towards more security in data exchange
play

Towards More Security in Data Exchange Defining Unparsers with - PowerPoint PPT Presentation

Jun 20, 2023 •99 likes •240 views

Towards More Security in Data Exchange Defining Unparsers with Context-Sensitive Encoders for Context-Free Grammars Lars Hermerschmidt, Stephan Kugelmann, Bernhard Rumpe Software Engineering RWTH Aachen http://www.se-rwth.de/ Lars

  1. Towards More Security in Data Exchange Defining Unparsers with Context-Sensitive Encoders for Context-Free Grammars Lars Hermerschmidt, Stephan Kugelmann, Bernhard Rumpe Software Engineering RWTH Aachen http://www.se-rwth.de/

  2. Lars Hermerschmidt Chair of Software Engineering About Me RWTH Aachen Slide 2 Background  Penetration Tester  Now Software Engineering Research Focus  Model-Driven Software Development • Textual Modeling Languages  Security Architecture Why is Cross Site Scripting (XSS) Protection so hard to get right?

  3. Lars Hermerschmidt Chair of Software Engineering Injection Attacks RWTH Aachen Slide 3 SQL Injection HTTP SQL Frontend Target Attacker XSS: plenty of different contexts where JavaScript can be used HTTP HTML, ... Attacker Frontend Target

  4. Lars Hermerschmidt Chair of Software Engineering Injection Attacks RWTH Aachen Slide 4 SQL Injection HTTP SQL Frontend Target Attacker XSS: plenty of different contexts where JavaScript can be used HTTP HTML, ... Attacker Frontend Target unparse parse Injection Attack Language1 Language2 Attacker Frontend Target

  5. Lars Hermerschmidt Chair of Software Engineering State of the art RWTH Aachen Slide 5 In general: Do not trust user data, sanitize or encode it SQL: Prepared Statements HTML, JavaScript, CSS • context aware encoding (HTML, <script>, JavaScript in HTML attribute, ...) • apply encoding automatically [Weinberger2011]  What about all the other languages? • Enterprise backend communication e.g. SAP systems • Cyber Physical Systems like cars, industrial control systems • new or custom formats

  6. Lars Hermerschmidt Chair of Software Engineering It happens during unparsing RWTH Aachen Slide 6 parse program logic's interface to the document String AST representation unparse Correct roundtrip   AST x : parse ( unparse ( x )) x Injection: malicious AST m containing control tokens within terminals   d : parse ( d ) m correct roundtrip for malicious AST m  parse ( unparse ( m )) m decode encode

  7. Lars Hermerschmidt Chair of Software Engineering Defining Context-sensitive encoding RWTH Aachen Slide 7 MontiCoder  Generate (un)parser with context-sensitive (en/de)coder  Define encoding per token in the grammar Element = "tags" LCURLY TagsToken RCURLY; MG token LCURLY = "{"; production rule token RCURLY = "}"; token TagsToken = (~('{' | '}' | ' '))+; encodeTable TagsToken = { "{" -> "&#x0123;", "}" -> "&#x0125;", "&" -> "&#x0038;", " " -> "&#x0020;" };

  8. Lars Hermerschmidt Chair of Software Engineering Language Composition RWTH Aachen Slide 8  One grammar per language (enables reuse, lowers complexity)  Replace terminal from super-language with start symbol of sub- language  enables embedding of JavaScript in HTML • Encoding specified separately for each language Unparsing  Start Encoding in the most nested language  Control characters from L 2 get encoded when used in L 4 L 1 Parsing  Start parsing super-language L L  Run decoder on tokens 2 3  Run subparser L 4

  9. Lars Hermerschmidt Chair of Software Engineering Reducing Language Features RWTH Aachen Slide 9 Use Case: Include rich user input e.g. HTML into output  Option 1: Reduce output language • Change production rules to match only tokens with special names, define encoding • not elegant, but more secure  Option 2: Reduce input language • Copy input into output AST • Program logic must not alter this input

  10. Lars Hermerschmidt Chair of Software Engineering Using MontiCoder RWTH Aachen Slide 10 Language Developer 1. Define output grammar and encoding table 2. Generate parser and unparser which include Context-Sensitive (de/en)coding Language user a.k.a. application developer 1. Construct an AST for the output document a) Create parsable template b) Parse template to preinitialized AST 2. Add untrusted user data to AST nodes 3. Run generated MontiCoder unparser

