Software security, secure programming

Similar documents
Software Security II: Memory Errors - Attacks & Defenses

SoK: Eternal War in Memory

Software Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen

Making C Less Dangerous

in memory: an evolution of attacks Mathias Payer Purdue University

CSCE 548 Building Secure Software Buffer Overflow. Professor Lisa Luo Spring 2018

Software Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen

Software Security: Buffer Overflow Attacks

CSCE 548 Building Secure Software Integers & Integer-related Attacks & Format String Attacks. Professor Lisa Luo Spring 2018

CS 6V Control-Flow Integrity Principles, Implementations, and Applications. Sureshbabu Murugesan

Outline. Format string attack layout. Null pointer dereference

Beyond Stack Smashing: Recent Advances in Exploiting. Jonathan Pincus(MSR) and Brandon Baker (MS)

Preventing Use-after-free with Dangling Pointers Nullification

CSE 127 Computer Security

Secure Programming Lecture 6: Memory Corruption IV (Countermeasures)

Software Security: Buffer Overflow Defenses and Miscellaneous

Software Security: Buffer Overflow Defenses

Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox

The first Secure Programming Laboratory will be today! 3pm-6pm in Forrest Hill labs 1.B31, 1.B32.

Exploits and gdb. Tutorial 5

CSE 565 Computer Security Fall 2018

CSE 127 Computer Security

SafeRiver SME. Added Value Solutions for Embedded Systems. Tools for FuSa and Software Security. Packaged Services. CIR agreed

CSE 127 Computer Security

Runtime Defenses against Memory Corruption

EURECOM 6/2/2012 SYSTEM SECURITY Σ

CIS 4360 Secure Computer Systems. Integers

CS 161 Computer Security

CSC 591 Systems Attacks and Defenses Stack Canaries & ASLR

Buffer Overflow Defenses

Inject malicious code Call any library functions Modify the original code

Identifying Memory Corruption Bugs with Compiler Instrumentations. 이병영 ( 조지아공과대학교

Introduction to Information Security. Secure Coding Sang Kil Cha

Security and Exploit Mitigation. CMSC Spring 2016 Lawrence Sebald

Applications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)

COMP3441 Lecture 7: Software Vulnerabilities

Outline. Heap meta-data. Non-control data overwrite

Static Analysis methods and tools An industrial study. Pär Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU

Software Security: Buffer Overflow Attacks (continued)

Inline Reference Monitoring Techniques

Changelog. Corrections made in this version not in first posting: 1 April 2017: slide 13: a few more %c s would be needed to skip format string part

Stack Overflow. Faculty Workshop on Cyber Security May 23, 2012

Memory Safety (cont d) Software Security

Undefined Behaviour in C

Lecture 08 Control-flow Hijacking Defenses

Secure Programming I. Steven M. Bellovin September 28,

Stack Bounds Protection with Low Fat Pointers

Module: Return-oriented Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Buffer overflow prevention, and other attacks

Trends in Open Source Security. FOSDEM 2013 Florian Weimer Red Hat Product Security Team

Advanced Buffer Overflow

Simple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;

Software Vulnerabilities August 31, 2011 / CS261 Computer Security

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review

18-642: Code Style for Compilers

Lecture 9 Assertions and Error Handling CS240

CS 161 Computer Security

Module: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

EURECOM 6/2/2012 SYSTEM SECURITY Σ

Memory corruption countermeasures

Secure Programming Lecture 5: Memory Corruption III (Countermeasures)

Advanced Buffer Overflow

QPSI. Qualcomm Technologies Countermeasures Update

CSE 127: Computer Security. Memory Integrity. Kirill Levchenko

IntFlow: Integer Error Handling With Information Flow Tracking

Programming in C. Lecture 9: Tooling. Dr Neel Krishnaswami. Michaelmas Term

CSc 466/566. Computer Security. 20 : Operating Systems Application Security

Bypassing AddressSanitizer

Countermeasures in Modern Operating Systems. Yves Younan, Vulnerability Research Team (VRT)

Black Hat Webcast Series. C/C++ AppSec in 2014

SoK: Eternal War in Memory Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song In: Oakland 14

C and C++ Secure Coding 4-day course. Syllabus

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

New features in AddressSanitizer. LLVM developer meeting Nov 7, 2013 Alexey Samsonov, Kostya Serebryany

One-Slide Summary. Lecture Outline. Language Security

logistics: ROP assignment

This exam contains 8 pages (including this cover page) and 4 questions. Once we tell you to start, please check that no pages are missing.

System Administration and Network Security

Adaptive Android Kernel Live Patching

Inference of Memory Bounds

Engineering Your Software For Attack

This exam contains 7 pages (including this cover page) and 4 questions. Once we tell you to start, please check that no pages are missing.

Buffer overflow risks have been known for over 30 years. Is it still a problem? Try searching at to see.

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 2

Secure Programming Lecture 13: Static Analysis

Determining the Fundamental Basis of Software Vulnerabilities. Larry Wagoner NSA

HA2lloc: Hardware-Assisted Secure Allocator

Introduction to Information Security. Security Threat & Secure Coding Sang Kil Cha

Lecture 2: C Programm

System Security Class Notes 09/23/2013

Security Issues Formalization

CSE 12 Spring 2016 Week One, Lecture Two

SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER

Return-orientated Programming

Software Security (cont.): Defenses, Adv. Attacks, & More

Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?

