software vulnerabilities in programming languages and
play

Software Vulnerabilities in Programming Languages and Applications - PowerPoint PPT Presentation

Oct 13, 2022 •23 likes •503 views

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada Security There are people out there trying to attack every computer that we own. Most

  1. Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada

  2. Security There are people out there trying to attack every computer that we own. Most attacks come over the internet, but for high valued assets, attacks can come from anywhere. Most of these attacks leverage vulnerabilities in the applications that we use to gain an advantage over us. June 16 2010 Programming Language Vulnerabilities 2

  3. Security  Attacks attempt to: Steal Resources (money, information) - Create a denial of services - Prevent execution  Corrupt Data  prevent communications  Cause wrong calculation for nefarious reasons - Take over system for own usages - Destroy trust in system - June 16 2010 Programming Language Vulnerabilities 3

  4. Outline  Attack and Defence  Resources and Information  Work of WG 23  Programming Language Vulnerabilities  Types of Attacks Net-based - library and OS - Autorun - Hardware -  Avoiding Vulnerabilities June 16 2010 Programming Language Vulnerabilities 4

  5. Attack and Defence  The Easy Ones! Attack over the Internet - CWE/SANS Top 25 (security) programming errors  Also easiest to defend - Attack from mounted devices - Autorun files, boot devic es  BlueTooth - Back doors - Networks, dial-up lines, attached devices 

  6. Attack and defence (cont)  The Harder Ones Accidental or Planted defects in libraries or OS - Planted defects or worms in hardware - Programmer planted worms, cookies or Christmas - Trees Do you have a programmer with:  A grudge? - A blackmail-able secret (gambling, gay, etc)? - How do you identify code that does not match  required functionality? June 16 2010 Programming Language Vulnerabilities 6

  7. What's the difference?  Many attack vectors Net-based attacks need someone to figure out a weakness - in the system under attack, then exploit it to get change behaviour or to get a payload in Exploit almost always something illegal under normal  circumstances Autorun-based attacks depend on certain features of - hardware and OS, and usually include payload on same media H/W, Firmware, library, OS-based attacks depend on attack - code already being loaded and triggering condition being transmitted to system somehow Likely legal (undocumented) combination of values or  commands June 16 2010 Programming Language Vulnerabilities 7

  8. Some of the notorious attacks  All of the traditional viruses and worms in executables, PDF's, emails  2001 (approx) IEEE 802.11 WEP encryption is broken  2005 – USAF has personnel database compromised over internet Results in USAF ASACoE being created -  2007/8 USN discovers that its secure networks sponsor clone CISCO routers that are sending duplicate packets somewhere  Ongoing – BlueTooth virus attacks  2008 – Sequoia AVC Advantage voting machine take over June 16 2010 Programming Language Vulnerabilities 8

  9. Defence  This is hard. - You need to recognize every attack vector and defend against every conceivable attack. - Attacker only needs to identify 1 weakness and exploit it.  Basic concept - start at the architecture level and analyse the susceptibilities - Architecture (client-server, open network, stand-alone, ...) - OS, libraries, hardware, programming language  Design defence in depth for all possible attack vectors  More later

  10. Resources and Information  DHS sites Common Vulnerabilities and Exposures (cve.mitre.org) - Very application-specific (right down to version #)  Common Weakness Enumeration (cwe.mitre.org) - Generalization of CVE's, very language-specific  Open Web Security Application Project (www.owasp.org) - Very web-oriented   Above sites do not look beyond the network June 16 2010 Programming Language Vulnerabilities 10

  11. Resources and Information(cont)  Build Security In Website (www.buildsecurityin.us-cert.gov) Good, up-to-date educational and reference material -  ISO/IEC/JTC 1/SC 22/WG 23 Programming Language Vulnerabilities (www.aitcnet.org/isai/) - Only truly language-independent consideration of - vulnerabilities and delivery-independent consideration First version of technical report published - Developing more vulnerabilities - June 16 2010 Programming Language Vulnerabilities 11

  12. Work of WG 23  Programming Languages Vulnerabilities Working Group  Member of ISO/IEC JTC 1/SC 22  Developing International Report 24772 “Guidance to Avoiding Vulnerabilities in Programming - Languages through Language Selection and Use”  Documents 53 Language-independent vulnerabilities - 19 Application Vulnerabilities - Annexes for each of the major Languages -  Work products and drafts of TR available from http://www.aitcnet.org/isai/ June 16 2010 Programming Language Vulnerabilities 12

  13. Work of WG 23 - progress  Published 2010 version without any Annexes Ada Annex essentially finished - C, Fortran, COBOL Annexes making progress - C++, Java, C#, scripting languages not started - June 16 2010 Programming Language Vulnerabilities 13

  14. Work of WG 23 – sample  Here are some of WG 23's published vulnerabilities Bit Representations [STR] - Enumerator Issues [CCB] - Numeric Conversion Errors [FLC] - String Termination [CJM] - Buffer Overflow [XZB] - Pointer Casting and Pointer Type Changes [HFC] - Null Pointer Dereference [XYH] - Dangling Reference to Heap [XYK] - Templates and Generics [SYM] - Inheritance [RIP] - Initialization of Variables [LAV] - June 16 2010 Programming Language Vulnerabilities 14

  15. Programming Language Vulnerabilities  What is a Programming Language vulnerability? Consider buffer overflow - A deliberate write to a buffer that exceeds its bounds in - many OS's and languages is permitted On stack, may overwrite return address  On heap, may overwrite address of a function  If code has been written at same time (or existed before) - and address of that code is coerced into the return address or function, attacker has just assumed control of the machine June 16 2010 Programming Language Vulnerabilities 15

  16. Programming Language Vulnerabilities  So what is the vulnerability? Programming language permits the attacker (either via an - input or due to an explicit deviance in the code) to write outside an object to gain some advantage.  Does Ada have this vulnerability? Not unless you - use unchecked programming or  disable runtime checks or  link into libraries written in another language  June 16 2010 Programming Language Vulnerabilities 16

  17. Types of Attacks  Net-based  Autorun worms  Libraries and OSs  Hardware  Program itself June 16 2010 Programming Language Vulnerabilities 17

  18. Network Based Attacks  SANS/CWE Top 25 Vulnerabilities Available from http://cwe.mitre.org -  All network based  All oriented to opening up a system from the outside June 16 2010 Programming Language Vulnerabilities 18

  19. Things to note about net-based attacks  Rely upon fundamental mistakes by programmer and language systems Mostly trust: - In the provider of input  In OS/libraries/language system to catch and  handle errors  Examples Input that exceeds buffer sizes or character - expectations (eg 8 bit vs 16/32 bit) Input that gets translated into OS commands - June 16 2010 Programming Language Vulnerabilities 19

  20. CWE/SANS Top 25 - #1-10 [1] CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')  [2] CWE-89 Improper Sanitization of Special Elements used in an SQL Command  ('SQL Injection') [3] CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')  [4] CWE-352 Cross-Site Request Forgery (CSRF)  [5] CWE-285 Improper Access Control (Authorization)  [6] CWE-807 Reliance on Untrusted Inputs in a Security Decision  [7] CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path  Traversal') [8] CWE-434 Unrestricted Upload of File with Dangerous Type  [9] CWE-78 Improper Sanitization of Special Elements used in an OS Command  ('OS Command Injection') [10] CWE-311 Missing Encryption of Sensitive Data  June 16 2010 Programming Language Vulnerabilities 20

  21. CWE/SANS Top 25 #11-20 [11] CWE-798 Use of Hard-coded Credentials  [12] CWE-805 Buffer Access with Incorrect Length Value  [13] CWE-98 Improper Control of Filename for Include/Require Statement in PHP  Program ('PHP File Inclusion') [14] CWE-129 Improper Validation of Array Index  [15] CWE-754 Improper Check for Unusual or Exceptional Conditions  [16] CWE-209 Information Exposure Through an Error Message  [17] CWE-190 Integer Overflow or Wraparound  [18] CWE-131 Incorrect Calculation of Buffer Size  [19] CWE-306 Missing Authentication for Critical Function  [20] CWE-494 Download of Code Without Integrity Check  June 16 2010 Programming Language Vulnerabilities 21

  22. CWE/SANS Top 25 #21-25 [21] CWE-732 Incorrect Permission Assignment for Critical Resource  [22] CWE-770 Allocation of Resources Without Limits or Throttling  [23] CWE-601 URL Redirection to Untrusted Site ('Open Redirect')  [24] CWE-327 Use of a Broken or Risky Cryptographic Algorithm  [25] CWE-362 Race Condition  June 16 2010 Programming Language Vulnerabilities 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Vulnerabilities in C-based languages

633 views • 59 slides
61A Lecture 27 Wednesday, October 31 Programming Languages Computers have software written in

61A Lecture 27 Wednesday, October 31 Programming Languages Computers have software written in

61A Lecture 27 Wednesday, October 31 Programming Languages Computers have software written in many different languages. Machine languages: statements can be interpreted by hardware All data are represented as sequences of bits All

417 views • 12 slides
Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages

Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages

Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages CS251 Programming Languages Fall 2016, Lyn Turbak Department of Computer Science Wellesley College Discussion: P rogramming L anguages Your

496 views • 30 slides
Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages

Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages

Big Ideas for CS 251 Theory of Programming Languages Principles of Programming Languages CS251&Programming&Languages& Spring&2016,&Lyn&Turbak& ! Department!of!Computer!Science! Wellesley!College! Discussion:

933 views • 27 slides
Programming Languages Chapter One Modern Programming Languages, 2nd ed. 1 Outline What

Programming Languages Chapter One Modern Programming Languages, 2nd ed. 1 Outline What

Programming Languages Chapter One Modern Programming Languages, 2nd ed. 1 Outline What makes programming languages an interesting subject? The amazing variety The odd controversies The intriguing evolution The connection to

712 views • 39 slides
Synchronous vs. Asynchronous Programming Jan Pascal Maas Institute for Software Engineering and

Synchronous vs. Asynchronous Programming Jan Pascal Maas Institute for Software Engineering and

Synchronous vs. Asynchronous Programming Jan Pascal Maas Institute for Software Engineering and Programming Languages University of Luebeck 25. January 2016 Seminar Concepts of Programming Languages Introduction 3 Synchronous vs.

618 views • 45 slides
Subprograms COS 301 Programming Languages UMAINE CIS COS 301 Programming Languages

Subprograms COS 301 Programming Languages UMAINE CIS COS 301 Programming Languages

Subprograms COS 301 Programming Languages UMAINE CIS COS 301 Programming Languages Topics Fundamentals of Subprograms Design Issues Parameter-Passing Methods Function Parameters Local Referencing Environments

1.41k views • 110 slides
Subprograms COS 301 Programming Languages UMAINE CIS COS 301 Programming Languages

Subprograms COS 301 Programming Languages UMAINE CIS COS 301 Programming Languages

Subprograms COS 301 Programming Languages UMAINE CIS COS 301 Programming Languages Topics Fundamentals of Subprograms Design Issues Parameter-Passing Methods Function Parameters Local Referencing Environments

538 views • 28 slides
Chapter 2 Early History: low level languages The 1950s: first programming languages History of

Chapter 2 Early History: low level languages The 1950s: first programming languages History of

Topics Chapter 2 Early History: low level languages The 1950s: first programming languages History of Programming The 1960s: an explosion in programming languages Languages The 1970s: back to simplicity Functional and logic programming

582 views • 8 slides
Reasoning about nondeterminism in software IBM Programming Languages Day 2012 Eric Koskinen

Reasoning about nondeterminism in software IBM Programming Languages Day 2012 Eric Koskinen

Reasoning about nondeterminism in software IBM Programming Languages Day 2012 Eric Koskinen Research Scientist and Principal Investigator New York University ejk@cims.nyu.edu Monday, June 25, 12 Prove temporal properties of real programs

1.57k views • 127 slides
Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC

Memory Corruption Vulnerabilities, Part I Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Some Terminology Software error A programming mistake that make the software not meet its expectation Software

726 views • 59 slides
Fundamentals of Programming Languages I Introduction and Logics Guoqiang Li School of Software,

Fundamentals of Programming Languages I Introduction and Logics Guoqiang Li School of Software,

Fundamentals of Programming Languages I Introduction and Logics Guoqiang Li School of Software, Shanghai Jiao Tong University Instructor and Teaching Assistants Guoqiang LI Homepage: http://basics.sjtu.edu.cn/liguoqiang Course

1.12k views • 72 slides
Introduction to Computers and Programming Hardware Software Computer languages

Introduction to Computers and Programming Hardware Software Computer languages

Introduction to Computers and Programming Hardware Software Computer languages Compiling and running 1 Computer Basics A computer system consists of both hardware and software . Hardware - the physical components.

