Presentation is loading. Please wait.

Presentation is loading. Please wait.

September 10 th, 20011 POSSE Portable Open Source Security Elements Jonathan M. Smith University of Pennsylvania

Published byJulien Wilkens Modified over 10 years ago

Similar presentations

Presentation on theme: "September 10 th, 20011 POSSE Portable Open Source Security Elements Jonathan M. Smith University of Pennsylvania"— Presentation transcript:

1 September 10 th, 20011 POSSE Portable Open Source Security Elements Jonathan M. Smith University of Pennsylvania http://www.cis.upenn.edu/~posse

2 September 10 th, 20012 Introduction PI, Jonathan Smith (Penn) Theo de Raadt (OpenBSD project) Michael Greenwald (Penn) Angelos Keromytis (Columbia University) Ben Laurie (AL Group, Ltd.) Dale Rahn (Penn) Jason Wright (Penn) Todd Miller (Penn) Stefan Miltchev (Penn) Sotiris Ioannidis (Penn)

3 September 10 th, 20013 Background and Motivation Security is not about features It is about delivering features reliably Meeting expectations with no unexpected (and exploitable) behavior We have done a very poor job of delivering secure software because we are not willing to expend the “grunt work” (such as audits) that delivering secure software requires When traditional software development is used, freeze for audit causes TOAD (Technically Obsolete at Delivery :-)

4 September 10 th, 20014 Consider… “… As an experiment I also planted a comment which should raise eyebrows in some code I released years ago and which is fairly widely used just to see if I’d get any reaction from anyone (the comment says, in effect, ”Something really suspicious could happen here”, although that’s not the real text so you can’t just grep for it to find it :-). Noone has ever asked me about this, from which I assume that noone’s ever looked at the code they’re using. That’s kind of scary, because the comment isn’t in there just to annoy people, you really could build a rather nasty backdoor in there. There may actually be products out there which are released in binary-only form where the vendor has built in a backdoor at that point, although I saw a posting from foo@anon.org in alt.2600 saying he’d looked at the product and it was fine, so it must be OK.” – Peter Gutmann, on PGN’s list

5 September 10 th, 20015 OpenBSD! BSD license – most attractive to companies Open Source - 4.4 BSD based - split from NetBSD Central focus of project is security! Led by Theo de Raadt No remote root holes in several years Development characterized by continuous audit Widely used in security products (e.g., IDS) and embedded systems See http://www.openbsd.org

6 September 10 th, 20016 New Ideas and Approaches (Overview) Must keep security in the development mainstream Generate a community of open source security expertise, by demonstration and code sharing Accelerate the introduction of security technologies in both OpenBSD and across all open projects; collaborations with TrustedBSD, etc. Apply OpenBSD audit methodology to OpenSSL Document the audit process to disseminate techniques more widely

7 September 10 th, 20017 Model (segue to proposed work) Linux/ SE Linux FreeBSD (Trusted ) Portable Software Security Training/ Audit Training Security-Focused Community POSSE OpenBSD

8 September 10 th, 20018 Proposed Work (short – lots accomplished!) 1-liner: “pluck low-hanging fruit” –Enable CHATS Phase II Social Engineering as much as technology Strong genetic ties between BSDs Bug fixes in userland propagate w/low (!=0) O.H. OpenSSL Audit –OpenSSL widely used in e-commerce –Part of Apache Web Server (good % of servers) –OpenSSL code currently unaudited –Opportunity to document methodology => educate!

9 September 10 th, 20019 Proposed Work (details) Audit OpenSSL Hardware Crypto Support –Both symmetric and asymmetric support –Important for OpenSSL /dev/policy kernel interface for policy rules –Prototype policy daemon/kernel done for D.F. –Means of importing many SE Linux features File system attributes –Persistent meta-data for objects (ACLs, labels, caps.) –Absorb from TrustedBSD work – R. Watson Secure Bootstrap (SEBOS) – W. Arbaugh

10 September 10 th, 200110 Accomplishments - Managerial Have hired two people (Dale and Jason) at Penn Theo de Raadt (Canadian) under contract AL Group, Ltd. (UK) under contract Have (thanks to extremely aggressive work by AFRL!) sponsored hackathon previous to Summer USENIX in Boston (June, 2001) Sponsored smaller hackathon at USENIX Security Audit monograph discussions started w/Ben Laurie (OpenSSL): writing, meld w/technical timelines Equipment purchases, provision to TrustedBSD To do: Subcontract to Columbia (Keromytis)

11 September 10 th, 200111 Accomplishments – Technical, I OpenBSD-inspired changes in OpenSSL crypto framework OpenSSL hardware crypto support now working on hifn (Hifn7951) card PowerPC support RSA smart card support in OpenSSH PMTU discovery in IPSEC IP stack hardware checksums for some cards Fixed DoS problems in passwd and chpass by changing how passwd-file locking is done Code-signing effort underway with Ben, Angelos, …

12 September 10 th, 200112 Accomplishments – Technical, II Auditing –Continue repair of fd_set overflow problems –Continue repair of signal handlers –Fix syslog() - implementation of syslog_r(), will be re- entrant, also signal safe - addresses signal race problems –Incorrect code, e.g., snprintf misuses New pf(4) packet filter –Replaces ipf (IP problems) –Implements some components of “traffic normalization” –Address end point traffic interpretation issues e.g., IP fragment or TCP windowoverlays. –Can improve some IDS - fewer false alerts

13 September 10 th, 200113 Technical Accomplishments, III TCP ISN randomization –Proposed in papers (e.g., LBL) –First deployment Stack offset randomization –randomly sized gap is placed at the top of user stack –Trouble for fixed size buffer overflow attacks –Enabled using sysctl(8) RC4 RC4, MD5, SHA1 (not HMAC) in crypto framework (see crypto(9 )); DES-CBC, 3DES-CBC, and RC4 work from userland Apache policy module (based on KeyNote)

14 September 10 th, 200114 Deliverables and Timeline - POSSE Start Year 1 Year 2 Audit OpenSSL HW crypt for SSL OpenBSD releases /dev/policy OpenBSD releases Continue and Document Audit Enhanced File Sys Absorb SE Linux OpenBSD releases SEBOS OpenBSD releases

Download ppt "September 10 th, 20011 POSSE Portable Open Source Security Elements Jonathan M. Smith University of Pennsylvania"

Similar presentations

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)

NetServ Dynamic in-network service deployment Henning Schulzrinne (Columbia University) Srinivasan Seetharaman (Georgia Tech) Volker Hilt (Bell Labs)
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
White House New Media & Open Source Software Macon Phillips White House New Media.

White House New Media & Open Source Software Macon Phillips White House New Media.
Copyright © 2005 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CSE350 Software Design and Engineering University of Pennsylvania Office: 254 Moore GRW, Phone: 8-9509 April 9 th, 2002.

CSE350 Software Design and Engineering University of Pennsylvania Office: 254 Moore GRW, Phone: April 9 th, 2002.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-

1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Implementing a Distributed Firewall

Implementing a Distributed Firewall
Illinois Institute of Technology

Illinois Institute of Technology
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Software Development Overview CPSC 315 – Programming Studio Spring 2009.

Software Development Overview CPSC 315 – Programming Studio Spring 2009.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Overview of the Multos construction process Chad R. Meiners.

Overview of the Multos construction process Chad R. Meiners.
CSE350 Software Design and Engineering University of Pennsylvania Office: 254 Moore GRW, Phone: 8-9509 April 2 nd, 2002.

CSE350 Software Design and Engineering University of Pennsylvania Office: 254 Moore GRW, Phone: April 2 nd, 2002.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Similar presentations

Ads by Google