Presentation is loading. Please wait.

Presentation is loading. Please wait.

Part 1: Software Security and Static Analysis, Dynamic Analysis, and Concolic Analysis Part 2: Pervasive Problems Part 3: Features and Flavors Part 4:

Published byCarmel Hardy Modified over 9 years ago

Similar presentations

Presentation on theme: "Part 1: Software Security and Static Analysis, Dynamic Analysis, and Concolic Analysis Part 2: Pervasive Problems Part 3: Features and Flavors Part 4:"— Presentation transcript:

1 Part 1: Software Security and Static Analysis, Dynamic Analysis, and Concolic Analysis Part 2: Pervasive Problems Part 3: Features and Flavors Part 4: Analysis in Practice Secure Programming 程式安全 Course Outline

2 上課相關資訊 (課號: IOC5087 ) 上課地點 EC022 (工程三館) 時間 週二 C, D 週四 H 教師 黃世昆 skhuang@cs.nctu.edu.twskhuang@cs.nctu.edu.tw 分機: 54721 Office Hours: Tuesday, EF 助教 許立文 lwhsu@cs.nctu.edu.twlwhsu@cs.nctu.edu.tw 林友祥 yslin@cs.nctu.edu.twyslin@cs.nctu.edu.tw 黃琨翰 coolham.csie91@nctu.edu.twcoolham.csie91@nctu.edu.tw

3 教科書 Secure Programming with Static Analysis by Brian Chess; Jacob WestBrian Chess; Jacob West Publisher: Addison Wesley Professional Pub Date: June 29, 2007 Print ISBN-10: 0-321-42477-8 Print ISBN-13: 978-0-321-42477-8 Pages: 624 http://proquest.safaribooksonline.com/9780321424778

4 Motivation: Why Secure Programming ? Yet Another Security Course ? Spectrum of Information Security

5 Information Security Related Courses [DS] Data Security – Encryption/Public-key/Key Management Protocols [NS] Network Security – Security Protocols [SS] System Security – William Stallings ’ s Intruders/Viruses Firewalls [SS2] Software Security – Building Secure Software

6 Data Security Course Data Security 80% Network Security 15% System Security 4.9% Software Security 0.1%

7 Network Security Course Data Security 56% Network Security 30% System Security 13% Software Security 1%

8 System Security Course Data Security 10% Network Security 20% System Security 60% Software Security 10%

9 Software Security Course Data Security 2% Network Security 8% System Security 20% Software Security 70% Reliable Software Secure Software Development Secure Programming

10 Background

11 Traditional Engineering and Software Engineering Traditional Engineering Destructive Test Bridge and Building: Wind Tunnel, Earthquake Test Metal: Pressure Test Or, Fall Down for the case of Tacoma Narrows Bridge A 600-foot section falling into the water in November 7, 1940 in Puget Sound, near the city of Tacoma, Washington, the bridge had only been open for traffic a few months. the first suspension bridge collapsed due to wind-induced vibrations Software Engineering Fragile software Not with security in mind, but reactive technologies, e.g. firewall

12 A 600-foot section of the Tacoma Narrows bridge crashes http://www.enm.bris.ac.uk/anm/tacoma/tacoma.html

13 Seven Best Practices: Touchpoints Work Security Engineering into Requirements Architecture Architecture Risk Analysis (2) Design Coding Code Review with Static Analysis (1) Testing Validation Measurement Maintenance

14 Software Security Touchpoints

15 Code Review Focus on Implementation Bugs Notorious buffer overflow Misuse of vulnerable APIs (e.g., gets(), strcpy(),…) Manually or by Static Analysis tool What the bug How to correct the bug

16 Software Errors Two decades of buffer overflow vulnerabilities 1988 Morris worm Internet programming community aware Buffer Overflow could lead to security breach 2004, Buffer overflow still the number one cause o security problem by the CVE (common vulnerabilities and exposures project)

17 Software Engineering and Worms 1968 (conference on software crisis after IC invention, with more complex software) 1988 (Nov 2) Internet Worm 2001 (July 19) Code Red Worm (after 1988) 2003 (Aug 11) Blaster Worm (impact MS) 2005 Worms Anywhere and Anytime Microsoft Software auto-updates more frequently

18 Course Objectives Use static analysis tools to identify coding errors before they can be exploited Introduce Concepts Software Security Static Source Code Analysis Dynamic Analysis Concolic Analysis

19 Part Ia: Software Security and Static Analysis The Software Security Problem Introduction to Static Analysis Introduction and static tools survey Static Analysis as Part of the code Review Process How to effectively use the tools Static Analysis Internals How static analysis tools work

20 Software Security Problem Defensive Programming is not Enough Security Features != Secure Features Software Quality and Software Security Testing Specified v.s. Unspecified Features

21 Part Ib: Software Security and Dynamic Analysis Run-time Error Detections Memory Leak Detection Pointer Access Range Detection Integer Security Detection Bug Localization and Forensics Deduce/Induce faults from failed outputs Exploiting Bug from inspected Faults

22 Part Ic: Software Security and Concolic Analysis Introduction to Symbolic Evaluation and Concrete Evaluation Combining Symbolic and Concrete Evaluation (Concolic) Explicit Software Model Checking

23 Part II: Pervasive Problems Handling Input Tainted Input Analysis Buffer Overflow Bride of Buffer Overflow (Integer Security) Errors an Exceptions Connections between error handling and recovery Approaches to logging and debugging

24 Part III: Features and Flavors (Guidance for Secure Coding) Web Applications XML and Web Services Privacy and Secrets Privileged Programs

25 Part IV: Static/Dynamic/Concolic Analysis in Practice Security Analysis for Java Security Analysis for C

26 Tools Static Analysis Tools MOPS, BLAST, Fortify SCA Dynamic Analysis Tools Fuzz Test CRED, Valgrind (memcheck) Concolic Tools Cute, JCute, Alert ShellCode Tool Metasploit

27 Course Activities and Grading Attending Class Lectures (Joining Discussion) 10% Wargaming (40%) 1. Exploiting a Bug without ShellCode 2. Exploiting a Bug with Command Injection 3. Exploiting a Buffer Overlfow Bug with ShellCode Injection 4. Integer Overflow/Signedness with Heap Overflow Exploits 5. Uninitialized Variables/Format String Exploits 6. Web Application Analysis and Exploit Development Developing Real Exploits (60%) 1. Project 1: Searching for Bugs (15%) 2. Project 2: Converting Bugs into Vulnerabilities (15%) 3. Project 3: Mitigations (15%) 4. Project 4: Exploit Development (15%)

28 P1: Searching for Potentially Exploitable Bugs Static Analysis PREFAST, SLAM, BLAST, CQUAL Dynamic Analysis Fuzzing (zzuf, peach) Unstructured Fuzzing Structured Data Fuzzing Conclic Fuzzing (catchconv) Fuzzing with Taintness Analysis

29 P2: Converting Bugs into Vulnerabilities Failure Analysis (bug forensics) Memcheck (valgrind plugin) Crash Detection/Recovery (beagle) Fault Localization (delta-debugging) Dynamic Tainted Analysis

30 P3: Mitigations Off-by-one Exploit Nonexecutable Statck/Stack and Heap integrity check Return-to-libc Return-oriented programming Address-space randomization Searching for fixed entry points

31 P4: Exploit Development Testing Exploitability Tainted Path Analysis Controlling Crash/Tainting Shell Code Forging Metasploit Plug-into Worm Kit/Take a Botnet Command/Controlling Botnet

32 Other References Robert C. Seacord, “ Secure Coding in C and C++ ”, Addison-Wesley, 2005 http://www.cert.org/books/secure-coding/ Michael Howard and David LeBlanc, “ Writing Secure Code “, 2nd Edition, Microsoft Press, 2003,.

Download ppt "Part 1: Software Security and Static Analysis, Dynamic Analysis, and Concolic Analysis Part 2: Pervasive Problems Part 3: Features and Flavors Part 4:"

Similar presentations

Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.

Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
August 1, 2006 XP Security. August 1, 2006 Comparing XP and Security Goals XP GOALS User stories No BDUF Refactoring Continuous integration Simplicity.

August 1, 2006 XP Security. August 1, 2006 Comparing XP and Security Goals XP GOALS User stories No BDUF Refactoring Continuous integration Simplicity.
August 1, 2006 Software Security. August 1, 2006 Essential Facts Software Security != Security Features –Cryptography will not make you secure. –Application.

August 1, 2006 Software Security. August 1, 2006 Essential Facts Software Security != Security Features –Cryptography will not make you secure. –Application.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Software Security Lecture 0 Fang Yu Dept. of MIS National Chengchi University Spring 2011.

Software Security Lecture 0 Fang Yu Dept. of MIS National Chengchi University Spring 2011.
Network Programming 授課教師 : 詹益禎 中文課名 : 網路程式設計 學分時數 : 3 學分\ 3 小時 助教 : 李宏杰、趙振宣 教室 : 32310 上課時間 : 9:05~12:00 (Wed.)

Network Programming 授課教師 : 詹益禎 中文課名 : 網路程式設計 學分時數 : 3 學分\ 3 小時 助教 : 李宏杰、趙振宣 教室 : 上課時間 : 9:05~12:00 (Wed.)
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Lecture 16 Buffer Overflow

Lecture 16 Buffer Overflow
A Scanner Sparkly Web Application Proxy Editors and Scanners.

A Scanner Sparkly Web Application Proxy Editors and Scanners.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.

CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Network Programming 授課教師 : 詹益禎 中文課名 : 網路程式設計 學分時數 : 3學分\3小時 助教 :許聖宏

Network Programming 授課教師 : 詹益禎 中文課名 : 網路程式設計 學分時數 : 3學分\3小時 助教 :許聖宏
CSCE 548 Secure Software Development Risk-Based Security Testing.

CSCE 548 Secure Software Development Risk-Based Security Testing.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.

Software Quality Assurance Lecture #8 By: Faraz Ahmed.

Similar presentations

Ads by Google