Secure Programming for Fun and Profit

Size: px

Start display at page:

Download "Secure Programming for Fun and Profit"

Harriet Hall
6 years ago
Views:

1 Secure Programming for Fun and Profit (Real World Experiences in Secure Programming) Scott D. Miller Security Analyst Arxan Research, Inc. Doctoral Student in CS Advisors: Aditya Mathur; Ray DeCarlo January 10, 2006 Survey of interesting secure programming examples 1

2 Build a Better Mousetrap For most, it s a game. Much ego involved Secure programming boils down to Enforcing access policy E.g. code execution rights Anti-tamper/tamper detection Protection of intellectual property January 10, 2006 Survey of interesting secure programming examples 2

3 Attacker Objectives Network-based attacks Unauthorized code execution Key reconstruction Malicious users Circumventing digital rights management Cracking (Red-team) and unauthorized distribution Well-funded nation and corporate adversaries Tampering and unadvertised functionality Recovery of sensitive IP January 10, 2006 Survey of interesting secure programming examples 3

4 Attack Method Analysis of Software Code Statistical properties Disassembling Analysis of Running Software Timing/Power Analysis Debugging and Emulating Injection/Modification of Code Patching, loading libraries, etc. Stimulation with malicious data Buffer overflows, unexpected values January 10, 2006 Survey of interesting secure programming examples 4

5 Some Interesting Scenarios Secure Programming Examples in Industry January 10, 2006 Survey of interesting secure programming examples 5

6 Code Injection Unexpected injection mechanisms Through social engineering (old BBS days.) Through the context menu! When prevention fails, use detection Statistical profiling of system calls can be effective [For97, Hof98, Mic02, Mar00]. (U.S. Air Force proposal.) January 10, 2006 Survey of interesting secure programming examples 6

7 Vulnerability Broadcasting Consider a security patch to Apache, IE, etc. Diff the patched vs. un-patched version. How many people put off downloading security updates? Obfuscation and execution path randomization can hide the patch from static and dynamic analysis (funded in part by U.S. Air Force.) January 10, 2006 Survey of interesting secure programming examples 7

8 Interesting Obfuscation Eventually, they will get the code [And96]. Remember the U.S. fighter jet s emergency landing in China? Obfuscating to match statistical code properties. Through numerical transforms Data splitting (funded in part by U.S. Army.) January 10, 2006 Survey of interesting secure programming examples 8

9 Our Approach Program with Sensitive Content λ;κϕ;λκϕ;λκ ;λϕκ;λκϕ;λϕκ;λ ;λκϕ;λκϕ;λ Τσαδ ;λκϕ;λϕκγηϕηα ιοϕηλϕκ Ασδφαωδω Ασδφσα ϕ Λκϕλ;κϕ σωεερ ;λκϕ ωθερωθω λ;κϕ;λκϕ;λκ θωερ ;λϕκ;λκϕ;λϕκ;λ Τσαδ ;λκϕ;λκϕ;λ ιοϕηλϕκ ;λκϕ;λϕκγηϕηα Ασδφαωδω Λκϕλ;κϕ Ασδφσα ;λκϕ Σα λ;κϕ;λκϕ;λκ Σαδφσφαδσδα ασδφασδφασδφ ;λϕκ;λκϕ;λϕκ;λ ;λκϕ;λκϕ;λ σδαφασδφασδφ ;λκϕ;λϕκγηϕηα σωεερ Ασδφαωδω σαδφασδφ σδαφασδφασδφ ωθερωθω σωεερ θωερ Θωερθωε σαδφασδφ Θωερθωε λ;ϕλκ λ;ϕλκϕ Non-sensitive Program Sensitive Program λ;κϕ;λκϕ;λκ ;λϕκ;λκϕ;λϕκ;λ ;λκϕ;λκϕ;λ ;λκϕ;λϕκγηϕηα Ασδφαωδω Ασδφσα σωεερ ωθερωθω θωερ January 10, 2006 Survey of interesting secure programming examples 9

10 Non-performance degrading AT For real-time systems (e.g. OSD Anti tamper requirements on all new weapons systems.) Security co-processors in FPGA (funded in part by Missile Defense Agency.) January 10, 2006 Survey of interesting secure programming examples 10

11 Our Approach Anti-tamper Sensitive Components Software RAM Anti-tamper Components FPGA CPU Peripherals January 10, 2006 Survey of interesting secure programming examples 11

12 FPGA-Aided Encryption Protection Encrypted Decrypted CPU Protected Program Decryption Start Trigger Unprotected FPGA Encryption Start Trigger January 10, 2006 Survey of interesting secure programming examples 12

13 Summary There is no shortage of work for Secure Programming Commercial, too (e.g. Microsoft, Boeing, Lockheed Martin, etc.) The threats are ever-evolving Never do the same thing twice! January 10, 2006 Survey of interesting secure programming examples 13

14 ?Questions? January 10, 2006 Survey of interesting secure programming examples 14

15 References [And96] Anderson, R., and M. Kuhn. Tamper Resistance A Cautionary Note. Proc. of Second Usenix Workshop on Electronic Commerce, Oakland, CA, Nov. 1996: [For97] Stephanie Forrest, Steven A. Hofmeyr, and Anil Somayaji. Computer Immunology, Communications of the ACM, Vol. 40, No. 10, 1997, pp [Hof98] Steven A. Hofmeyr, Anil Somayaji, and Stephanie Forrest. Intrusion detection using sequences of system calls. Journal of Computer Security, Vol. 6, 1998, pages [Mar00] Carla Marceau, Characterizing the behavior of a program using multiple-length N-grams, Proceedings of the 2000 workshop on New security paradigms, September 2000, Ballycotton, County Cork, Ireland, pages [Mic02] Christoph C. Michael, Anup K. Ghosh: Simple, state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur. Vol. 5, no. 3, 2002, pages January 10, 2006 Survey of interesting secure programming examples 15

The Evolution of System-call Monitoring

The Evolution of System-call Monitoring Stephanie Forrest Steven Hofmeyr Anil Somayaji December, 2008 Outline of Talk A sense of self for Unix processes (Review) Emphasize method rather than results Evolutionary