Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Gone Wrong. SECURITY INNOVATION ©2003 2 Computer Security Security is an enabling technology of the Internet.Security is an enabling technology.

Similar presentations


Presentation on theme: "Software Gone Wrong. SECURITY INNOVATION ©2003 2 Computer Security Security is an enabling technology of the Internet.Security is an enabling technology."— Presentation transcript:

1 Software Gone Wrong

2 SECURITY INNOVATION ©2003 2 Computer Security Security is an enabling technology of the Internet.Security is an enabling technology of the Internet. –Privacy, authentication, integrity, fairness. –Security turns the Internet into a serious tool for both business and personal uses. –The limits of security are the limits of the Internet. Security has been failing us, again and again, faster and faster.Security has been failing us, again and again, faster and faster. Why is this so?Why is this so? Can anything be done about it?Can anything be done about it?

3 SECURITY INNOVATION ©2003 3 Problems in Computer Security Bad cryptography: algorithms and protocols.Bad cryptography: algorithms and protocols. Bad programming: overflow bugs, CGI scripting errors.Bad programming: overflow bugs, CGI scripting errors. Bad installation: misconfigured firewalls, routers, etc.Bad installation: misconfigured firewalls, routers, etc. Bad users: poor password choices, social engineering.Bad users: poor password choices, social engineering. Bad products: don’t solve the correct problem, don’t scale, etc.Bad products: don’t solve the correct problem, don’t scale, etc.

4 SECURITY INNOVATION ©2003 4 All Components are Suspect On today’s networks, everything has the potential to compromise security.On today’s networks, everything has the potential to compromise security. –A Web-based feedback form can compromise your Web server. –Melissa proved that your word processor can compromise your security. –In Windows NT, a rogue printer driver can compromise your security. –In Windows 2000, any program running on your computer can compromise your security.

5 SECURITY INNOVATION ©2003 5 Protecting Digital Secrets Cryptography has the property that the defender has an enormous advantage over the attacker.Cryptography has the property that the defender has an enormous advantage over the attacker. Computer security is more balanced.Computer security is more balanced.

6 SECURITY INNOVATION ©2003 6 What About Cryptography Cryptography is about mathematics; security is about people.Cryptography is about mathematics; security is about people. Most security problems cannot be solved with cryptography:Most security problems cannot be solved with cryptography: –Denial-of-service attacks. –CGI attacks against Web servers. –Viruses like Melissa. –Some attacks against DNS servers.

7 SECURITY INNOVATION ©2003 7 The Future….. It doesn’t looks good:It doesn’t looks good: –Defensive technologies are getting better, but so are attack technologies. –Migration to digital media means that we are depending more on technology. –More people using products means fewer intelligent users. The future of products is complexity, and complexity is the worst enemy of security.The future of products is complexity, and complexity is the worst enemy of security.

8 The Insecurity of Complexity

9 SECURITY INNOVATION ©2003 9 Complexity Means 1. More bugs 2. Modularity 3. Interconnectedness 4. Difficulty of understanding 5. Difficulty of analysis 6. Difficulty of testing

10 SECURITY INNOVATION ©2003 10 What is a Software Bug? A software flaw that produces unexpected output given proper inputA software flaw that produces unexpected output given proper input A software flaw that causes the system to crash or grind to a halt when exposed to faulty inputsA software flaw that causes the system to crash or grind to a halt when exposed to faulty inputs

11 SECURITY INNOVATION ©2003 11 Denver Airport Baggage Unmanned carts on a trackUnmanned carts on a track Bad failure recovery/detectionBad failure recovery/detection –Piles of fallen bags would not stop the unloaders Carts got out of syncCarts got out of sync –Full carts continue to get loaded –Empty carts get unloaded Delayed airport opening for 11 monthsDelayed airport opening for 11 months –$1 million dollars a day in cost due to interest bond issues

12 SECURITY INNOVATION ©2003 12 ….last known image before plunging to it’s death

13 SECURITY INNOVATION ©2003 13 NASA Mars Lander Failed translationFailed translation –English units into metric units –major error in spacecraft's path as it approached Mars Crashed into the planetCrashed into the planet –Shut off descent engines prematurely Taxpayer cost: $165 MillionTaxpayer cost: $165 Million

14 SECURITY INNOVATION ©2003 14 Milstar Filght 3 Failure Incorrect software constant entered into the Upper Stage guidance computerIncorrect software constant entered into the Upper Stage guidance computer –The roll-rate filter constant was entered at one-tenth of its proper value (0.1992476 rather than -1.992476) Useless orbit of 400 x 2700 miles instead of the required geosynchronous orbit of 23000 milesUseless orbit of 400 x 2700 miles instead of the required geosynchronous orbit of 23000 miles Taxpayer cost: $1.2 billionTaxpayer cost: $1.2 billion

15 SECURITY INNOVATION ©2003 15

16 SECURITY INNOVATION ©2003 16 4 Marines Killed MV-22 Osprey Helicopter CrashMV-22 Osprey Helicopter Crash Burst hydraulic failureBurst hydraulic failure Software caused backup system to failSoftware caused backup system to fail

17 SECURITY INNOVATION ©2003 17 Can you spot the difference?

18 SECURITY INNOVATION ©2003 18 Civilian Airliner shot Down by Navy Computer-generated mistakes aboard the USS Vincennes lie at the root of the downing of Iran Air Flight 655, according to senior military officials being briefed on the disaster.Computer-generated mistakes aboard the USS Vincennes lie at the root of the downing of Iran Air Flight 655, according to senior military officials being briefed on the disaster. 290 Iranian passengers and crew may have been the first known victims of "artificial intelligence,"290 Iranian passengers and crew may have been the first known victims of "artificial intelligence,"

19 SECURITY INNOVATION ©2003 19 What is a Software Security Bug? A software flaw that exposes confidential data to unauthorized usersA software flaw that exposes confidential data to unauthorized users A software flaw which causes the system to crash or grind to a halt when exposed to faulty inputsA software flaw which causes the system to crash or grind to a halt when exposed to faulty inputs A software flaw which allows an attacker to inject code and execute itA software flaw which allows an attacker to inject code and execute it A software flaw which executes privileged commands for an attackerA software flaw which executes privileged commands for an attacker

20 SECURITY INNOVATION ©2003 20 $8.8 Billion Mistake by Microsoft According to Computer Economics, the worldwide economic impact of the Love Bug Virus was estimated at $8.75 billionAccording to Computer Economics, the worldwide economic impact of the Love Bug Virus was estimated at $8.75 billion The fact that Microsoft Outlook was designed to execute programs that were mailed to it made the virus possible..The fact that Microsoft Outlook was designed to execute programs that were mailed to it made the virus possible..

21 SECURITY INNOVATION ©2003 21 Software Security Bugs Faulty code has been with us since the beginning.Faulty code has been with us since the beginning. Adequate software needs to withstand random programming bugs:Adequate software needs to withstand random programming bugs: Programming Murphy’s computer.

22 SECURITY INNOVATION ©2003 22 Programming Satan’s Computer Engineering Software security is different from any other type of engineering.Engineering Software security is different from any other type of engineering. Traditional engineering involves making products from ideas.Traditional engineering involves making products from ideas. Most products are useful for what they do.Most products are useful for what they do. Security products are only useful when they do not allow things to occur.Security products are only useful when they do not allow things to occur. Security engineering is therefore backward. We first must figure out how to make things not perform as intended …and then prevent those occurrences.Security engineering is therefore backward. We first must figure out how to make things not perform as intended …and then prevent those occurrences.

23 SECURITY INNOVATION ©2003 23 Programming Satan’s Computer

24 SECURITY INNOVATION ©2003 24 Structural engineering involves making sure things do not fail in the presence of random faults (designed margins of safety).Structural engineering involves making sure things do not fail in the presence of random faults (designed margins of safety). With software security, faults that occur at exactly the wrong time and in exactly the wrong way do not occur at random but are forced by an intelligent and malicious agent. Security engineering insures that failures do not occur in the presence of this hostile environment.With software security, faults that occur at exactly the wrong time and in exactly the wrong way do not occur at random but are forced by an intelligent and malicious agent. Security engineering insures that failures do not occur in the presence of this hostile environment. Engineering Software Security

25 SECURITY INNOVATION ©2003 25 Software is not Rocket Science The methods used for testing in traditional analog systems do not apply to softwareThe methods used for testing in traditional analog systems do not apply to software With a rocket, you extrapolate resultsWith a rocket, you extrapolate results –What happens in between a 1000 kg test firing and a 10,000 kg test firing? –The system is continuous –State changes are usually gradual and predictable

26 SECURITY INNOVATION ©2003 26 Zero Margin of Safety Buffer overflows (e.g. fingerd and Morris Worm).Buffer overflows (e.g. fingerd and Morris Worm). CGI scripting errors, cross-site scripting, etc.CGI scripting errors, cross-site scripting, etc. Bad random number generators weaken cryptographic keys.Bad random number generators weaken cryptographic keys. Java, JavaScript.Java, JavaScript.

