Understanding and Countering Insider Threats In Software Development - - PowerPoint PPT Presentation

1 of 25 slides

Understanding and Countering Insider Threats In Software Development

Michael Franz University of California, Irvine

Presented by Ivan Hristov Department of Computer Science Dresden University of Technology

Winter Semester 2008

iv.hristov@yahoo.com

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 2 of 25 slides

Part I Presentation

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 3 of 25 slides

”Bug or feature?”

Bugs - bad mistakes or good profit

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 4 of 25 slides

Bugs can be power!

”Ispa Scientia Potestas Est - Knowledge is power.” Sir Francis Bacon

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 5 of 25 slides

The Problem

We live in a chaos!

There are bad guys that want bugs!

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 6 of 25 slides

Aim(s)

What for?

“zombie farms” phishing governmental back doors

• ther purposes

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 7 of 25 slides

Conspiracy theory

Trojan horse

$50 billion dollars industry espionage, “moles” “protection”

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 8 of 25 slides

Sources of software bugs

Important aspects to consider

”doors behind the back doors” stocks always matter

• utsourcing

how well your company treats you the good old friend Buddy

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 9 of 25 slides

Open source utopia

Some problems

• Lack of resources
• “Untraceability”
• Open source

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 10 of 25 slides

Author’s Solution

The idea

Fault tolerance mechanism through Versioning Parallelism Consistency check

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 11 of 25 slides

Author’s Approach

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 12 of 25 slides

Problem subset

What’s treated?

1st arbitrary code execution 2nd specific input

What’s NOT treated?

covert channels ”time bombs”

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 13 of 25 slides

Use case

Scenario

buffer overflows specific input ”out-of-specification” behavior knowledge determinism

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 14 of 25 slides

Existing defense strategies

Basic idea

Ruin the attacker’s knowledge determinism

Drawback

Randomization is difficult

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 15 of 25 slides

Proposed defense strategy

Improvement

slightly different versions parallelism monitoring

• ptionally - randomization

Basic idea

One specific input is meaningful to only one program version

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 16 of 25 slides

Basic Idea

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 17 of 25 slides

Basic Idea

Two variants of the same program.[Fra08]

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 18 of 25 slides

Additional variation

Where?

register reallocation heap randomization code relocation OS Entry Point Randomization

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 19 of 25 slides

Checkpointing - take the shortcut

Overall process

1st identical inputs 2nd behavior synchronization 3rd internal states monitoring

How far do you trust your OS?

OS calls as synch points

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 19 of 25 slides

Checkpointing - take the shortcut

Overall process

1st identical inputs 2nd behavior synchronization 3rd internal states monitoring

How far do you trust your OS?

OS calls as synch points

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 20 of 25 slides

Checkpointing - stay on the safe side

Trusted Computing

1st trusted hypervisor 2nd hardware component 3nd additional registers

Cost?

0.001% of the total CPU transistor amount

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 20 of 25 slides

Checkpointing - stay on the safe side

Trusted Computing

1st trusted hypervisor 2nd hardware component 3nd additional registers

Cost?

0.001% of the total CPU transistor amount

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 21 of 25 slides

Slightly Different Versions

HOWTO create multiple versions?

HW virtualization storage address remappings hypervisor on-demand code translation

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 22 of 25 slides

Overall architecture

Trusted Code Base

TCB is a hypervisor.[Fra08]

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 23 of 25 slides

Some discussion points

Does virtualization equate panacea? What type of cost is the important one? Checkpoint protocols scheduling?

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

24 of 25 slides

Part II References

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

25 of 25 slides

Michael Franz. Understanding and countering insider threats in software development. International MCETECH Conference, pages 81–90, 2008.

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

25 of 25 slides

Part III Questions?

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine