openoffice v3 x security design weaknesses
play

OpenOffice v3.x Security Design Weaknesses Eric Filiol - PowerPoint PPT Presentation

Nov 04, 2022 •251 likes •642 views

4/20/09 OpenOffice v3.x Security Design Weaknesses Eric Filiol filiol@esiea.fr Jean-Paul Fizaine fizaine@esiea-ouest.fr Ecole Suyprieure en Informatique, Electronique et Automatique (ESIEA - Laval) Operational virology and cryptology Lab.

  1. 4/20/09 OpenOffice v3.x Security Design Weaknesses Eric Filiol filiol@esiea.fr Jean-Paul Fizaine fizaine@esiea-ouest.fr Ecole Suypérieure en Informatique, Electronique et Automatique (ESIEA - Laval) Operational virology and cryptology Lab. Black Europe 2009

  2. 4/20/09 INTRODUCTION • For years Microsoft Office has been THE reference suite – For document production. – For document exchange. • Very soon infested by macro-viruses. – Concept virus (1995). • Still a real threat. – E. g. China vs German chancery (2007). • Need for an alternative? 2

  3. 4/20/09 INTRODUCTION • Recent evolution – Use free Office suite – The best candidate: OpenOffice. • Very popular: – Seemingly no cost. – Wrong feeling of security « It is free and open therefore it is (or must be) secure! » – Fully compatible with Microsoft Office – … more than Microsoft with itself. • Worldwide use in civilian and governmental (incl. military) spheres. Official document format for : – French Gendarmerie, French Ministry of Economy and Finance – And many others in Europe… 3

  4. 4/20/09 INTRODUCTION • The “natural” confidence in Open Software makes security analysis most of the times useless. • Question: it is possible to have both security and openness at the same time? • What the exact level of security with respect to malware when considering OO. • BadBunny macro worm (2008). 4

  5. 4/20/09 INTRODUCTION • In 2006 and 2007 security analysis showed that OO 2.x was absolutely not secure. – All data given to OO developers • End of 2008, release of OO3 – Presented as a significant evolution! – What about security two years after? 5

  6. 4/20/09 INTRODUCTION • Our talk deals with an in-depth analysis of OO3 with respect to malware attacks – How to exploit the confidence in cryptographic primitives? – How to design powerful attacks? • We do not consider implementation vulnerabilities! • We consider conceptual design flaws only! • Wlog we consider OOwriter only! 6

  7. 4/20/09 INTRODUCTION • To prevent stupid comments: – We are not hidden Microsoft moles! – There are problems for M$ too. – But unfortunately less than for OO since it has less powerful primitives inside. • We just want to make decision-makers to be aware of the existing risks – … and make them responsible, if such a thing is possible! – Reducing costs is most of the times not compatible with security. 7

  8. 4/20/09 AGENDA • Introduction. • History of OO 2.x security. • ODF Format and Security Primitives. • Viral Attacks through OO3 documents – Unencrypted documents – Encrypted documents – Digitally signed documents • Conclusion: Enhancing OO Security. 8

  9. 4/20/09 Demos • A lot of demos to come. • Complete code and techniques available in the white paper! • Fully and easily implementable by malware in an automatic way. 9

  10. History of OO 2.x security

  11. 4/20/09 OO2 Security History • First in-depth security analysis – De Drézigué et al. (2006) Journal in Computer virology – Filiol & Fizaine (2007) Virus Bulletin Journal. – Lagadec (2007) Journal in Computer Virology • A lot of « hot » reactions. – Many stupid, ideologic comments but who did really read the papers? 11

  12. 4/20/09 OO2 Security History (2) • A lot of contacts with the OO developers (German part) – All proof-of-concepts communicated to them during the OO International Conference in Lyon, France (2006). – We suggested to design the Trusted OpenOffice suite: • Parts or sensitive functions of the suite could be enabled/disabled by the system admistrator according to the security policy in place. • To answer the permanent stupid comments, we published technical data (Virus Bulletin). 12

  13. 4/20/09 OO2 Security History (3) • OpenOffice malware appear – Proof-of-concept (Filiol & Fizaine, 2006 & 2007). – BadBunny (2007). – What about the next ones? • Unfortunately, results are not taken into account! – No real security concern. – OO embed cryptography! – The OO suite « spreads » more and more. 13