  11. Lars Hermerschmidt Chair of Software Engineering Case Study: HTML and JavaScript RWTH Aachen Slide 11  Implemented grammars and encoding tables for HTML and JavaScript  Web Application uses generated unparser  Performed XSS Scan with OWASP ZAP and FuzzDB • found no XSS  Manual penetration test • found error in one encoding table definition (<script> = <Script>) • added options: case-insensitive, ignore whitespaces

  12. Lars Hermerschmidt Chair of Software Engineering Conclusion RWTH Aachen Slide 12  Injection attacks arise from unparsing without encoding  Encoding is a language property • defined by encoding table per grammar token  MontiCoder: Derive context-sensitive encoder from it's definition within the grammar • NOT yet another HTML, JavaScript encoder  Templates considered harmful • Directly putting untrusted data into output • Context within the output is lost  Stop using IO APIs which have no idea of correct encoding • e.g. System.out.printl()

  13. Lars Hermerschmidt Chair of Software Engineering RWTH Aachen Slide 13 Thank You Comments? Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device

www.unique-project.eu Exchange of security-critical data Computing Device Computing Device generates, stores and processes security-critical information 2 PUFs: Myth, Fact or Busted? CHES 2012 However: Cryptographic secrets can be leaked

443 views • 26 slides
Data Exchange Formats Data Manipulation in Python 1 / 7 Data Exchange Formats XML A

Data Exchange Formats Data Manipulation in Python 1 / 7 Data Exchange Formats XML A

Data Exchange Formats Data Manipulation in Python 1 / 7 Data Exchange Formats XML A verbose textual representation of trees JSON JavaScript Object notation like a Python dict 2 / 7 XML Format people.xml: &lt;?xml

75 views • 7 slides
CHSP Advisory Group 6 April 2016 Data Exchange 1 Principles of the Data Exchange Reduce red

CHSP Advisory Group 6 April 2016 Data Exchange 1 Principles of the Data Exchange Reduce red

Data Exchange CHSP Advisory Group 6 April 2016 Data Exchange 1 Principles of the Data Exchange Reduce red tape Shift focus of reporting to demonstrate outcomes as well as outputs Work collaboratively with organisations to support

400 views • 35 slides
1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

1 Connection Establishment Data Exchange Clients connect to an SSH server on port Once

Where in the stack is security? Attacks can be targeted at any layer of the 16: protocol stack Application layer: Password and data sniffing, Forged Exploits and Defenses Up and transactions, Security holes, Buffer Overflows?

1.15k views • 9 slides
Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange

Cryptography Provable Security Encryption Assumptions Security of Communications What Can Cryptography Guarantee? One ever wanted to exchange information securely Que peut nous garantir la cryptographie ? With the all-digital world, security

190 views • 4 slides
HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data Security February 2016 Data Security Impacts Design and Delivery of Big Data Projects Data Security frequently is a leading Role Security Impacts

545 views • 23 slides
q.Datum Data Exchange The marketplace for big data Data is the new oil of the Internet and the

q.Datum Data Exchange The marketplace for big data Data is the new oil of the Internet and the

q.Datum Data Exchange The marketplace for big data Data is the new oil of the Internet and the new currency of the digital world . World Economic Forum 1 Problem: access to big data Data accessed &amp; analyzed Data in organizations

543 views • 30 slides
Internet Control Plane Security Yongdae Kim KAIST Two Planes Data Plane: Actual data

Internet Control Plane Security Yongdae Kim KAIST Two Planes Data Plane: Actual data

Internet Control Plane Security Yongdae Kim KAIST Two Planes Data Plane: Actual data delivery Control Plane To support data delivery (efficiently, reliably, and etc.) Routing information exchange In some sense, every protocol

396 views • 39 slides
CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1

Diffie-Hellman key exchange Secure against passive eavesdropping but insecure against a man-in-the-middle attack CS 4803 Computer and Network Security Alexandra (Sasha) Boldyreva Authenticated key exchange 1 2 Adding key

492 views • 5 slides
Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig Network Security Group ETH Zrich 1 Why worry about Big Data Security? Security is well understood and well handled! Really? 2 Problem

360 views • 16 slides
Data exchange in health analytics Steve Millward Chief Analytics Officer 22 October 2018 HISA

Data exchange in health analytics Steve Millward Chief Analytics Officer 22 October 2018 HISA

Data exchange in health analytics Steve Millward Chief Analytics Officer 22 October 2018 HISA Contents 1. The case for greater liquidity in data 2. Examples of data exchange in the health sector 3. Components required for safe data exchange

446 views • 28 slides
Data Integration and Exchange: Course info Mondays, 11:10-13:00, FH 1B01 (at least for now)

Data Integration and Exchange: Course info Mondays, 11:10-13:00, FH 1B01 (at least for now)