Program Security and Vulnerabilities Class 2

Module: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Exploit Mitigation - PIE

CMPSC 497 Buffer Overflow Vulnerabilities

Transcription:

Software security, secure programming Lecture 4: Protecting your code against software vulnerabilities? (overview) Master on Cybersecurity Master MoSiG Academic Year 2017-2018

Preamble Bad news several (widely used!) programming languages are unsecure... codes are likely to contain vulnerabilities some of them can be exploited by an attacker... Good news Ther exists some protections to make attacket s life harder! 3 categories of protections: from the programmer (and/or programming language) itself from the compiler / interpreter from the execution plateform 2 / 10

Outline Programmer s level protections Compilers level protections Plateform level protections

Step 1: Know the threats... Most language level vulnerabilities are well-known! CWE (Common Weakness Enumeration) https://cwe.mitre.org/ a community-developed list of common software security weaknesses common language + a measuring stick for software security tools a baseline for weakness identification, mitigation, and prevention efforts Ex: CWE-131 (Incorrect Calculation of Buffer Size) (CVE (Common Vulnerabilities and Exposures) https://cve.mitre.org/ An (exhaustive?) open list of all the publicly known soft. vulnerabilities provides a common name & a standardized description Ex: CVE-2017-12705 (A Heap-Based Buffer Overflow in Advantech WebOP). CAPEC (Common Attack Pattern Enumeration and Classification) https://capec.mitre.org/ A comprehensive dictionary and classification taxonomy of known attacks Attack scenario, the attacker perspective (means, gains), possible protections a design pattern of an attack Ex: CAPEC-100 (Overflow Buffers) 3 / 10

Step 2: and avoid the traps! The CERT coding standarts https://www.securecoding.cert.org/ covers several languages: C, C++, Java, etc. rules + examples of non-compliant code + examples of solutions undefined behaviors etc. Microsoft banned function calls ANSSI recommendations JavaSec LaFoSec (Ocaml, F#, Scala) Use of secure libraries Strsafe.h (Microsoft) guarantee null-termination and bound to dest size libsafe.h (GNU/Linux) no overflow beyond current stack frame etc. Etc. (a lot of available references about secure coding... ) 4 / 10

CERT coding standarts - Example 1 INT30-C. Ensure that unsigned integer operations do not wrap Example of non compliant code void func(unsigned int ui_a, unsigned int ui_b) { unsigned int usum = ui_a + ui_b; /*... */ } Example of compliant code void func(unsigned int ui_a, unsigned int ui_b) { unsigned int usum = ui_a + ui_b; if (usum < ui_a) { /* Handle error */ } /*... */ } 5 / 10

char *init_block(size_t block_size, size_t offset, char *data, size_t data_size) { char *buffer = malloc(block_size); if (NULL == buffer) { /* Handle error */ } if (data_size > block_size block_size - data_size < offset) { /* Data won t fit in buffer, handle error */ } memcpy(buffer + offset, data, data_size); return buffer; } 6 / 10 CERT coding standarts - Example 2 ARR30-C. Do not form or use out-of-bounds pointers or array subscripts Example of non compliant code char *init_block(size_t block_size, size_t offset, char *data, size_t data_size) { char *buffer = malloc(block_size); if (data_size > block_size block_size - data_size < offset) { /* Data won t fit in buffer, handle error */ } memcpy(buffer + offset, data, data_size); return buffer; Example of compliant code

Code validation Several tools can also help to detect code vulnerabilities... Dynamic code analysis Instruments the code to detect runtime errors (beyond language semantics!) invalid memory access (buffer overflow, use-after-free) uninitialized variables etc. No false positive, but runtime overhead ( testing) Tools: Purify, Valgrind, AddressSanitizer, etc. Static code analysis Infer some (over)-approximation of the program behaviour uninitialized variables value analysis (e.g., array access out of bounds) pointer aliasing etc. No false negative, but sometimes inconclusive... Tools: Frama-C, Polyspace, CodeSonar, Fortify, etc. 7 / 10

Outline Programmer s level protections Compilers level protections Plateform level protections

Compilers may help for code protection Most compilers offer compilation options to help mitigating the effect of vulnerable code... automatically generate extra code to enforce security Examples (see E. Poll slides on the course web page) stack protection stack layout canaries (e.g, gcc stack protector http://wiki.osdev.org/stack_smashing_protector) shadow stack for return addresses control-flow integrity (e.g., clang CFI, Java)... pointer protection pointer encryption (PointGuard) smart pointers (C++)... no undefined behavior e.g., enforce wrap around for unsigned int in C (-fno-strict-overflow, -fwrapv) etc. 8 / 10

Outline Programmer s level protections Compilers level protections Plateform level protections

Some more generic protections from the execution plateform General purposes operating systems (Linux, Windows, etc.) Memory layout randomization (ASLR) attacker needs to know precise memory addresses make this address random (and changing at each execution) no (easy) way to guess the current layout on a remote machine... Non executable memory zone (NX, W X, DEP) basic attacks execute code from the data zone distinguish between: memory for the code (executable, not Writeable) memory for the data (Writable, not executable) Example: make the execution stack non executable... Rks: exists other dedicated protections for specific plateforms: e.g., JavaCard, Android, embedded systems,... exists also hardware level protections: e.g., Intel SGC, ARM TrustZone, etc. 9 / 10

Conclusion numerous protections to avoid / mitigate vulnerability exploitations several protection levels code, verification tools, compilers, plateforms they allow to (partially) mitigate most known programming languages weaknesses (e.g., C/C++) they still require programmers skills and concerns even if they make attackers life harder...... they can still be bypassed! an endless game between attackers and defenders! 10 / 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback