Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper.

Similar presentations


Presentation on theme: "12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper."— Presentation transcript:

1 12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper for CMSI 601 Graduate Seminar, Loyola Marymount University

2 12/13/04Craig E. Ward, CMSI 6012 Agenda Introduction Approach to selecting Programming Languages Vulnerabilities Four vulnerabilities will be presented Conclusions Questions and Comments

3 12/13/04Craig E. Ward, CMSI 6013 Programming Languages More than just one type Imperative Object-oriented Interpreted Virtual machine byte code Functional

4 12/13/04Craig E. Ward, CMSI 6014 Programming Languages LanguageVersionPlatform Java1.4.2Mac OS X CGCC 3.3Mac OS X, Cygwin C++GCC 3.3Mac OS X Perl5.8Mac OS X Standard MLMoscow ML 2.01Windows XP, Mac OS X

5 12/13/04Craig E. Ward, CMSI 6015 Vulnerabilities Range from general to specific General vulnerabilities that present problems for all programming languages Vulnerabilities that present risks to just a particular programming language Vulnerabilities that effect particular implementation of a programming language

6 12/13/04Craig E. Ward, CMSI 6016 Vulnerabilities List a group of similar vulnerabilities Use one to illustrate the group Some vulnerabilities could fit into more- than-one group so these groupings are not absolute.

7 12/13/04Craig E. Ward, CMSI 6017 General Vulnerabilities Malicious Input Race Conditions

8 12/13/04Craig E. Ward, CMSI 6018 Malicious Input Programs that blindly accept input from external sources are vulnerable to exploits Especially problematic if this input is executed Input should be sanitized using a white list

9 12/13/04Craig E. Ward, CMSI 6019 Malicious Input C (and C++) The library routine system() is dangerous Java Runtime.exec() almost as dangerous Perl Some protection with taint mode (if you turn it on) ML OS.Process.system() is dangerous too

10 12/13/04Craig E. Ward, CMSI Overflow Vulnerabilities Integer Overflow Format String Vulnerabilities Stack Overflow Heap Overflow

11 12/13/04Craig E. Ward, CMSI Integer Overflow Attempting to store an integer larger than will fit in the allocated space Most overflows wrap; some saturate Can be used to break protections around bad C library routines

12 12/13/04Craig E. Ward, CMSI Integer Overflow C/C++ Loss of precision from automatic conversions Overflow from calculation Change of sign Java Signed only Compiler prevents loss of precision from assignments

13 12/13/04Craig E. Ward, CMSI Integer Overflow Perl Scalars interpreted at runtime as integer, float, string ML No automatic conversions or casts Throws exception on overflow

14 12/13/04Craig E. Ward, CMSI Object Vulnerabilities Java Inner Classes Class compare by name

15 12/13/04Craig E. Ward, CMSI Java Inner Classes Nested classes given access to outer class members JVM does not recognize a difference between regular and inner classes To give appearance of access by inner classes, accessed members given package scope

16 12/13/04Craig E. Ward, CMSI Java Inner Classes public class Flag { class InnerFlag { public void incFlag() { flag++; } public void showFlag() { System.out.println("The hidden flag is " + flag); } public Flag(int flag) { this.flag = flag * 5; } private int flag; }

17 12/13/04Craig E. Ward, CMSI Java Inner Classes Compiled from "Flag.java" public class Flag extends java.lang.Object{ private int flag; public Flag(int); static int access$008(Flag); static int access$000(Flag); } Compiled from "Flag.java" class Flag$InnerFlag extends java.lang.Object{ private final Flag this$0; Flag$InnerFlag(Flag); public void incFlag(); public void showFlag(); }

18 12/13/04Craig E. Ward, CMSI Java Inner Classes C++ does not automatically give nested classes access to outer class Perl does not enforce any encapsulation Everyone expected to play nice ML does not have inner classes or notion of friend class. Uses signatures. Is Java wrong for being orthogonal?

19 12/13/04Craig E. Ward, CMSI Narrow Vulnerabilities Pointer Subterfuge Arc Injection C++ VPTR Exploit

20 12/13/04Craig E. Ward, CMSI Pointer Subterfuge A counterattack to preventative measures on some Unix systems Exploit targets Linux on IA32 StackGuard canary before return address If stack overwritten, canary would change StackShield return address stack If return address different from saved, abort

21 12/13/04Craig E. Ward, CMSI Pointer Subterfuge Characteristics of a protected program that cause protection to fail: A pointer located next to a buffer A misused library routine that can overflow into the pointer A second copy that uses the pointer without the pointer being initialized wu-ftpd 2.5 mapped_path bug

22 12/13/04Craig E. Ward, CMSI Pointer Subterfuge Use the overflowed pointer to change the return address without damaging the canary Use the overflowed pointer to change list of exit routines to trick StackShield Use the overflowed pointer to change address of copy function to system

23 12/13/04Craig E. Ward, CMSI Conclusions Security is important and must be considered when choosing a programming language. Speed isnt everything. No programming language is completely safe Object orientation only minimally helps Functional programming may help Use static analysis tools designed for the language you are using

24 12/13/04Craig E. Ward, CMSI Questions or Comments?


Download ppt "12/13/04Craig E. Ward, CMSI 6011 Implications of Programming Language Selection on the Construction of Secure Software Systems A presentation of the paper."

Similar presentations


Ads by Google