Secure Software Development: Theory and Practice

Slides:



Advertisements
Similar presentations
12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper.
Advertisements

Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.
Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Control hijacking attacks Attacker’s goal: – Take over target machine (e.g. web server) Execute arbitrary code on target by hijacking application control.
CS252: Systems Programming Ninghui Li Final Exam Review.
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer Brett Hodges April 8, 2010.
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Approaches to Application Security – DSM
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Computer Security and Penetration Testing
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Problem of the Day  Why are manhole covers round?
Highly Scalable Distributed Dataflow Analysis Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan Chelsea LeBlancTodd.
Operating Systems Security
Shellcode Development -Femi Oloyede -Pallavi Murudkar.
Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.
A Survey on Runtime Smashed Stack Detection 坂井研究室 M 豊島隆志.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
Announcements You will receive your scores back for Assignment 2 this week. You will have an opportunity to correct your code and resubmit it for partial.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Classic Buffer OVERFLOW ATTACKS CSCE 548 Student Presentation Mouiad Al Wahah.
Memory-Related Perils and Pitfalls in C
Content Coverity Static Analysis Use cases of Coverity Examples
Let’s look at an example
Secure Programming Dr. X
Secure Coding Techniques
Shellcode COSC 480 Presentation Alison Buben.
Overflows Mark Shtern.
Mitigation against Buffer Overflow Attacks
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Application Communities
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Protecting Memory What is there to protect in memory?
Introduction to Information Security
The Hardware/Software Interface CSE351 Winter 2013
Protecting Memory What is there to protect in memory?
Secure Programming Dr. X
Module 30 (Unix/Linux Security Issues II)
Protecting Memory What is there to protect in memory?
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2016.
CSCE 548 Secure Software Development Final Exam – Review 2016
CSC 495/583 Topics of Software Security Stack Overflows (2)
MobiSys 2017 Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation Qiang Zeng joint work with Lannan.
CMSC 414 Computer and Network Security Lecture 21
High Coverage Detection of Input-Related Security Faults
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
AdaCore Technologies for Cyber Security
Software Security Lesson Introduction
Smashing the Stack for Fun and Profit
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2009.
Introduction to Static Analyzer
CS5123 Software Validation and Quality Assurance
Understanding and Preventing Buffer Overflow Attacks in Unix
System and Cyber Security
Sampling Dynamic Dataflow Analyses
Presentation transcript:

Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] Secure Software Development: Theory and Practice *Some slides are borrowed from Dan Boneh and John Mitchell

Software Security is a major problem!

Why writing secure code is hard?

Software bugs cost US economy $59.5 billion annually (NIST)

Not all bugs are equal! VS. Security bugs Benign functional bugs Why are security bugs more dangerous than other bugs?

Why security bugs are more dangerous? Security bugs allow attackers to cause serious damages: take over machines remotely, steal secrets, etc. malicious input Get root shell victim computer attacker

How do we deal with security bugs? Automatically find and fix bugs Monitor a system at runtime to detect and prevent exploits of bugs Accept that programs will have bugs and design the system to minimize damages Example: Sandboxes, privilege separation Topics of this class

Theory of bug finding

Automated bug detection: main challenges int main (int x, int y) { if (2*y!=x) return -1; if (x>y+10) Return -1; …. … /* buggy code*/ } What values of x and y will cause the program to reach here 1. Too many paths (may be infinite) 2. How will program analyzer find inputs that will reach different parts of code to be tested?

Automated bug detection: two options Static analysis Inspect code or run automated method to find errors or gain confidence about their absence Try to aggregate the program behavior over a large number of paths without enumerating them explicitly Dynamic analysis Run code, possibly under instrumented conditions, to see if there are likely problems Enumerate paths but avoid redundant ones

Static vs dynamic analysis Can consider all possible inputs Find bugs and vulnerabilities Can prove absence of bugs, in some cases Dynamic Need to choose sample test input Can find bugs and vulnerabilities Cannot prove their absence

Practice of bug finding

Popular classes of security bugs Memory corruption attacks

Memory corruption attacks Attacker’s goal: Take over target machine (e.g., web server) Execute arbitrary code on target by hijacking application control flow leveraging memory corruption Examples. Buffer overflow attacks Integer overflow attacks Format string vulnerabilities

What is needed Understanding C functions, the stack, and the heap. Know how system calls are made The exec() system call Attacker needs to know which CPU and OS used on the target machine: Our examples are for x86 running Linux or Windows Details vary slightly between CPUs and OSs: Little endian vs. big endian (x86 vs. Motorola) Stack Frame structure (Unix vs. Windows)

How to avoid buffer overflows? Rewrite software in a type safe language (Java, Rust) Difficult for existing (legacy) code … Use safer functions like strncpy instead of strcpy Developer may make mistakes Confusing semantics for terminating NULL characters Automatically find them Static analysis tools: Coverity, CodeSoner... Dynamic analysis tools: AFL, libfuzzer... More details about detection techniques later in the semester

Structure of the class Memory corruption 1. Control & data flow analysis 2. Symbolic Execution 3. Fuzzing Memory corruption attacks Web Attacks: XSS, SQL injection, and CSRF Program analysis Fundamentals Semantic/logic bugs Side channel leaks DOS attack vectors Build tools for detecting classes of bugs Different classes of security bugs

Logistics Class webpage http://sumanj.info/secure_sw_devel.html TAs: Eugene Ang and Plaban Mohanty) Reading No text book, slides, and one/two papers per class Grading : Quizzes/programming assignments - 35% Midterm - 30% Group Project (3-4 students) - 30% Class participation - 5%

Summary In this class you will learn about: 1. Different classes of security bugs and their implications 2. State-of-the art of bug finding techniques 3. Using and customizing existing bug finding tools