  14. 4/20/09 OO2 Security History (4) • The risk is still very high: – A lot of possible native programming languages (OOBasic, Python, Perl, Ruby…). • Available for Windows, Linux, Apple… • Enables multi-platform malware. • Complies with the Open Document Format 1.x 14

  15. 4/20/09 OO2 Security History (5) • Which attacks were possible? – Macro management modification: • Change or pervert the macro security level • Possibility to insert malicious macros in OO libraries – Modification of the application menus (problem of application integrity management). Interesting to use with k-ary malware. – Modify integrity of plain document (insert macro) • Weak management of cryptography. Possibility to transparently remove: – Encryption. – Digital signature. 15

  16. 4/20/09 OO2 Security History (6) • We designed proof-of-concepts for technical validation. • We will not present the viral algorithmics: – Not specific to OO but to macro viruses – With OO3, nothing has really changed with respect to the malware technologies – Please refer to the bibliography. • We are going to explain how to exploit user’s confidence in cryptography (encryption, signature) to design powerful malware attacks. 16

  17. 4/20/09 OO3 Release • December 2008: release of OO3 • Presented as a major evolution of the suite - Compatibility with Vista! - A few bugs fixed - Easy-to-useness increased - … - But what about security? - Are cryptographic (encryption, signature) a real protection against OO malware. - In fact most of the attacks still remain effective! 17

  18. ODF Format and Security Primitives. ODF - Formal approach

  19. 4/20/09 OO3 Document Structure • Any OO document is just a ZIP archive. • With very simple tools (compression utility, text editor…) it is possible to analyse and modify any such document. – Demo 1 • Two essential files: – Content.xml (document visible content). – Manifest.xml: describes the document structure (files, directories…) – Demo 2 19

  20. 4/20/09 OO3 Macro Location • Where are located macros in OO3 documents? – Located in a specific directory (one per language). – Contains the files • Script-lb.xml (generic information with respect to macros) • Script-lc.xml (additional information + security flags) Library:readonly=‘‘false’’ Library:passwordprotected=‘’false’’ – The macro code itself! – Demo 3 20

  21. 4/20/09 OO3 Cryptographic Features Formalization • OO3 security is based on – Password-based encryption. – Digital signature. • There are (too) many ways to apply them. • Need for a formal approach for an exhaustive description. • Graph-based description – Digital signature – Digital Signature with encryption. 21

  22. 4/20/09 OO3 Encryption • Blowfish in CFB mode . – Use of IV for key differentiation! – In this respect far better than M$ Office (Filiol, 2009). • Key derivation algorithm : PBKDF2 • SHA-1 for integrity . • The manifest.xml file is itself not encrypted ! – Major weakness that can be exploited by malware ! • Demo 4 22

  23. 4/20/09 OO3 Encryption (2) • Macro and macro-related files are themselves encrypted – Demo 5 • As we will see, it is only an apparent protection in most critical cases. 23

  24. 4/20/09 OO3 Signature • Let us recall that signature is THE cryptographic primitive dedicated to give confidence about – Document integrity – Document origin (who is the sender) • There are two ways of applying signature – File  Digital Signature… menu – Tools  Macros  Digital Signature … menu • Based on X509 certificates – Demo 6 (signature of document without macro) – Creation of a documentsignatures.xml file – Both the manifest.xml and documentsignatures.xml files are not signed! 24

  25. 4/20/09 OO3 Signature and Encryption • The overall structure remains the same. – Refer to the white paper. • The documentsignatures.xml is not encrypted! – Another critical weakness! • Let us now consider documents with macros. – Two different cases to consider! – But in both cases the critical files are not signed! 25

  26. 4/20/09 File  Digital Signature Case • A documentsignature.xml file is created • The whole document is signed (including macros) ! – Significant evolution compared to OO2. – Older attacks now fails! – But new ones are possible (see further)! • Demo 7 26

  27. 4/20/09 Tools  Macros  Digital Signature Case • A macrosignatures.xml file is created • Only the macro tree is signed (including the macros) – Possible to modify the rest of the document while the user relies on partial signature! – Other attacks are possible with respect to macros (see further). • Demo 8 27

  28. 4/20/09 Summary • There is still critical weaknesses with respect to signature and encryption implemenation/ management. – A few older attacks from 2006/2007 are no longer directly valid. – New ones are possible. • The existence of two different methods for signature is non sensical and is bound to fool the user and ease malware attacks. • Cryptographic primitives provides a false sense of security to the user! • Let us now explain why. 28

  29. Viral Attacks through OO3 documents

Recommend

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite Word processor - Writer Spreadsheet - Calc Presentation - Impress Page 2 OpenOffice.org A complete office suite www.openoffice.org

239 views • 19 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives

Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives

Goals for Today Learning Objective: Contrast strengths/weaknesses of security primitives Understand design concepts of OS-layer Access Control Announcements, etc: MP3 Soft Extension: Submit by April 25th for -10pts MP4 due

489 views • 26 slides
EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri

EAP-SIM Security Analysis Mobility Solutions Keyspace and Mutual Authentication Weaknesses Uri Blumenthal (analysis done by Sarvar Patel) Member of Technical Staff EAP-SIM Draft and its Security Claims Current EAP-SIM provides

342 views • 7 slides
Anatomy of an Apache OpenOffice Extension Pedro Giffuni pfg@apache.org AOO Architecture: Jigsaw

Anatomy of an Apache OpenOffice Extension Pedro Giffuni pfg@apache.org AOO Architecture: Jigsaw

Anatomy of an Apache OpenOffice Extension Pedro Giffuni pfg@apache.org AOO Architecture: Jigsaw Puzzle 26/11/14 2 So how do I develop for Apache OpenOffice - Develop within the main OpenOffice platform (yes, it is open): - Mostly C++

162 views • 12 slides
Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen

Linux Security Scanning Learn your weaknesses with Lynis Michael Boelen michael.boelen@cisofy.com Nijmegen, 2016-05-10 Meetup: Linux Usergroup Nijmegen Goals 1. Perform a security audit 2. Learn what to protect 3. Determine why 2 Agenda

558 views • 52 slides
Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Photos placed in horizontal position with even amount of white space between photos and header Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F. Clem IAEA-CN-254-298 Sandia National Laboratories is

503 views • 17 slides
Five weaknesses of ASPIC+ Leila Amgoud amgoud@irit.fr Amgoud (IRIT) Weaknesses of APSIC+ 1 /

Five weaknesses of ASPIC+ Leila Amgoud amgoud@irit.fr Amgoud (IRIT) Weaknesses of APSIC+ 1 /

Five weaknesses of ASPIC+ Leila Amgoud amgoud@irit.fr Amgoud (IRIT) Weaknesses of APSIC+ 1 / 12 Motivation Argumentation = an activity of reason aimed to increase (or decrease) the acceptability of a controversial standpoint by putting

975 views • 38 slides
Introducing weaknesses into security devices Tuning to a different key! Arron finux Finnon

Introducing weaknesses into security devices Tuning to a different key! Arron finux Finnon

Introducing weaknesses into security devices Tuning to a different key! Arron finux Finnon #BerlinSides - 29/12/11 Summary Lets have a look at a VERY famous exploit, a VERY famous Exploit Framework and a VERY famous

763 views • 35 slides
How UNAIDS works Strengths and weaknesses in the governance of UNAIDS Strengths Inclusiveness

How UNAIDS works Strengths and weaknesses in the governance of UNAIDS Strengths Inclusiveness

How UNAIDS works Strengths and weaknesses in the governance of UNAIDS Strengths Inclusiveness of decision making Involvement of civil society, PLWH Things can change Strengths and weaknesses in the governance of UNAIDS Weaknesses

209 views • 7 slides
Weaknesses of Probabilistic Context-Free Grammars Michael Collins, Columbia University Weaknesses

Weaknesses of Probabilistic Context-Free Grammars Michael Collins, Columbia University Weaknesses

Weaknesses of Probabilistic Context-Free Grammars Michael Collins, Columbia University Weaknesses of PCFGs Lack of sensitivity to lexical information Lack of sensitivity to structural frequencies S NP VP NNP Vt NP IBM bought NNP

805 views • 9 slides
Abusing Performance Optimization Weaknesses to Bypass ASLR Byoungyoung Lee Yeongjin Jang Tielei

Abusing Performance Optimization Weaknesses to Bypass ASLR Byoungyoung Lee Yeongjin Jang Tielei

Abusing Performance Optimization Weaknesses to Bypass ASLR Byoungyoung Lee Yeongjin Jang Tielei Wang Chengyu Song Long Lu Taesoo Kim Wenke Lee Georgia Tech Information Security Center (Rough) System Attack Trends Executing existing code

661 views • 50 slides
Apache OpenOffice: The Task Pane Adventure or how, when and why the Tool Panel element may

Apache OpenOffice: The Task Pane Adventure or how, when and why the Tool Panel element may

Apache OpenOffice: The Task Pane Adventure or how, when and why the Tool Panel element may become your new best friend speaker: Fabrizio Marchesano Softeco Sismat, Italy About me (some very interesting information you can't live without...

