secure coding practices nicholas weaver
play

"Secure" Coding Practices Nicholas Weaver based on David - PowerPoint PPT Presentation

Nov 11, 2022 •118 likes •732 views

Computer Science 161 Fall 2016 Nicholas Weaver "Secure" Coding Practices Nicholas Weaver based on David Wagners slides from Sp 2016 1 Administrivia Computer Science 161 Fall 2016 Nicholas Weaver 2 Computer Science 161 Fall

  1. Computer Science 161 Fall 2016 Nicholas Weaver "Secure" Coding Practices Nicholas Weaver based on David Wagner’s slides from Sp 2016 1

  2. Administrivia Computer Science 161 Fall 2016 Nicholas Weaver 2

  3. Computer Science 161 Fall 2016 Nicholas Weaver 3

  4. This is a Remarkably Typical C 
 Problem Computer Science 161 Fall 2016 Nicholas Weaver if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; • Someone attempted to add this checking code into the Linux kernel back in 2003 • It goes caught only because they didn't have proper write permission so it was flagged as anomalous • If you use the proper compiler flags, it should gripe when you do this 4

  5. Why does software have vulnerabilities? Computer Science 161 Fall 2016 Nicholas Weaver • Programmers are humans. 
 And humans make mistakes. • Use tools 
 • Programmers often aren’t security-aware. • Learn about common types of security flaws. 
 • Programming languages aren’t designed well for security. • Use better languages (Java, Python, …). 5

  6. Testing for Software Security Issues Computer Science 161 Fall 2016 Nicholas Weaver • What makes testing a program for security problems di ffi cult? • We need to test for the absence of something Security is a negative property! • • “nothing bad happens, even in really unusual circumstances” • Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? • Random inputs (fuzz testing) • Mutation • Spec-driven • How do we tell when we’ve found a problem? • Crash or other deviant behavior • How do we tell that we’ve tested enough? • Hard: but code-coverage tools can help 6

  7. Testing for Software Security Issues Computer Science 161 Fall 2016 Nicholas Weaver • What makes testing a program for security problems di ffi cult? • We need to test for the absence of something Security is a negative property! • • “nothing bad happens, even in really unusual circumstances” • Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? • Random inputs (fuzz testing) • Mutation • Spec-driven • How do we tell when we’ve found a problem? • Crash or other deviant behavior • How do we tell that we’ve tested enough? • Hard: but code-coverage tools can help 7

  8. Test For Failures... 
 Not Just Successes Computer Science 161 Fall 2016 Nicholas Weaver • Think about how your program might fail, not just succeed • Because the bad guys are going to look there • "Edge cases" are where your problems likely lie • Either barely erroneous or barely correct • E.g. if your function accepts strings up to length n • Be sure to test lengths 0, 1, n-1, n, n+1, 2n-1, 2n, and 2n+1 • A good guide by @eevee: • https://eev.ee/blog/2016/08/22/testing-for-people-who-hate-testing/ 8

  9. This Applies to 
 Both Sides... Computer Science 161 Fall 2016 Nicholas Weaver • When making your program robust, think like an attacker would • "Hmm, what if I spew random junk?" • "Hmm, what if I go for obvious corner cases?" • When attacking software, think like a dumb programmer? • "Hmm, what mistakes have I made in the past? Lets try those!" 9

  10. Try to Eliminate entire classes of problems Computer Science 161 Fall 2016 Nicholas Weaver • Stack Overflows: • Turn on compiler protections • Memory corruption attacks more generally • Use a safe language • Or barring that, turn on ALL defenses: W^X/DEP + 64b ASLR + put a timeout on crash recovery • • SQL Injection • Only use parameterized SQL libraries 10

  11. Working Towards Secure Systems Computer Science 161 Fall 2016 Nicholas Weaver • Along with securing individual components, we need to keep them up to date … • What’s hard about patching? • Can require restarting production systems • Can break crucial functionality • Vendor regression tests should prevent this but don't always! • Management burden: • It never stops (the “ patch treadmill ”) • User burden: • "Flaw in Flash, you need to manually update it..." • But absolutely essential: 0-days are pricey, N-days are free 11

  13. Working Towards Secure Systems Computer Science 161 Fall 2016 Nicholas Weaver • Along with securing individual components, need to keep them up to date … • What’s hard about patching? • Can require restarting production systems • Can break crucial functionality • Management burden: • It never stops (the “patch treadmill”) … • … and can be di ffi cult to track just what’s needed where • Other (complementary) approaches? • Vulnerability scanning: probe your systems/networks for known flaws • Penetration testing (“pen-testing”): pay someone to break into your systems … • … provided they take excellent notes about how they did it! 13

  15. Reasoning About Safety Computer Science 161 Fall 2016 Nicholas Weaver • How can we have confidence that our code executes in a safe (and correct, ideally) fashion? • Approach: build up confidence on a function-by-function / module-by-module basis • Modularity provides boundaries for our reasoning: • Preconditions : what must hold for function to operate correctly • Postconditions : what holds after function completes • These basically describe a contract for using the module • Notions also apply to individual statements (what must hold for correctness; what holds after execution) • Stmt #1’s postcondition should logically imply Stmt #2’s precondition • Invariants: conditions that always hold at a given point in a function 15

  16. Computer Science 161 Fall 2016 Nicholas Weaver int deref(int *p) { return *p; } Precondition ? 16

  17. Computer Science 161 Fall 2016 Nicholas Weaver /* requires: p != NULL (and p a valid pointer) */ int deref(int *p) { return *p; } Precondition : what needs to hold for function to operate correctly 17

  18. Computer Science 161 Fall 2016 Nicholas Weaver void *mymalloc(size_t n) { void *p = malloc(n); if (!p) { perror("malloc"); exit(1); } return p; } Postcondition ? 18

  19. Computer Science 161 Fall 2016 Nicholas Weaver /* ensures: retval != NULL (and a valid pointer) */ void *mymalloc(size_t n) { void *p = malloc(n); if (!p) { perror("malloc"); exit(1); } return p; } Postcondition : what the function promises will hold upon its return 19

  20. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } Precondition ? 20

  21. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function 21

  22. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access? (2) Write down precondition it requires (3) Propagate requirement up to beginning of function 22

  23. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function 23

  24. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* ?? */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires? (3) Propagate requirement up to beginning of function 24

  25. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 
 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function 25

  26. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 
 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function? 26

  27. Computer Science 161 Fall 2016 Nicholas Weaver int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 
 0 <= i && i < size(a) */ total += a[i]; return total; } Let’s simplify, given that a never changes. (It gets much worse when we have multiple threads) 27

Recommend

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff &amp; Kenneth R. Van Wyk

753 views • 17 slides
ICSI Updates: Netalyzr Nicholas Weaver International Computer Science Institute 1

ICSI Updates: Netalyzr Nicholas Weaver International Computer Science Institute 1

Netalyzr Weaver ICSI Updates: Netalyzr Nicholas Weaver International Computer Science Institute 1 Acknowledgements Where do I donate -User Feedback Netalyzr Weaver Joint Work with Christian Kreibich (ICSI), Martin Dam (Aalborg

417 views • 10 slides
The Golden Age of Bulk Surveillance Nicholas C Weaver About Me... The Golden Age of Internet

The Golden Age of Bulk Surveillance Nicholas C Weaver About Me... The Golden Age of Internet

The Golden Age of Bulk Surveillance Nicholas C Weaver About Me... The Golden Age of Internet Surveillance Nicholas Weaver LITE TOP SECRET//SI//REL TO USA, FVEY 2 Not NOBUS (Nobody But Us) The Golden Age of Internet Surveillance Nicholas

369 views • 34 slides
(and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161

(and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161

CS161 Computer Security Weaver and Popa (and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161 Computer Security Weaver and Popa Tor actually encompasses many di ff erent components The Tor

599 views • 46 slides
Injection Attacks and Memory Safety Nicholas Weaver based on David Wagners slides from Sp

Injection Attacks and Memory Safety Nicholas Weaver based on David Wagners slides from Sp

Computer Science 161 Fall 2016 Nicholas Weaver Injection Attacks and Memory Safety Nicholas Weaver based on David Wagners slides from Sp 2016 1 Administrivia Computer Science 161 Fall 2016 Nicholas Weaver You really really really

944 views • 50 slides
Secure Coding Practices for Middleware Barton P. Miller Elisa Heymann James A. Kupsch Computer

Secure Coding Practices for Middleware Barton P. Miller Elisa Heymann James A. Kupsch Computer

Secure Coding Practices for Middleware Barton P. Miller Elisa Heymann James A. Kupsch Computer Architecture and Computer Sciences Department Operating Systems Department University of Wisconsin Universitat Autnoma de Barcelona

1.14k views • 110 slides
Netalyzr for Android: Challenges and opportunities Narseo Vallina-Rodriguez Nicholas Weaver

Netalyzr for Android: Challenges and opportunities Narseo Vallina-Rodriguez Nicholas Weaver

Netalyzr for Android: Challenges and opportunities Narseo Vallina-Rodriguez Nicholas Weaver Christian Kreibich Vern Paxson ICSI-UC Berkeley AIMS CAIDA, San Diego 03/26/2014 The problem: People care about their

562 views • 14 slides
Sho Show Me the Money w Me the Money Characterizing Spam-advertised Revenue Nicholas Weaver

Sho Show Me the Money w Me the Money Characterizing Spam-advertised Revenue Nicholas Weaver

Sho Show Me the Money w Me the Money Characterizing Spam-advertised Revenue Nicholas Weaver Damon McCoy Chris Kanich Tristan Halvorson Christian Kreibich Kirill Levchenko Vern Paxson Geoffrey M. Voelker Stefan Savage UC San Diego

1.07k views • 22 slides
and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

The Case for a General and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 ICSI &amp; UC Berkeley Sample Web Page Content Optimized with Ad web

855 views • 28 slides
CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and Todd Austin Presented by Dan Amelang Background Rise of the Internet created demand for fast and efficient cryptographic processing

309 views • 14 slides
Securing Web Content Joakim Koskela, Nicholas Weaver, Andrei Gurtov and Mark Allman ReArch'09

Securing Web Content Joakim Koskela, Nicholas Weaver, Andrei Gurtov and Mark Allman ReArch'09

Securing Web Content Joakim Koskela, Nicholas Weaver, Andrei Gurtov and Mark Allman ReArch'09 Rome, December 1 s t 2009 2009-12-01 2009-12-01 How do we protect the user without dwarfing the web experience? Nature of the web has changed

464 views • 30 slides
Edge Caches and Localization Nicholas Weaver International Computer Science Institute

Edge Caches and Localization Nicholas Weaver International Computer Science Institute

Edge Caches and Localization Nicholas Weaver International Computer Science Institute (Apologies for my absence) Bulk data P2P shifts costs By default, bulk-data P2P shifts the deliver costs from the content provider to the retail ISPs

302 views • 6 slides
Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020

Defensive Coding Techniques (Pt. 1) Engineering Secure Software Last Revised: September 21, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Defensive Coding vs. Risk Analysis Risk Analysis All about domain, assets,

561 views • 24 slides
Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020

Defensive Coding Techniques (Pt. 2) Engineering Secure Software Last Revised: September 25, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Last Time... Always code defensively Validating input Principles

476 views • 19 slides
Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire &lt;

Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire &lt;

Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire &lt; safety@osadl.org &gt; December 1, 2016 Outline Linux Qualification - Coding Style / Type issues in IEC 61508 Nicholas Mc Guire &lt; safety@osadl.o

746 views • 19 slides
LECTURE 22: SECURE CODING BASICS CSE 442 Software Engineering Lessons Already Learned

LECTURE 22: SECURE CODING BASICS CSE 442 Software Engineering Lessons Already Learned

LECTURE 22: SECURE CODING BASICS CSE 442 Software Engineering Lessons Already Learned Hackers take advantage of any opening provided But most also lazy (talk to struggling 115/116 student) Any easy success in breaking code encourages

835 views • 58 slides
Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver Prof. Raluca Ada Popa Nicholas Weaver http://inst.eecs.berkeley.edu/~cs161/ 1 And a team of talented TAs Computer Science 161 Fall 2016 Popa and

866 views • 42 slides
On Secure Asymmetric Multilevel Diversity Coding Systems Congduan Li Sun Yat-sen University Jun

On Secure Asymmetric Multilevel Diversity Coding Systems Congduan Li Sun Yat-sen University Jun

On Secure Asymmetric Multilevel Diversity Coding Systems Congduan Li Sun Yat-sen University Jun 21-26, 2020 ISIT 2020 (LA, USA, online) Li, et al. (Sun Yat-sen University) Secure AMDCS Jun 21-26, 2020 1 / 27 Outline 1 Motivation 2 System

699 views • 27 slides
JaTest Build Software So Secure You May Actually Make America Great Again Jake Weissman,

JaTest Build Software So Secure You May Actually Make America Great Again Jake Weissman,

JaTest Build Software So Secure You May Actually Make America Great Again Jake Weissman, Andrew Grant, Jemma Losh, Jared Weiss Why JaTest? JaTest promotes good coding practices, allowing the programmer to easily define test cases,

791 views • 22 slides
CSCI E-170 Lecture 09: Attacker Motivations, Computer Crime and Secure Coding Simson L. Garfinkel

CSCI E-170 Lecture 09: Attacker Motivations, Computer Crime and Secure Coding Simson L. Garfinkel

CSCI E-170 Lecture 09: Attacker Motivations, Computer Crime and Secure Coding Simson L. Garfinkel Center for Research on Computation and Society Harvard University November 21, 2005 1 Todays Agenda 1. Administrivia 2. Missing Readings

1.29k views • 108 slides
Secure Coding in C/C++ Dr. Kamil Sarac 2012 REU (Research Experiences for Undergraduates)

Secure Coding in C/C++ Dr. Kamil Sarac 2012 REU (Research Experiences for Undergraduates)

Secure Coding in C/C++ Dr. Kamil Sarac 2012 REU (Research Experiences for Undergraduates) Department of Computer Science University of Texas at Dallas Slides prepared by Mitch Adair and Kamil Sarac at UT Dallas Outline Objective What

380 views • 35 slides
Fault-Tolerant and Secure Data Transmission Using Random Linear Network Coding Pouya Ostovari

Fault-Tolerant and Secure Data Transmission Using Random Linear Network Coding Pouya Ostovari

Fault-Tolerant and Secure Data Transmission Using Random Linear Network Coding Pouya Ostovari and Jie Wu Computer &amp; Information Sciences Temple University Center for Networked Computing http://www.cnc.temple.edu Agenda Introduction

398 views • 19 slides
CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA

7/22/2019 GREATER NY HEALTHCARE FACILITIES ASSOCIATION THE PROOF IS IN THE pudding CODING: ICD-10 CODING &amp; UB-04 CODING FOR PDPM NELIA ADACI RN, BSN CDONA, DNS-CT, RAC-CTA Vice President The CHARTS Group CMSs MESSAGE: If you do

836 views • 42 slides
Best practices in VeDDRA coding 27 November 2013 Presented by: Giles Davis Chair of PhVWP-V

Best practices in VeDDRA coding 27 November 2013 Presented by: Giles Davis Chair of PhVWP-V

Best practices in VeDDRA coding 27 November 2013 Presented by: Giles Davis Chair of PhVWP-V VeDDRA sub-group An agency of the European Union Ve terinary D ictionary for D rug R elated A ffairs SOC = System Organ Class HLT = Higher Level

629 views • 16 slides

More recommend