Heartbleed Bug. Anthony Postiglione. Department of Electrical & Computer Engineering Missouri University of Science and Technology

Transcription

1 Heartbleed Bug Anthony Postiglione Department of Electrical & Computer Engineering Missouri University of Science and Technology rev. 14.0

2 Introduction What is Heartbleed? Discovery Presentation Overview Outline Why wasn t it detected earlier? Difficulty in testing Testing methodology Preventative measures Software implementations Legal liability Presentation Overview 2

3 What is Heartbleed? Vulnerability in OpenSSL Formally identified as CVE Originated in RFC 6520 Transport Layer Security and Datagram Transport Layer Security Heartbeat Extension. What is Heartbleed? 3

4 What is Heartbleed? Heartbeat Heartbeat introduced in OpenSSL Concept of low-cost, keep-alive mechanism for TLS layer What is the issue? Eventually fixed in 1.0.1g About two years later, April What is Heartbleed? 4

5 Issue with Heartbeat 4 April [Ref:

6 The Fix [Ref: CDF+2014] 6

7 Discovery Google Security Team and Codenomicon ~17% of worlds servers were vulnerable Method of testing OpenSSL when bug was released was unknown Discovery 7

8 Discovery Why wasn t Heartbleed discovered sooner? Misconception about open source Higher funder for open source projects Testing Limitations Static Analysis Code not designed for simplicity Inherent difficulties in the complexity of OpenSSL Source Code Weakness Analyzer Fuzzing Discovery 8

9 Open SSL Complexity and Static Use of Pointers Analysis Multiple levels of indirection Complexity of the execution path Buffers are cached and reused Makes it difficult for tool to identify invalid uses Joe Miner Valid bytes of TLS messages are a subset of allocated buffer Requires tool to track boundaries of buffer Contents of buffer don t appear to come directly from the attacker Open SSL Complexity and Static Analysis 9

10 Fuzzing Compiled and tested Monitored for known bad states Application crash Poor penetration for complex protocols Fuzzing 10

11 Fuzzing [Ref: CDF+2014] Fuzzing 11

12 Preventative Measures, Software Debug Heap (address protection) Can work with input fuzzing Negative testing Focused manual spotchecking Validating untrusted input fields Context-configured source code weakness analyzer Full multi-implementation branch coverage Preventative Measures, Software 12

13 Preventative Measures, Software Using a safer language OpenSSL uses C Large expense Thorough human review Takes significant effort and expertise Preventative Measures, Software 13

14 Preventative Measures, Formal Mathematically rigorous techniques and tools for the specification, design, and verification of software and hardware systems [W2014] Simplify the code and its API Allocate and deallocate memory normally Use a standard free/libre/open source software (FLOSS) license Create a FLOSS SSL/TLS test suite combining several of the mentioned approaches Preventative Measures, Formal 14

15 Preventative Measures, Legal Three Laws [GK2014] Absolutely Secure Systems do not exist To halve your vulnerability, you must have to double your expenditure Cryptography is typically bypassed, not penetrated. Complexity today may make it impossible to provide security assurance Potential for security through obscurity Rethinking software liability Preventative Measures, Legal 15

16 Preventative Measures, Legal How are other disruptive mass-market technologies treated? Rapid adoption Regulation Software regulation is coming in due time In hopes to increase safety, quality, and clarify security roles/responsabilities Increasing role of software in everyday life Preventative Measures, Legal 16

17 Software Liability Proposal Consult criminal code to see if damage caused was due to intent or willfulness If you deliver software with complete and buildable source code and a license that allows disabling any functionality or code the licensee decides, liability will only be a refund In any other case, liable for whatever damage the software causes when it s used normally [GK2014] Software Liability 17

18 Conclusion Heartbleed OpenSSL complexity concerns More complete and rigorous testing Changes to software liability Conclusion 18

19 References and Further Reading [CDF+2014] Marco Carvalho, Jared DeMott, Richard Ford, and David A. Wheeler, Heartbleed 101, IEEE Security and Privacy, Volume 12, Issue 4, pp , July/August [W2014] David A. Wheeler, Preventing Heartbleed, IEEE Computer, Volume 47, Issue 8, pp , August [GK2014] Daniel E. Geer Jr., and Poul-Henning Kamp, Inviting More Heartbleed, IEEE Security and Privacy, Volume 12, Issue 4, pp , July/August References and Further Reading 19

20 End of Foils End 20