this presentation is for informational purposes only
play

This presentation is for informational purposes only. MICROSOFT - PowerPoint PPT Presentation

Aug 17, 2023 •291 likes •658 views

This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Operating system Hypervisors & Network services System libraries System apps Firmware Boot loaders kernels &

  1. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

  3. Operating system Hypervisors & Network services System libraries System apps Firmware Boot loaders kernels & drivers VMMs (HTTP) (cryptography) (browsers)

  6. 700 100% 90% 600 80% 500 70% 60% 400 % of CVEs # of CVEs 50% 300 40% 30% 200 20% 100 10% 0 0% 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Patch ch Year Patch ch Year Total Memory safety Not memory safety ~70% Memory safety is an ~60% of high severity vulnerabilities in Chrome ~66% of iOS 12 vulnerabilities industry challenge ~72% of macOS 10.14 vulnerabilities ~90% of Android vulnerabilities [2,3,4,5]

  7. Most systems software is currently written in unsafe languages such as C and C++ These are great languages, but developers need to consciously do the safe thing And it is easy to make a mistake 

  8. CVE VE-2019 2019-1345 1345 A portable executable (PE) parsing memory safety vulnerability[6] found by @j00ru that I introduced into the Windows kernel in 2016

  9. 100% For systems software[1] at Microsoft 90% 80% Most vulnerabilities are not known to be 70% exploited in the wild* 60% % of CVEs 50% If a vulnerability is exploited, it is most likely to 40% first be exploited as zero day in a targeted 30% attack 20% 10% Broad exploitation has become uncommon 0% 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Patch ch Year Customer safety has meaningfully improved Exploited within 30 days of security update Not known to be exploited Exploiting vulnerabilities has become more expensive → Alphabet soup of exploit mitigations, sandboxes, and other controls have increased costs Many attackers have pivoted to alternative tactics with better ROI → Social engineering (phishing for credential theft, ransomware, etc)

  10. we leverage tools[25,26] to help us find vulnerabilities they do not satisfy the properties outlined earlier

  12. The upstream & downstream costs to productivity can be significant

  15. 100% 50 50 90% 35 35 51 51 37 37 132 179 33 33 39 39 216 151 87 87 222 222 34 34 16 16 80% 91 91 9 4 9 6 24 24 2 11 11 70% 1 1 4 7 39 39 6 4 88 88 19 19 27 27 4 10 10 4 94 94 60% 13 13 31 31 #1 – heap out-of-bounds 6 57 57 77 77 10 10 3 % of CVEs 14 14 12 12 5 23 23 5 6 40 40 50% 93 93 44 44 17 17 60 60 21 21 14 14 20 20 15 15 81 81 36 36 40% 184 37 37 81 81 71 71 #2 – use after free 35 35 92 92 183 57 57 30% 98 98 38 38 43 43 93 93 63 63 85 85 102 20% 28 28 31 31 130 25 25 10% #3 – type confusion 27 27 21 21 106 74 74 80 80 22 22 18 18 59 59 25 25 27 27 10 10 10 10 3 11 11 0% 3 3 7 6 1 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Patch ch Year #4 – uninitialized use Stack Corruption Heap Corruption Use After Free Type Confusion Uninitialized Use Heap OOB Read Other

  16. Vulnera erabi bili lity ty Develo loper per Vulnera erabi bili lity ty class Durable le safet ety y solution ion Compl pletene ness? Enfor orceabili ceability ty? Verif ifia iabi bili lity ty? categ tegor ory frict ctio ion? Heap out-of-bounds read/write Use gsl::span<T> and do not index ☺    Stack out-of-bounds Spati tial l safet ety raw pointers or perform pointer read/write arithmetic on raw pointers[7] Global out-of-bounds read/write Always initialize members in    ☺ constructors[9] Heap uninitialized use ☺   ☺ Use a memory allocator that initializes by default Tempo pora ral l safet ety Always initialize members in    ☺ constructors[9] Stack uninitialized use ☺   ☺ Always initialize local variables before use[8,18]

  17. Vulnera erabi bili lity ty Develo loper per Vulnera erabi bili lity ty class Durable le safet ety solut ution ion Compl pletene ness? Enfor orceabili ceability ty? Verif ifia iabi bili lity ty? categ tegor ory frict ctio ion? Heap use after free Use RAII, owner<T>, unique_ptr<T>, and     Tempora poral l safet ety shared_ptr<T> instead of raw pointers or references to objects[10, 11, 12] Stack use after free     Concu curr rrenc ncy y Memory access race Unknown[13] safet ety condition Object lifetime and concurrency vulnerabilities are challenging to categorically eliminate

  18. nd order 2 nd er vulnerab erabil ilit ity y Develo lope per r Vulnera erabi bili lity ty class Durable le safet ety y solution ion Compl pletene ness? Enfor orceabili ceability ty? Verif ifia iabi bili lity ty? categ tegor ory frict ctio ion? ☺    Use dynamic cast or similar Illegal static down cast runtime verification[14,17] Type pe confusion ion ☺    Union field type Use std::variant[15] confusion ☺    Integer overflow or Use safe integer manipulation Arith thmeti etic c errors ors underflow libraries[16] 2 nd order vulnerability classes can give rise to memory safety vulnerabilities

  19. Observations: making unsafe code safer

  20. C# is a wonderful language, but it is not suitable in many systems contexts

  21. Vulnerab rability ty cate tegory Vulnerab rability ty class C# Completene teness Rust t Completeness ☺ ☺ Heap out-of-bounds read/write ☺ ☺ Spati tial al safety ty Stack out-of-bounds read/write ☺ ☺ Global out-of-bounds read/write ☺ ☺ Heap uninitialized use ☺ ☺ Stack uninitialized use Temporal ral safety ty ☺ ☺ Heap use after free ☺ ☺ Stack use after free  ☺ Concurr rrency cy safety ty Memory access race condition ☺ ☺ Illegal static down cast Type confus usion ☺ ☺ Union field type confusion ☺  Arithm hmeti tic erro rors Integer overflow or underflow unsafe

  23. Observations: transition to safer languages

  25. 3 Compl pletene ness? Enfor orceabili ceability ty? Verif ifia iabi bili lity ty? Develo loper per frict ction ion?  ☺  ☺

  26. Observations: memory tagging

  27. Unforgeable capabilities enable fine-grained memory access control[22] Compl pletene ness? Enfor orceabili ceability ty? Verif ifia iabi bili lity ty? Develo loper per frict ction ion?  ☺  

  28. Observations: CHERI

  29. ✔ Hard to do the unsafe thing ✔ Easy to verify that the safe thing happens ✔ Productivity is maximized ✔ Inherently viable

  31. transitive

  33. A huge THAN ANK K YOU OU to everyone at Microsoft & across the industry who is working to durably improve systems software security

  34. https://alexgaynor.net/2019/aug/12/introduction-to-memory-unsafety-for-vps-of-engineering/ https://langui.sh/2019/07/23/apple-memory-safety/ https://security.googleblog.com/2019/11/gwp-asan-sampling-heap-memory-error.html https://security.googleblog.com/2019/05/queue-hardening-enhancements.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1909 https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#probounds-bounds-safety-profile https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#Res-always https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#SS-type https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#SS-lifetime https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#r-resource-management https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#Res-deref https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#cp-concurrency-and-parallelism https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#Rh- dynamic_cast https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#Ru-naked https://github.com/isocpp/CppCoreGuidelines/blob/master/CppCoreGuidelines.md#S-expr https://clang.llvm.org/docs/ControlFlowIntegrityDesign.html https://github.com/microsoft/MSRC-Security- Research/blob/master/presentations/2019_09_CppCon/CppCon2019%20-%20Killing%20Uninitialized%20Memory.pdf https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf

  35. https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20memory%20tagging.pdf https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-941.pdf https://www.cst.cam.ac.uk/blog/tmj32/addressing-temporal-memory-safety https://github.com/microsoft/verona https://www.microsoft.com/security/blog/2020/05/04/mitigating-vulnerabilities-endpoint-network-stacks/ https://www.youtube.com/watch?v=NlfZG2wTPZU https://www.rsaconference.com/usa/agenda/collaborating-to-improve-open-source-security-how-the- ecosystem-is-stepping-up https://vimeo.com/376177222

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Page 1 www.decus.de 1 HP IT-Symposium 2006 Automatic Failover across sites with Data Guard

Page 1 www.decus.de 1 HP IT-Symposium 2006 Automatic Failover across sites with Data Guard

HP IT-Symposium 2006 This presentation is for informational purposes only and may not be incorporated into a contract or agreement. This document is for informational purposes. It is not a commitment to deliver any material, code, or

1.02k views • 47 slides
Safe Harbor Statement This presentation is provided for informational purposes only and does not

Safe Harbor Statement This presentation is provided for informational purposes only and does not

L EADING V ERTICALLY I NTEGRATED G ENERIC P LAYER August 2018 Safe Harbor Statement This presentation is provided for informational purposes only and does not constitute or form part of any offer or invitation to sell or issue, or any

632 views • 18 slides
Safe Harbor Statement This presentation is provided for informational purposes only and does not

Safe Harbor Statement This presentation is provided for informational purposes only and does not

L EADING V ERTICALLY I NTEGRATED G ENERIC P LAYER JP Morgan Healthcare Conference January 2019 Safe Harbor Statement This presentation is provided for informational purposes only and does not constitute or form part of any offer or invitation to

417 views • 19 slides
Disclaimer This document is provided for informational and reference purposes only. The Fresno

Disclaimer This document is provided for informational and reference purposes only. The Fresno

Disclaimer This document is provided for informational and reference purposes only. The Fresno County Superintendent of Schools (FCSS) has not independently verified its contents, and its provision does not constitute any such verification. This

598 views • 40 slides
Investor Presentation Q3- 2013 This presentation is for informational purposes only and may not

Investor Presentation Q3- 2013 This presentation is for informational purposes only and may not

Investor Presentation Q3- 2013 This presentation is for informational purposes only and may not be reproduced or distributed to any other person or published, in whole or in part, for any purpose. This presentation has been prepared by Summit

409 views • 29 slides
Investor Presentation Q2- 2013 This presentation is for informational purposes only and may not

Investor Presentation Q2- 2013 This presentation is for informational purposes only and may not

Investor Presentation Q2- 2013 This presentation is for informational purposes only and may not be reproduced or distributed to any other person or published, in whole or in part, for any purpose. This presentation has been prepared by Summit

747 views • 29 slides
Safe Harbor Statement This presentation is provided for informational purposes only and does not

Safe Harbor Statement This presentation is provided for informational purposes only and does not

L EADING V ERTICALLY I NTEGRATED G ENERIC P LAYER Investor Presentation September 2017 Safe Harbor Statement This presentation is provided for informational purposes only and does not constitute or form part of any offer or invitation to sell

384 views • 20 slides
Keith E. Eastland The materials and information have been prepared for informational purposes

Keith E. Eastland The materials and information have been prepared for informational purposes

Keith E. Eastland The materials and information have been prepared for informational purposes only. This is not legal advice, nor intended to create or constitute a lawyer-client relationship. Before acting on the basis of any information or

703 views • 46 slides
Disclaimer The information provided herein is for informational and illustrative purposes This

Disclaimer The information provided herein is for informational and illustrative purposes This

GEB Earnings Results 2Q 2018 1 September 13/2018 Disclaimer The information provided herein is for informational and illustrative purposes This presentation may contain statements that are forward-looking within only and is not, and does not

429 views • 23 slides
Disclaimer The information provided herein is for informational and illustrative purposes This

Disclaimer The information provided herein is for informational and illustrative purposes This

GEB Earnings Results 3Q 2018 1 November 15/2018 Disclaimer The information provided herein is for informational and illustrative purposes This presentation may contain statements that are forward-looking within only and is not, and does not

781 views • 25 slides
NOTE: The presentation is for informational purposes only and does not constitute legal advice.

NOTE: The presentation is for informational purposes only and does not constitute legal advice.

NOTE: The presentation is for informational purposes only and does not constitute legal advice. Main Federal Agencies Involved in Immigration Department of Homeland Security (DHS) U.S. Citizenship and Immigration Services (USCIS)

328 views • 30 slides
Listing on the NASDAQ (Ticker: UDF) May 2014 This presentation is for informational purposes

Listing on the NASDAQ (Ticker: UDF) May 2014 This presentation is for informational purposes

Capital Solutions for Homebuilders and Developers Listing on the NASDAQ (Ticker: UDF) May 2014 This presentation is for informational purposes only and is not an offer to buy or the solicitation of an offer to sell any securities of United

809 views • 48 slides
June 2018 PAGE 0 Disclaimer This presentation is for informational purposes only and does not

June 2018 PAGE 0 Disclaimer This presentation is for informational purposes only and does not

November 2016 June 2018 PAGE 0 Disclaimer This presentation is for informational purposes only and does not constitute an offer to sell, a solicitation of any offer to buy, or a recommendation to purchase any securities of or any of its

747 views • 39 slides
June 2020 PAGE 0 Disclaimer This presentation is for informational purposes only and does not

June 2020 PAGE 0 Disclaimer This presentation is for informational purposes only and does not

November 2016 June 2020 PAGE 0 Disclaimer This presentation is for informational purposes only and does not constitute an offer to sell, a solicitation of any offer to buy, or a recommendation to purchase any securities of or any of its

530 views • 39 slides
Disclaimer This presentation material has been prepared solely for informational purposes only.

Disclaimer This presentation material has been prepared solely for informational purposes only.

IRPC Public Company Limited 2016 Opportunity Day 2 March 2017 Disclaimer This presentation material has been prepared solely for informational purposes only. IRPC is furnishing it solely for use by prospective investors / analysts in the

817 views • 44 slides
DISCLAIMER The information contained in this presentation is for informational purposes only and

DISCLAIMER The information contained in this presentation is for informational purposes only and

DISCLAIMER The information contained in this presentation is for informational purposes only and is not a recommendation as to whether to invest in NQ Minerals plc shares. The information contained in this presentation is not investment or

194 views • 18 slides
Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging

Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging

Module 10: Virtual Memory Background Demand Paging Performance of Demand Paging Page Replacement Page-Replacement Algorithms Allocation of Frames Thrashing Other Considerations Demand Segmentation Silberschatz,

643 views • 48 slides
Segmentation and Paging CS 416: Operating Systems Design, Spring 2011 Department of Computer

Segmentation and Paging CS 416: Operating Systems Design, Spring 2011 Department of Computer

Memory Management Thrashing, Segmentation and Paging CS 416: Operating Systems Design, Spring 2011 Department of Computer Science Rutgers University Rutgers Sakai: 01:198:416 Sp11 (https://sakai.rutgers.edu) Summary of Page Eviction

368 views • 23 slides
Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on

Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on

Memory Management Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on September 7th @ 11:59pm 2 / 54 Memory Management Poll https: // www.strawpoll.me / 20863490 3 / 54 Memory Management Recap

952 views • 54 slides
Flexible Flexible Architectural Architectural Support Support for for Fine Fine Grain rain

Flexible Flexible Architectural Architectural Support Support for for Fine Fine Grain rain

Flexible Flexible Architectural Architectural Support Support for for Fine Fine Grain rain Scheduling Scheduling Daniel Daniel Sanchez Sanchez Richard M. Richard Richard M Yoo Richard M. Yoo Yoo Yoo Christos Christos Kozyrakis

351 views • 22 slides
Reflecting on Rust Ryan Eberhardt and Armin Namavari June 4, 2020 Logistics This is our last

Reflecting on Rust Ryan Eberhardt and Armin Namavari June 4, 2020 Logistics This is our last

Reflecting on Rust Ryan Eberhardt and Armin Namavari June 4, 2020 Logistics This is our last lecture together We are so, so proud of everything you have learned this quarter, and we hope you are too! Next Tuesday, will have a guest

606 views • 48 slides
C LANGUAGE INTRODUCTION, PART 2 (INPUT VIA SCANF, WHILE LOOPS) POINTERS, PART 1 CSSE 120

C LANGUAGE INTRODUCTION, PART 2 (INPUT VIA SCANF, WHILE LOOPS) POINTERS, PART 1 CSSE 120

C LANGUAGE INTRODUCTION, PART 2 (INPUT VIA SCANF, WHILE LOOPS) POINTERS, PART 1 CSSE 120 Rose Hulman Institute of Technology Some ways in which C #include &lt;stdio.h&gt; differs from Python: #include &lt;stdlib.h&gt; #include

280 views • 17 slides
Increasing HPC Resiliency Leads to Greater Productivity Roger Moye University of Texas MD

Increasing HPC Resiliency Leads to Greater Productivity Roger Moye University of Texas MD

1 Increasing HPC Resiliency Leads to Greater Productivity Roger Moye University of Texas MD Anderson Cancer Center rvmoye@mdanderson.org November 14, 2016 2 Our HPC Environment Shark HPC Nautilus HPC Compute nodes 80 336 CPU cores

884 views • 22 slides
Storing Data: Disks and Files Module 2, Lecture 1 Yea, from the table of my memory Ill

Storing Data: Disks and Files Module 2, Lecture 1 Yea, from the table of my memory Ill

Storing Data: Disks and Files Module 2, Lecture 1 Yea, from the table of my memory Ill wipe away all trivial fond records. -- Shakespeare, Hamlet Database Management Systems, R. Ramakrishnan 1 Disks and Files DBMS stores

440 views • 27 slides

More recommend