black hats can also benefit from formal methods
play

Black Hats can also benefit from Formal Methods - PowerPoint PPT Presentation

Nov 07, 2023 •248 likes •633 views

Black Hats can also benefit from Formal Methods jean-louis.lanet@inria.fr PROOF 2015 Saint Malo, September the 28th 1 Agenda Retro-futurism, Retrieving keys, Vulnerability analysis Fault enabled malware Conclusion 2 ZB

  1. Black Hats can also benefit from Formal Methods jean-louis.lanet@inria.fr PROOF 2015 Saint Malo, September the 28th 1

  2. Agenda • Retro-futurism, • Retrieving keys, • Vulnerability analysis • Fault enabled malware • Conclusion 2

  3. ZB 2000 • Invited at ZB 2000 in York, – Are Smart Cards the ideal Domain for applying Formal Methods ?, – Three main reasons : • Certification, • Reducing the cost of the test • Complexity is increasing • 15 years after, did I predict correctly the future ? 3

  4. Certification • Common Criteria certification scheme was internationally recognized (May 2000), • Europe required EAL4+ for electronic signature usage, • Formal methods are mandatory while reaching EAL6 and EAL7 levels. • Unfortunately cost was very high even for EAL5 levels… 4

  5. Certification • ANSSI web site 2004-2015 – Only two products at EL7 level: • Virtual Machine of Multos M3 – G230M mask with AMD 113v4 (SC) • Virtual Machine of ID Motion V1 G231 mask with AMD 122v1 (SC) • Memory Management Unit des microcontrôleurs SAMSUNG S3FT9KF/ S3FT9KT/ S3FT9KS en révision 1 – Only two products at EAL6 level • Microcontrôleurs sécurisés SA23YR80/48 et SB23YR80/48, incluant la bibliothèque cryptographique NesLib v2.0, v3.0 ou v3.1, en configuration SA ou SB • Microcontrôleurs sécurisés ST23YR48B et ST23YR80B • Certification was definitely not the right vector 5

  6. Cost of the test • Automating the test cases generation using formal model, – Optimizing the test case generation, – Formal models used for describing the SUT, – Model for test are different than models for proof, • One company in France: – Leirios Technologies (RIP) was using formal B model to generate test cases, – Smart Testing uses UML charts + OCL constraints … • Seems difficult to find a real business activity, • Test case generation was also not the right vector 6

  7. Complexity of the software • Small devices include sometime vulnerabilities, • One piece of software has been intensively studied: the Java Byte Code Verifier and in particular the JC BCV, – Proving such important piece of code (or specification) could be interesting, – Small size of c-code or Java code – We proved the correctness of the specification versus the type system, – We synthetize the code, obtaining the first card formally proved (2002) • One specification, one implementation: the Oracle one, • Only binary is provided, reverse is forbidden, secrecy by obscurity… 7

  8. During 19 years… • No bugs have been found using formal methods (even mine!), • In 2011, E. Faugeron discovered a bug in the switch case verification. • In 2015 (Next Cardis) a weakness has been discovered that leads to ill typed applet execution and thus to native code execution. • The property that was considered as important was the type system: – Weakness was in the structural part, – But leads to ill-typed code execution. 8

  9. Complexity of software • Formal methods is useful for proving correctness of protocol, • It fail to be an efficient vector for mitigating the complexity of software – Manual inspection and fuzzing were much more efficient than formal methods to find bugs, – Cost of proving is high, – Devil was in the details , – Functional testing can not discover the bug, – Smart cards become more complex, – Size of code is more important 9

  10. Introduction • Recovering keys from a card, – Cryptanalysis – Side Channel, – Reverse engineering, – Fault injections • Should it be more simple just to ask the card to provide the key ? – In Java, just invoke the method getKey () , – Is it possible to execute a shell code ? Just like in main stream IT threats ? 10

  11. Segregated world • Java Card world is partitioned into security domain, • Each Java Card package belongs to a security domain, • No way to have access to an object that belongs to another security context than ours. • Two problems to solve: – Can I execute a rich shell code ? – Can I have access to an object that does not belong to me ? 11

  12. A buffer overflow • Can we implement a buffer overflow in a card ? – A Java Frame must contain information to retrieve the state of the caller, – Return address is stored in the frame. – Can we access it illegally ? • The overflow can be obtained by accessing an illegal index as a local variable, – Write the desired value as a return address, e.g . an array, – While returning from the current method it falls into the expected shell code. • ROP, Return Oriented Programming a funny way to program… 12

  13. Execute it ! • If the array contains: 0x11 ( sspush ) 0x12 0x34 0x8d ( invokestatic ) 0x08 0xc6 ( throwIt() )… it throws the exception 0x1234. 13

  14. Get my Key ! • If the shell code contains : ( byte) 0xad,(byte) 0x6, //getfield_a_this 6 (byte) 0x1a, //aload_2 (byte) 0x03, //sconst_0 (byte) 0x8e, (byte) 0x03, (byte) 0x02, (byte) 0x0f,(byte) 0x04, //invokeinterface getKey (byte) 0x3b, //pop (byte) 0x7a //return • Need to do it on an object belonging to another package ! 14

  15. Get the key of someone else ! • Exactly the same, just obtain the reference on the other object, – Parse the memory, search for a key pattern use it. – get it… – don’t store it in the I/O buffer use a temporary buffer, – Send it out ! • Just need to go through the firewall… 15

  16. Fault Tree: attacker knowledge User Code Confidentiality Get an address Get a block address content content getstatic No integrity on RA Lure the linker Perform a ROP 16

  17. Vulnerability Analysis • Java Card virtual machine vulnerability analysis – How much a Java Card virtual machine performs run time test? – Absence of a RT time is a potential attack path. • Functional test case generation has been largely studied, • Security testing is much more difficult. – A software is defined to be executed under some conditions – Set up its environment such that one of this condition is not validated. – Challenge is to automate the process – Based on Model Based Testing approach 17

  18. Run Time interpreter • Load short from local variable – sload index – stack • … -> • …, value – Description • The index is an unsigned byte that must be a valid index into the local variables of the current frame (Section 3.5 "Frames”). The local variable at index must contain a short. The value in the local variable at index is pushed onto the operand stack. 18

  19. Vulnerability analysis • It is a method for vulnerability analysis of implementations, with a complete framework, • It characterizes if a given implementation performs correctly all the expected verification, • Best paper at SEFM, York, September 11 th 2015, • Part of the toolset should be open source but until which extend ? 19

  20. Fault Enabled Malware • Is it possible to design a code such its semantics mutates within a fault attack? – A malicious code that can be loaded into the card without being detected by the security mechanisms – Activated, after being loaded in the card, using a fault injection – Consequence : modification of the loaded code behavior to a hostile one • Challenge: Is it possible to hide a hostile code inside a well- typed program and then activate it using a fault injection once loaded in the card? 20

  21. Example • Get the secret key: public void process (APDU apdu ) { short localS ; byte localB ; // get the APDU buffer byte [] apduBuffer = apdu.getBuffer (); B1 if (selectingApplet ()) { return ; } byte receivedByte=(byte)apdu.setIncomingAndReceive(); // any code can be placed here // ... B2 DES keys.getKey (apduBuffer , (short) 0) ; apdu.setOutgoingAndSend ((short) 0 ,16) ; B3 } 21

  22. Linking Token of B2 OFFSETS INSTRUCTIONS OPERANDS . . . / 00d4 / nop / 00d5 / nop / 00d6 / getfield_a_this 1 // DES keys / 00d8 / aload 4 // L4=>apdubuffer / 00da / sconst_0 / 00db / invokeinterface nargs: 3, index: 0 , const: 3 , method : 4 / 00e0 / pop // returned byte 22

  23. Hide the code OFFSETS INSTRUCTIONS OPERANDS . . . / 00d5 / nop / 00d5 / getfield_a_this 1 // DES keys / 00d6 / aload 4 // L4=>apdubuffer / 00d7 / sconst_0 / 00d8 / ifle no operand / 00d9 / invokeinterface 03, 02, 3C, 04 / 00de / pop // returned byte 23

  24. Hide the code OFFSETS INSTRUCTIONS OPERANDS . . . / 00d5 / nop / 00d5 / getfield_a_this 1 // DES keys / 00d6 / aload 4 // L4=>apdubuffer / 00d7 / sconst_0 / 00d8 / ifle 8E //was the code of invokeinterface / 00da / sconst_0 // was the first op 03 / 00db / sconst_m1 // the second : 02 / 00dc / pop2 // the third 3C / 00de / sconst_1 // the last 04 / 00de / pop // returned byte 24

  25. Linked Token of B2 OFFSETS INSTRUCTIONS OPERANDS . . . / 00d4 / nop / 00d5 / getfield_a_this 1 // DES keys / 00d6 / aload 4 // L4=>apdubuffer / 00d7 / sconst_0 / 00d8 / nop / 00db / invokeinterface 03, 02, 3C, 04 / 00e0 / pop // returned byte 25

  26. Basic Idea: desynchronizing • Hypothesis Ins Inoffensive Inoffensive Hostile Code Code Code ?? – Byte code level – Fault model • Precise byte error Opcode op1 op2 • Single fault • BSR (0x00) – Non-encrypted memory 26

Recommend

HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle

HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle

Titlepage HATS: Highly Adaptable & Trustworthy Software Using Formal Models Reiner H ahnle Chalmers University of Technology, Gothenburg, Sweden Sophia-Antipolis, 23 October 2008 R. H ahnle HATS: Adaptable & Trustworthy

563 views • 28 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Why Black Hats Always Win Val Smith (valsmith@attackresearch.com) Chris

Why Black Hats Always Win Val Smith (valsmith@attackresearch.com) Chris

Why Black Hats Always Win Val Smith (valsmith@attackresearch.com) Chris (chris@sdnaconsulting.com) Slide: 1 Bios Val Smith Affiliations: Attack Research Metasploit Work: Attack Techniques Research Previous Talks Pen

1.07k views • 76 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
Back In Black: Towards Formal, Black Box Analysis Of Sanitizers and Filters George Argyros* ,

Back In Black: Towards Formal, Black Box Analysis Of Sanitizers and Filters George Argyros* ,

Back In Black: Towards Formal, Black Box Analysis Of Sanitizers and Filters George Argyros* , Ioannis Stais**, Angelos Keromytis* and Aggelos Kiayias*** * ** *** Motivation Sanitizers and filters are important components of securing

597 views • 34 slides
Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal Methods Symposium NASA HQ, Washington DC 14th April 2010 (09:0010:00) 0 Table of contents Intels diverse verification problems Verifying

834 views • 45 slides
A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004 Purpose of the Course - Giving some insights about Formal Methods - Showing that Formal Methods can be made practical - Illustrating Formal Methods

1.25k views • 112 slides
Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

F F F Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T M&&T June 27, 03 Formal Methods && Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in

Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in

Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in Mathematics January 8, 2020 1 / 35 marijn@cmu.edu Computer-Aided Mathematics Chromatic Number of the Plane Clausal Proof Optimization

634 views • 52 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam

Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam

Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam preparation 4. Course evaluation Concluding Lecture 1. Course Summary Formal Verification Formal methods : Two possibilities : correctness by

498 views • 3 slides
Many Hats The Many Hats of a Major Gifts Development Officer Introduction Why fundraising?

Many Hats The Many Hats of a Major Gifts Development Officer Introduction Why fundraising?

Many Hats The Many Hats of a Major Gifts Development Officer Introduction Why fundraising? "For small creatures such as we the vastness is bearable only through love." -Carl Sagan The Big Gift The Big Gift 2 year, 8 month

610 views • 28 slides
Procurement Plan Formal Procurement Formal Procurement Methods Invitation for Bid (IFB)

Procurement Plan Formal Procurement Formal Procurement Methods Invitation for Bid (IFB)

Procurement Plan Formal Procurement Formal Procurement Methods Invitation for Bid (IFB) Competitive Proposal (RFP) Advertising the Procurement The announcement of an IFB or RFP must be announced in ways that do not restrict free

995 views • 46 slides
Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking,

Tutorial Intro. to Modern Formal Methods: Mechanized Formal Analysis Using Model Checking, Theorem Proving SMT Solving, Abstraction, and Static Analysis With SAL, PVS, and Yices, and more John Rushby Computer Science Laboratory SRI

1.89k views • 161 slides

More recommend