27 SECURITY INNOVATION ©2003 27 Discrete systems State changes can not be predictedState changes can not be predicted When change happens, numbers can change betweenWhen change happens, numbers can change between00001111101000and10011100010000 in an instant

28 SECURITY INNOVATION ©2003 28 Let the Compiler Do the Checking In the old days programmers had to book time on the mainframe two weeks in advance for compile time they would invest countless hours checking their work. This enforced good code.In the old days programmers had to book time on the mainframe two weeks in advance for compile time they would invest countless hours checking their work. This enforced good code. The code jockeys of today today just bounce code off the compiler until all the errors go awayThe code jockeys of today today just bounce code off the compiler until all the errors go away –This puts the responsibility of “code review” on the compiler

29 SECURITY INNOVATION ©2003 29 Form follows Failure Sub-synchronous resonance in power systemsSub-synchronous resonance in power systems –The addition of series AC capacitors in high energy power systems increases electrical stability –However, due to line inductance, the capacitors create electrical oscillations that effect the mechanical generator Mohave Generating Station, Southern Nevada, 1971Mohave Generating Station, Southern Nevada, 1971 –This snapped the drive shaft on a generator twice before it was properly diagnosed –This phenomenon is now a serious consideration is any power system design

30 SECURITY INNOVATION ©2003 30 Things We Can do to Fix Bad Software Design better compilers and languages that are inherently safeDesign better compilers and languages that are inherently safe –More formal, more machine tractable Perform rigorous failure analysis and apply fault-injection technology.Perform rigorous failure analysis and apply fault-injection technology. Hold vendors liableHold vendors liable Stop buying itStop buying it

31 SECURITY INNOVATION ©2003 31 Heterogeneous Software Systems Historical Approach: large monolithic applications on top of small operating system.Historical Approach: large monolithic applications on top of small operating system. New paradigm:New paradigm: –Applications with components, plug-ins, dynamic linked libraries. –Operating systems with components, plug- ins, libraries, modules.

32 SECURITY INNOVATION ©2003 32 Security Issues with Heterogeneous Components You can’t assume all the components are trustworthy.You can’t assume all the components are trustworthy. You can’t assume the components will work in your configuration in a way that is secure.You can’t assume the components will work in your configuration in a way that is secure. Your operating system cant be relied on to mediate security between components.Your operating system cant be relied on to mediate security between components. Java sandbox and ActiveX security models have flaws.Java sandbox and ActiveX security models have flaws.

33 SECURITY INNOVATION ©2003 33 Accelerating Connectivity As systems get connected, a security flaw in one can propagate to others.As systems get connected, a security flaw in one can propagate to others. Connectivity means:Connectivity means: –MS Word is a networked program. –Java applets. –Viruses in PostScript files Connectivity means maintenance ports on routers, printers, etc. Windows NT has a C2 security ratingWindows NT has a C2 security rating –What happens when we connect to a network

34 SECURITY INNOVATION ©2003 34 Accelerating Connectivity New protocols, delivery mediums mean new mistakesNew protocols, delivery mediums mean new mistakes This high degree of connectivity creates the potential for small failures to propagate and lead to massive outagesThis high degree of connectivity creates the potential for small failures to propagate and lead to massive outages Critical InfrastructureCritical Infrastructure –Telephone network outages –Power system grid failures

35 SECURITY INNOVATION ©2003 35 More Devices Features from workstation computers and low-end wireless terminals are integrated in embedded systemsFeatures from workstation computers and low-end wireless terminals are integrated in embedded systems Modern embedded systems have operating systems and open interfacesModern embedded systems have operating systems and open interfaces Embedded systems usually have very light weight memory managementEmbedded systems usually have very light weight memory management Embedded systems usually have a rather small stack Embedded systems usually have a rather small stack

36 SECURITY INNOVATION ©2003 36 More Devices What happens when buffer overflows and poor access controls lead to mobile code attacks on cellular phones?What happens when buffer overflows and poor access controls lead to mobile code attacks on cellular phones? Mobile code can effect distributed systems in exponential timeMobile code can effect distributed systems in exponential time If an embedded product gets mass-exploited, software upgrades to fix the vulnerability will be nearly impossible for the consumer to updateIf an embedded product gets mass-exploited, software upgrades to fix the vulnerability will be nearly impossible for the consumer to update

37 SECURITY INNOVATION ©2003 37 Security Issues of Connectivity Using a home computer as an Internet server.Using a home computer as an Internet server. –Game machines. Putting toasters, refrigerators and other small devices on the Internet.Putting toasters, refrigerators and other small devices on the Internet. Reusing weak protocols for new services.Reusing weak protocols for new services. Connecting phones and palmtops and laptops and computers and servers....Connecting phones and palmtops and laptops and computers and servers....

