3 Today Working with raw text

302 views • 26 slides
Jonathan Rosenberg dynamicsoft IETF 52 History RFC2543 had appendix B, which specified SDP

Jonathan Rosenberg dynamicsoft IETF 52 History RFC2543 had appendix B, which specified SDP

draft-rosenberg-mmusic-sdp-offer-answer-00.txt Jonathan Rosenberg dynamicsoft IETF 52 History RFC2543 had appendix B, which specified SDP usage As bis evolved, this section become more independent and moved towards a well-defined

194 views • 8 slides
Tiny functions for lots of things Keith Winstein joint work with: Francis Y. Yan , Sadjad Fouladi

Tiny functions for lots of things Keith Winstein joint work with: Francis Y. Yan , Sadjad Fouladi

Tiny functions for lots of things Keith Winstein joint work with: Francis Y. Yan , Sadjad Fouladi , John Emmons , Riad S. Wahby , Emre Orbay , Brennan Shacklett , William Zeng , Dan Iter , Shuvo Chaterjee, Catherine Wu Daniel Reiter Horn

1.12k views • 94 slides
Updateable fields in Lucene and other Codec applications Andrzej Bia ecki Agenda Codec

Updateable fields in Lucene and other Codec applications Andrzej Bia ecki Agenda Codec

Updateable fields in Lucene and other Codec applications Andrzej Bia ecki Agenda Codec API primer Some interesting Codec applications TeeCodec and TeeDirectory FilteringCodec Single-pass IndexSplitter Field-level

940 views • 50 slides
Compact Course Python Michaela Regneri &amp; Andreas Eisele Lecture 4 Overview More on

Compact Course Python Michaela Regneri &amp; Andreas Eisele Lecture 4 Overview More on

Compact Course Python Michaela Regneri &amp; Andreas Eisele Lecture 4 Overview More on Strings Modules Exceptions Input and Output in Python Encodings 2 Strings: Methods http://docs.python.org/3.1/library/stdtypes.html #

352 views • 20 slides
Unsafe Server Code advisorName = params[:form][:advisor] students = Student.find_by_sql(

Unsafe Server Code advisorName = params[:form][:advisor] students = Student.find_by_sql(

Unsafe Server Code advisorName = params[:form][:advisor] students = Student.find_by_sql( &quot;SELECT students.* &quot; + &quot;FROM students, advisors &quot; + &quot;WHERE student.advisor_id = advisor.id &quot; + &quot;AND advisor.name =

159 views • 12 slides
Code Inspection SENG 426, Summer 2009 Overview Code Inspection Process Participants

Code Inspection SENG 426, Summer 2009 Overview Code Inspection Process Participants

Code Inspection SENG 426, Summer 2009 Overview Code Inspection Process Participants Process Steps Inspection Metrics Forms Sample Code Inspection Project Part One: Use cases &amp; Sequence Diagrams, Application

1.03k views • 28 slides
Examining the Code [Reading assignment: Chapter 6, pp. 91-104] Static white-box testing

Examining the Code [Reading assignment: Chapter 6, pp. 91-104] Static white-box testing

Examining the Code [Reading assignment: Chapter 6, pp. 91-104] Static white-box testing Static white-box testing is the process of carefully and methodically reviewing the software design, architecture, or code for bugs without executing

309 views • 17 slides

More recommend