434 views • 14 slides
What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design

What Security can learn from Design Douglas Wilson Nguyet Vuong Security Person, Design Person, Formerly at Uptycs, Mandiant VP of Design at Civil Media Company @dallendoug @nguyetv INTRO / Who We Are We are Nguyet & Doug Collectively,

634 views • 39 slides
Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Calum Benson

Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Calum Benson

Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Calum Benson Matthias Mller-Prove Jiri Mzourek Professional Usability in Open Source Projects: GNOME, OpenOffice.org, NetBeans Agenda Our projects Open

296 views • 13 slides
Recovering the OpenOffice.org Code History Why Code History? first-hand reference on how

Recovering the OpenOffice.org Code History Why Code History? first-hand reference on how

Recovering the OpenOffice.org Code History Why Code History? first-hand reference on how code evolved when the developer knew most about it detailed references to external resources developers have limited memories original

703 views • 20 slides
Tinfoil attack A study on the security threats and weaknesses of GSM-based communication in BMW

Tinfoil attack A study on the security threats and weaknesses of GSM-based communication in BMW

Tinfoil attack A study on the security threats and weaknesses of GSM-based communication in BMW cars Thijs Houtenbos Jurgen Kloosterman thijs.houtenbos@os3.nl jurgen.kloosterman@os3.nl February 7, 2013 Thijs Houtenbos, Jurgen Kloosterman

440 views • 20 slides
How students can contribute to free software OpenOffice.org success story Eric Bachard (OOo) |

How students can contribute to free software OpenOffice.org success story Eric Bachard (OOo) |

How students can contribute to free software OpenOffice.org success story Eric Bachard (OOo) | Morgan Magnin (Centrale Nantes) eric.bachard@free.fr | morgan.magnin@ec-nantes.fr http://education.openoffice.org | http://tinyurl.com/magnin-ecn s

350 views • 32 slides
OpenOffice.org can speak using odt2daisy ! Vincent SPIEWAK Agenda Accessible document

OpenOffice.org can speak using odt2daisy ! Vincent SPIEWAK Agenda Accessible document

OpenOffice.org can speak using odt2daisy ! Vincent SPIEWAK Agenda Accessible document DAISY Odt2daisy Demos Questions Accessible Documents Print disabled: Visual Physical Perceptual Developmental Cognitive

579 views • 30 slides
This presentation was created in OpenOffice 2.0 Impress and later converted to Powerpoint

This presentation was created in OpenOffice 2.0 Impress and later converted to Powerpoint

A note on these slides: A note on these slides: This presentation was created in OpenOffice 2.0 Impress and later converted to Powerpoint format. Some slides and fonts may look slightly funky as a result. You can download the original .odp

649 views • 47 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
Programming Apache OpenOffice The Universal Network Object (UNO) Framework Rony G. Flatscher

Programming Apache OpenOffice The Universal Network Object (UNO) Framework Rony G. Flatscher

Programming Apache OpenOffice The Universal Network Object (UNO) Framework Rony G. Flatscher Overview Introduction UNO IDL Bird eye's view GUI based on-the-fly documentation tool "frontend_UNO_API_info.rxo"

714 views • 43 slides
Authoring Full DAISY 3.0 Book using OpenOffice.org Vincent SPIEWAK General Author : Vincent

Authoring Full DAISY 3.0 Book using OpenOffice.org Vincent SPIEWAK General Author : Vincent

Authoring Full DAISY 3.0 Book using OpenOffice.org Vincent SPIEWAK General Author : Vincent Spiewak GodFather : Peter Korn Supervisor : Jan Engelen Christophe Strobbe http://odt2daisy.sf.net AEGIS open Accessibility

391 views • 14 slides

More recommend