38 SECURITY INNOVATION ©2003 38 Connectivity as a Forcing Function for Complexity Modern software systems are non-linear in their behavior.Modern software systems are non-linear in their behavior. Modern systems are tightly coupled.Modern systems are tightly coupled. We don’t even understand the interconnectedness of most corporate networks, how can we possibly understand the Internet.We don’t even understand the interconnectedness of most corporate networks, how can we possibly understand the Internet.

39 SECURITY INNOVATION ©2003 39 Complexity and Analysis Complex systems are being used by those without a fundamental level of understanding:Complex systems are being used by those without a fundamental level of understanding: –This lack of understanding enables social engineering and makes those attacks more dangerous. Analysis of complex systems is difficult:Analysis of complex systems is difficult: –The potential threat model. –The protection mechanisms required. –The overall design behavior. Everything that touches the system becomes relevant to understanding and analysis.Everything that touches the system becomes relevant to understanding and analysis.

40 SECURITY INNOVATION ©2003 40 Increased Complexity Means Increased Errors Estimates are between 5 and 15 errors per 1000 lines of code.Estimates are between 5 and 15 errors per 1000 lines of code. More complexity  more code  more errors.More complexity  more code  more errors. More errors  more security vulnerabilities.More errors  more security vulnerabilities.

41 SECURITY INNOVATION ©2003 41 Accelerating LOC Code Size ~50 million Windows 2000 (2000) 40 millionSpace Station 17 million Netscape 10 million Space Shuttle 7 million Boeing 777 Technology is being pieced together with duct tape and bailing wireTechnology is being pieced together with duct tape and bailing wire More feature rich, more drivers and libraries More feature rich, more drivers and libraries –In 1983, Microsoft word was only 27,000 LOC

42 SECURITY INNOVATION ©2003 42 Size of Operating Systems Windows 3.1 (1992)3 million lines of codeWindows 3.1 (1992)3 million lines of code Windows NT (1992)4 million l.o.c.Windows NT (1992)4 million l.o.c. Windows 95 (1995)15 million l.o.c.Windows 95 (1995)15 million l.o.c. Windows NT 4.0 (1996)16.5 million l.o.c.Windows NT 4.0 (1996)16.5 million l.o.c. Windows 98 (1998)18 million l.o.c.Windows 98 (1998)18 million l.o.c. Windows 2000 (2000)35–50 million l.o.c.Windows 2000 (2000)35–50 million l.o.c. Linux 1.5 millionLinux 1.5 million Solaris 7 400,000Solaris 7 400,000

43 SECURITY INNOVATION ©2003 43 2000 Backdoors 5 – 50 bugs per 1000/lines of code [Vaos/McGraw]*5 – 50 bugs per 1000/lines of code [Vaos/McGraw]* 200K bugs X 10% = 20K Security Bugs 20K security bugs X 10% = 2000 Remote Security Bugs

44 SECURITY INNOVATION ©2003 44 Number of System Calls in Operating Systems UNIX 1ed (1971) 33UNIX 1ed (1971) 33 UNIX 2ed (1979) 47UNIX 2ed (1979) 47 SunOS 4.1 (1989)171SunOS 4.1 (1989)171 4.3 BSD Net 2 (1991)1364.3 BSD Net 2 (1991)136 Sun OS 4.5 (1992)219Sun OS 4.5 (1992)219 HP UX 9.05 (1994)163HP UX 9.05 (1994)163 Linux 1.2 (1996)211Linux 1.2 (1996)211 Sun OS 5.6 (1997)190Sun OS 5.6 (1997)190 Linux 2.0 (1998)229Linux 2.0 (1998)229 Windows NT 4.0 SP3 (1999)3433Windows NT 4.0 SP3 (1999)3433

45 SECURITY INNOVATION ©2003 45 Accelerating Exposure to Risk Massive increase in connectivityMassive increase in connectivity A vast network of relationshipsA vast network of relationships –Arpanet started with 12 nodes Machines that used to work behind closed doors are now exposedMachines that used to work behind closed doors are now exposed –Computers are now worn on belt-loops –Toasters connected to the Internet

46 SECURITY INNOVATION ©2003 46 Complexity Creep Sun’s “Home Gateway”.Sun’s “Home Gateway”. Video game machines.Video game machines. The Internet.The Internet. Network security devices (firewalls).Network security devices (firewalls). ToastersToasters

47 SECURITY INNOVATION ©2003 47 The Same Flaws The same software bugs just seem like they will not go awayThe same software bugs just seem like they will not go away –We have known about buffer overflows for over 15 years Vendors have achieved critical massVendors have achieved critical mass –When will customers hold vendors liable for buffer overflows? –Is it reasonable to accept buffer overflows in production code?

48 SECURITY INNOVATION ©2003 48 The Same Flaws Buffer overflows were first identified in the 1960s.Buffer overflows were first identified in the 1960s. They were first used to attack networked computers in the 1970s.They were first used to attack networked computers in the 1970s. The Morris Worm used buffer overflows to attack the Internet in 1989.The Morris Worm used buffer overflows to attack the Internet in 1989. Today, buffer overflows are the most common way to attack systems.Today, buffer overflows are the most common way to attack systems. –Two-thirds of all CERT advisories are about buffer overflows.

49 SECURITY INNOVATION ©2003 49 The Same Flaws There’s a particular bug in Microsoft Internet Information Server.There’s a particular bug in Microsoft Internet Information Server. It was fixed in July 1998.It was fixed in July 1998. Another warning was published by Microsoft in July 1999.Another warning was published by Microsoft in July 1999. In January 2000, the bug was exploited to steal credit card numbers from several Web sites.In January 2000, the bug was exploited to steal credit card numbers from several Web sites.

50 SECURITY INNOVATION ©2003 50 Time to Market Pressure Windows 2000 shipped with 63,000 known bugs of which 28,000 were likely to be real problemsWindows 2000 shipped with 63,000 known bugs of which 28,000 were likely to be real problems

51 SECURITY INNOVATION ©2003 51 Insecure Software….Why it Exists Networked Software and middleware components are not designed to withstand a hostile environmentNetworked Software and middleware components are not designed to withstand a hostile environment Development tools do not prevent simple security bugs (i.e., buffer overflows)Development tools do not prevent simple security bugs (i.e., buffer overflows) QA Testing methods do not address securityQA Testing methods do not address security Customers line up to pay for bad softwareCustomers line up to pay for bad software Vendors are not held accountableVendors are not held accountable

52 SECURITY INNOVATION ©2003 52 Moving Away From Center As new players emerge, in order to compete new services must be deliveredAs new players emerge, in order to compete new services must be delivered New technology drives more connections, devices, and codeNew technology drives more connections, devices, and code This new technology is not being properly tested for failuresThis new technology is not being properly tested for failures

53 SECURITY INNOVATION ©2003 53 The Real Reason Software Sucks…. YOU! As the consumer, you play a big part by demanding bad softwareAs the consumer, you play a big part by demanding bad software To continually demand new features in a very short time frame creates unrealistic time-to- market for reliable software.To continually demand new features in a very short time frame creates unrealistic time-to- market for reliable software. Win 3.1, 95, 98, 2000, NT, XPWin 3.1, 95, 98, 2000, NT, XP –Are you willing to wait more than two years for the features you want? –Are you willing to pay 10-times as much to get those features?

54 SECURITY INNOVATION ©2003 54 Other Industries Get Sued Software shops gather around to defer bugs, decide which ones to ‘patch later’, and which ones to ignoreSoftware shops gather around to defer bugs, decide which ones to ‘patch later’, and which ones to ignore In other industries, safety flaws that are not corrected result in major class-action suitsIn other industries, safety flaws that are not corrected result in major class-action suits

55 SECURITY INNOVATION ©2003 55 Other Industries Get Sued LIMITATION OF LIABILITY AND REMEDIES. Notwithstanding any damages that you might incur for any reason whatsoever (including, without limitation, all damages referenced above and all direct or general damages), the entire liability of ‘ The Vendor’ and any of its suppliers under any provision of this EULA and your exclusive remedy for all of the foregoing (except for any remedy of repair or replacement elected by ‘ The Vendor’ with respect to any breach of the Limited Warranty) shall be limited to the greater of the amount actually paid by you for the Software or U.S.$5.00. The foregoing limitations, exclusions and disclaimers (including Sections 7, 8, and 9 above) shall apply to the maximum extent permitted by applicable law, even if any remedy fails its essential purpose. LIMITATION OF LIABILITY AND REMEDIES. Notwithstanding any damages that you might incur for any reason whatsoever (including, without limitation, all damages referenced above and all direct or general damages), the entire liability of ‘ The Vendor’ and any of its suppliers under any provision of this EULA and your exclusive remedy for all of the foregoing (except for any remedy of repair or replacement elected by ‘ The Vendor’ with respect to any breach of the Limited Warranty) shall be limited to the greater of the amount actually paid by you for the Software or U.S.$5.00. The foregoing limitations, exclusions and disclaimers (including Sections 7, 8, and 9 above) shall apply to the maximum extent permitted by applicable law, even if any remedy fails its essential purpose. You get $5 bucks

56 SECURITY INNOVATION ©2003 56 There are Two Alternatives.... 1. Slow down, simplify, add security. –“FDA” approval for Internet devices and services. –Reverse trend toward and move towards convergence. –Limit usefulness of Internet. 2. Embrace the insecurity of products. –Accept that security vulnerabilities are inevitable. –Use security testing to quantify risk –Use risk management and not threat avoidance.

57 SECURITY INNOVATION ©2003 57 Why do Vendors Refuse to Fix Their Code They can afford not to!They can afford not to! Hardware is expensive to replace – so huge investments are placed into testing hardware prior to releaseHardware is expensive to replace – so huge investments are placed into testing hardware prior to release –Intel F00F bug cost $500 million Software bugs can be patched and downloaded from a web-siteSoftware bugs can be patched and downloaded from a web-site –They pass the cost of a bug to the customer

58 SECURITY INNOVATION ©2003 58 Security Testing Security is orthogonal to functionality.Security is orthogonal to functionality. –Just because a product functions properly does not mean that it’s secure. No amount of beta testing for functionality can ever intentionally uncover a security flaw.No amount of beta testing for functionality can ever intentionally uncover a security flaw. Experienced targeted security testing is required to discover security flaws.Experienced targeted security testing is required to discover security flaws. The vendor must find them allThe vendor must find them all The attacker must only find oneThe attacker must only find one

59 SECURITY INNOVATION ©2003 59 Testing Software Security What would happen if a vendor shipped a product without any functional testing.What would happen if a vendor shipped a product without any functional testing. –No in-house testing. –No beta testing. –Just make sure it compiles and then ship it. A product developed using this approach will have hundreds of bugs; the odds of it working correctly are negligible.A product developed using this approach will have hundreds of bugs; the odds of it working correctly are negligible. Now imagine a vendor shipping a product without any specific security testing.Now imagine a vendor shipping a product without any specific security testing. The odds of it being secure are negligible.The odds of it being secure are negligible.

60 SECURITY INNOVATION ©2003 60 Security Testing Requires Testing Smart Lets do the math…..Lets do the math….. Imagine a system with ten different settings, each with two possible choices:Imagine a system with ten different settings, each with two possible choices: –45 different pairs of choices. –1024 different combinations altogether. 30 different settings = 190 different pairs and a billion different combinations.30 different settings = 190 different pairs and a billion different combinations.

61 SECURITY INNOVATION ©2003 61 Security Testing Software will never be placed or deployed into a trusted or predictable environmentSoftware will never be placed or deployed into a trusted or predictable environment Security testing requires attacking the software in a way that exercises the trust relationships.Security testing requires attacking the software in a way that exercises the trust relationships. The software should be tested in ways that are unexpected while observing for behaviors that are unknown.The software should be tested in ways that are unexpected while observing for behaviors that are unknown.

62 SECURITY INNOVATION ©2003 62 Security Testing History Attack and PenAttack and Pen Source Code ReviewSource Code Review Network ScanningNetwork Scanning Fault InjectionFault Injection Full DisclosureFull Disclosure

63 SECURITY INNOVATION ©2003 63 Fault Injection Source code changes require recompileSource code changes require recompile Binary instrumentation requires host agentBinary instrumentation requires host agent API input testing requires test harnessAPI input testing requires test harness Network input testing requires additional network nodeNetwork input testing requires additional network node

64 SECURITY INNOVATION ©2003 64 Black Box Testing Can be automatedCan be automated Can easily find ‘low hanging fruit’Can easily find ‘low hanging fruit’ Automated Tools:Automated Tools: –Holodeck –Spike –Hailstorm™ –PROTOS


Download ppt "Software Gone Wrong. SECURITY INNOVATION ©2003 2 Computer Security Security is an enabling technology of the Internet.Security is an enabling technology."

Similar presentations


Ads by Google