Data Integration and Exchange: Course info Mondays, 11:10-13:00, FH 1B01 (at least for now) Prerequisites: Database Systems Text: For data integration: none (because there isnt one...) For data exchange: Relational and XML

69 views • 6 slides
Software languages for data exchange systems L. Thomas van Binsbergen 1 1 Centrum Wiskunde &amp;

Software languages for data exchange systems L. Thomas van Binsbergen 1 1 Centrum Wiskunde &amp;

Software languages for data exchange systems L. Thomas van Binsbergen 1 1 Centrum Wiskunde &amp; Informatica l.t.van.binsbergen@cwi.nl April 2020 Section 1 Norm-aware, distributed software systems Regulated data exchange : Data exchange systems

725 views • 51 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
Data Cleaning for Data Integration Advanced School on Data Exchange, Integration, and Streams

Data Cleaning for Data Integration Advanced School on Data Exchange, Integration, and Streams

Data Cleaning for Data Integration Advanced School on Data Exchange, Integration, and Streams (DEIS) Ekaterini Ioannou Tuesday, 9 th of Nov. 2010, Schloss Dagstuhl Problem overview Data integration: Combine data from various

806 views • 41 slides
Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows

Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows

Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows programmatic buying of Facebook ad inventory through real-time bidding. Agencies, trading desks and direct marketers can buy Facebook ads using

343 views • 7 slides
SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript PLRG@KAIST Hongki Lee , Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu Contents Introduction Big Picture Formal Specification

631 views • 25 slides
Lecture 8 and 9 Program Differencing EE382V Software Evolution: Spring 2009, Instructor Miryung

Lecture 8 and 9 Program Differencing EE382V Software Evolution: Spring 2009, Instructor Miryung

Lecture 8 and 9 Program Differencing EE382V Software Evolution: Spring 2009, Instructor Miryung Kim Agenda - Lecture 8 and 9 Motivation for Program Differencing Techniques Problem Definition: What is a Program Differencing Problem?

833 views • 50 slides
A Gallina Subset for C Extraction of Non-structural Recursion Akira Tanaka National Institute of

A Gallina Subset for C Extraction of Non-structural Recursion Akira Tanaka National Institute of

A Gallina Subset for C Extraction of Non-structural Recursion Akira Tanaka National Institute of Advanced Industrial Science and Technology (AIST) 2019-09-08 Outline Our C code generator and its problem Verification of AST including NSR

868 views • 48 slides
Ultrafast magnetization dynamics: U t a ast ag et at o dy a cs the role of angular momentum

Ultrafast magnetization dynamics: U t a ast ag et at o dy a cs the role of angular momentum

Ultrafast magnetization dynamics: U t a ast ag et at o dy a cs the role of angular momentum Andrei Kirilyuk Radboud University Nijmegen The Netherlands Radboud University Nijmegen, The Netherlands Radboud University Nijmegen 1 Andrei

493 views • 46 slides
Migrating HLint to the GHC API Neil Mitchell ndmitchell.com What is HLint? A tool for

Migrating HLint to the GHC API Neil Mitchell ndmitchell.com What is HLint? A tool for

Migrating HLint to the GHC API Neil Mitchell ndmitchell.com What is HLint? A tool for suggesting possible improvements to Haskell code. https://github.com/ndmitchell/hlint $ hlint darcs-2.1.2 darcs-2.1.2\src\CmdLine.lhs:94:1: Warning:

684 views • 49 slides
SENSE PARSING BROAD in a 3.1 Two classes of parsing methods 117 3.1 Two classes of parsing

SENSE PARSING BROAD in a 3.1 Two classes of parsing methods 117 3.1 Two classes of parsing

553 views • 40 slides
AST 1420 Galactic Structure and Dynamics M51 Cen A NGC 1300 M81 NGC 3923 Why study galaxies?

AST 1420 Galactic Structure and Dynamics M51 Cen A NGC 1300 M81 NGC 3923 Why study galaxies?

AST 1420 Galactic Structure and Dynamics M51 Cen A NGC 1300 M81 NGC 3923 Why study galaxies? Fascinating cosmic objects! Great application of fundamental physics: GR: galaxy formation in expanding Universe; Newtonian gravity

662 views • 62 slides
Faculty Early Career Development (CAREER) Program Program Solicitation NSF 15-555 For

Faculty Early Career Development (CAREER) Program Program Solicitation NSF 15-555 For

Faculty Early Career Development (CAREER) Program Program Solicitation NSF 15-555 For questions not answered during the May 26 webinar, please ask the appropriate Divisional contact found at

643 views • 37 slides

More recommend