471 views • 17 slides
Programming language shapes Programming thought programming languages are not merely

Programming language shapes Programming thought programming languages are not merely

CMPS 112: Spring 2019 Comparative Programming Languages Lecture 1: Course Overview. Owen Arden UC Santa Cruz A Programming Language Two variables L1: x++; x , y y--; Three operations (y=0)?L2:L1 x++ L2:

476 views • 18 slides
Energy consumption in embedded systems; abstractions for software models, programming languages

Energy consumption in embedded systems; abstractions for software models, programming languages

Energy consumption in embedded systems; abstractions for software models, programming languages and verification methods Florence Maraninchi orcid.org/0000-0003-0783-9178 thanks to M. Moy, L. Mounier, L. Maillet-Contoz, D. Barthel, J.

489 views • 45 slides
Intermediate representations of functional programming languages for software quality control

Intermediate representations of functional programming languages for software quality control

Intermediate representations of functional programming languages for software quality control Melinda Tth, Gordana Raki c Etvs Lornd University University of Novi Sad Faculty of Informatics Chair of Computer Science Aug. 27., 2013

529 views • 37 slides
...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

#UFONet = ( To0L.AlienWare ) / ninja [ DDoS + DoS ] \ (multi- ProXY / DarkNet ( HTTP(s) / WebAbuse [ Layer7 ] ) +(extra[Layer3]+d0rKng+eVas(h)iVe(CA- che/ge0) +FngPrinting+ sTAT[RanKiNgs+F0RuMS + WarGameS (P2P/ClAns-RanKings)] Denial of

690 views • 51 slides
Computer Worms A program that copies itself from one computer to another Origins:

Computer Worms A program that copies itself from one computer to another Origins:

Computer Worms A program that copies itself from one computer to another Origins: distributed computations Schoch and Hupp: animations, broadcast messages Segment: part of program copied onto workstation Segment processes

861 views • 35 slides
Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

909 views • 39 slides
Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with: Dan Boneh, zgr Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner Typical Crypto Application m ! Solution: (Private Key) Encryption c ! c

865 views • 58 slides
3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

EPFL, Spring 2017 3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1 Field bus principles 3.2 Field bus operation 3.3 Standard field busses 3.4 Industrial wireless communication Industrial

1.26k views • 87 slides
All Units...Pick up your Charter Renewal Packet & Schedule your Charter Turn-in (about 15

All Units...Pick up your Charter Renewal Packet & Schedule your Charter Turn-in (about 15

All Units...Pick up your Charter Renewal Packet & Schedule your Charter Turn-in (about 15 minutes) The Dates are: 27 January, Wed. 7 to 9 pm at the Scout office 13 February, Tues. 9 am to 1 pm at Salem Church in Eastover 20

217 views • 19 slides
Introduction Presenter: Jienan Liu Network, Intelligence & security Lab What is Chrome

Introduction Presenter: Jienan Liu Network, Intelligence & security Lab What is Chrome

Chrome Extension Introduction Presenter: Jienan Liu Network, Intelligence & security Lab What is Chrome Extension Extension Small software programs that can modify and enhance the functionality of the Chrome browser. Written

576 views • 18 slides
WEBRTC API in Chrome Implementation experience Harald Alvestrand Our goal Make the web

WEBRTC API in Chrome Implementation experience Harald Alvestrand Our goal Make the web

WEBRTC API in Chrome Implementation experience Harald Alvestrand Our goal Make the web browser the best RTC platform To achieve this: Provide a fully functional, production quality implementation of the WEBRTC API and RTCWEB protocol

387 views • 7 slides

More recommend