Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research"— Presentation transcript:

1 1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research http://www.research.att.com/~smb

2

3 2 “If our software is buggy, what does that say about its security?” --Robert H. Morris

4 3 Some Principles of Software Engineering Simplicity is a virtue. If code is complex, you don’t know if it’s correct (but it probably isn’t). Break up complex systems into simple, well-defined modules.

5 4 Security is Hard “Reasonable” assumptions don’t apply. –File name length bounds don’t apply. –Any input field can be arbitrarily weird. Your adversary is creating improbabilities. –Race conditions will happen. “Nature is subtle but not malicious” – but the hackers are both.

6 5 Case Study: rcp and rdist rcp and rdist use the rsh protocol. The rsh protocol requires that the client program be on a privileged port. Thus, rcp and rdist run as root. Both have a long history of security holes…

7 6 Solutions Don’t implement the protocol directly in rcp and rdist; invoke the rsh command. Or invoke a small, trusted program that sets up the connection and passes back an open file descriptor. Best of all, use a real authentication mechanism.

8 7 Case Study: Encrypting telnet The DES library wanted 56-bit keys plus proper parity. The “generate a 64-bit random key” routine didn’t set the parity bits properly. When handed a bad key, the DES library treated the key as all zeroes. With probability 255/256, the session was encrypted with a known, constant key!

9 8 Analysis Interface definitions matter. Interfaces should be consistent – why did the encryption routine and the key generation routine behave differently? Error-checking matters.

10 9 Case Study: Many C Programs About half of all newly-reported security holes are due to buffer overflows in C. This shouldn’t be possible! Tony Hoare warned us of this in his Turing Award lecture:

11 10 Hoare’s Turing Award Lecture: “The first principle was security… A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time… I note with fear and horror that even in 1980, language designers and users have not learned this lesson.”

12 11 Case Study: ftpd Original Berkeley implementation (and many of its descendants) used yacc to parse network input. USER and PASS were separate commands. Result: flag-setting, ubiquitous flag-testing, global state – and at least three different security holes. –Newer ftpd’s have more complex access control mechanisms – and more security holes.

13 12 Solution Separate the login code from the rest. –Put it in a separate, small program: ~100 lines. Activate your strong security measures (chroot, setuid) in the login module. The remaining thousands of lines of code can run unprivileged. –(Let the OS do access control – it’s good at it.)

14 13 Cryptography is Even Harder The oldest (public) cryptographic protocol was published in 1978. A flaw was found in 1983. The original authors found a flaw in the revised protocol in 1994. A new error in the original was found in 1996. Note: the protocol was only 5 lines long!

15 Bug Fixes Most system penetrations caused by known vulnerabilities, for which patches already exist. But blindly patching production systems is dangerous. There’s a new scheme afoot to have vendors automatically install patches...

16 15 Today’s Challenges Large-scale, heterogeneous distributed systems. –Must design for component “failure”. Limited security tools (firewalls, hardened hosts, cryptography). Ubiquitous networking. Mobile code or near-code.

17 16 Firewalls and Databases Firewall Database Web Server The Net

18 17 The Wrong Choice Database Web Server The Net Firewall

19 14 Firewalls Firewalls are touted as a solution to the network security problem. Nonsense – they’re the network’s response to the host security problem. The real function of a firewall is to keep bad guys away from complex, buggy code. Today’s firewalls are getting very complex…

20 18 Where to From Here? Sound software engineering matters more than ever. Shipping code on “Internet time” has exacerbated the problem. –But the economy seems to have solved it… We need to add a new dimension to our modular decomposition: security.

Download ppt "1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research"

Similar presentations

Firewalls Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #35 Dec 9 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…

Similar presentations

Ads by Google