sok sanitizing for security
play

SoK: Sanitizing for Security Dokyung Song , Julian Lettner, Prabhu - PowerPoint PPT Presentation

Jul 30, 2023 •256 likes •658 views

SoK: Sanitizing for Security Dokyung Song , Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz Finding Bugs in C/C++ Manual Analysis Static Analysis Dynamic Analysis AddressSanitizer MemorySanitizer Code

  1. SoK: Sanitizing for Security Dokyung Song , Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz

  2. Finding Bugs in C/C++ Manual Analysis Static Analysis Dynamic Analysis AddressSanitizer MemorySanitizer Code Review/Auditing Clang Static Analyzer C/C++ Source Code Program Inputs Hand-written test suite american fuzzy lop libFuzzer May 2019 2

  3. Finding Bugs in C/C++ Manual Analysis Static Analysis Dynamic Analysis AddressSanitizer MemorySanitizer Code Review/Auditing Clang Static Analyzer C/C++ Source Code Program Inputs Hand-written test suite american fuzzy lop libFuzzer May 2019 3

  4. Dynamic Analysis Tools for C/C++ • More than 35 years of research in Dynamic Analysis Tools – often-called “ Sanitizers ” – that find vulnerabilities specific to C/C++ Oscar Undangle FreeSentry HexType SoftBounds+CETS SGXBounds TySan Dr. Memory CaVer EffectiveSan Purify MSCC LBC TypeSan CUP Electric Fence Memcheck PAriCheck UBSan MSan DangSan Bcc RTCC Safe-C P&F PageHeap CRED D&A BBC ASan DangNull Low-Fat CRCount 1980 1990 1995 2000 2005 2010 2015 2019 May 2019 4

  5. Exploit Mitigation vs. Sanitization (1/2) Attack Flow Heap Overflow Function Pointer Overwrite Integer Overflow + Indirect Call May 2019 5

  6. Exploit Mitigation vs. Sanitization (1/2) Exploit Mitigation Security Policies Sanitization Policies Memory Safety Code Pointer Integrity Control-Flow Integrity Attack Flow Heap Overflow Function Pointer Overwrite Integer Overflow + Indirect Call UndefinedBehaviorSanitizer AddressSanitizer … and many others May 2019 6

  7. Exploit Mitigation vs. Sanitization (1/2) Exploit Mitigation Security Policies Sanitization Policies Memory Safety Code Pointer Integrity Control-Flow Integrity Attack Flow Heap Overflow Function Pointer Overwrite Integer Overflow + Indirect Call UndefinedBehaviorSanitizer AddressSanitizer … and many others May 2019 7

  8. Exploit Mitigation vs. Sanitization (2/2) Exploit Mitigation Sanitization The goal is to … Mitigate attacks Find vulnerabilities Used in … Production Pre-release Performance budget is … Very limited Much higher Policy violation leads to … Program termination Problem diagnosis Violations triggered at location of bug Sometimes Always Tolerance for FPs is … Zero Somewhat higher Surviving benign errors is … Desired Not desired May 2019 8

  9. Undefined Behavior in C/C++ • Buffer overflow J.2 Undefined behavior • Use-after-free The behavior is undefined in the following circumstances: … • Type errors — Addition or subtraction of a pointer into, or just beyond, an • Format string bug array object and an integer type produces a result that does not point into, or just beyond, the same array object (6.5.6). • Signed integer overflow … • Null pointer dereferences — An object is referred to outside of its lifetime (6.2.4). • etc. … — A pointer is used to call a function whose type is not compatible with the referenced type. … — An object has its stored value accessed other than by an lvalue of an allowable type (6.5). … May 2019 9

  10. Undefined Behavior in C/C++ • Buffer overflow J.2 Undefined behavior • Use-after-free The behavior is undefined in the following circumstances: … • Type errors — Addition or subtraction of a pointer into, or just beyond, an • Format string bug array object and an integer type produces a result that does not point into, or just beyond, the same array object (6.5.6). • Signed integer overflow … • Null pointer dereferences — An object is referred to outside of its lifetime (6.2.4). • etc. … — A pointer is used to call a function whose type is not → Well-known Security Vulnerabilities compatible with the referenced type. … — An object has its stored value accessed other than by an lvalue of an allowable type (6.5). … May 2019 10

  11. Security Implications of Undefined Behavior in C/C++ (1/2) 1. Memory and type safety violations vulnerable to memory exploits tun= NULL Null-pointer sk = tun->sk; Dereference Null-pointer mov rsi, QWORDPTR[rdi+8] Dereference Compile Source Code Binary Code May 2019 11

  12. Security Implications of Undefined Behavior in C/C++ (2/2) 2. Compilation of a program having UBs may result in vulnerable code tun= NULL Null-pointer sk = tun->sk; Dereference if (!tun) return POLLERR; ? Compile // privileged code Source Code Binary Code May 2019 12

  13. Security Implications of Undefined Behavior in C/C++ (2/2) 2. Compilation of a program having UBs may result in vulnerable code tun= NULL Null-pointer sk = tun->sk; Dereference if (!tun) return POLLERR; ? Compile // privileged code Source Code Binary Code Null pointer check gets eliminated (akin to CVE-2009-1897) May 2019 13

  14. Security Implications of Undefined Behavior in C/C++ (2/2) 2. Compilation of a program having UBs may result in vulnerable code tun= NULL Null-pointer sk = tun->sk; Dereference Privilege // privileged code Escalation if (!tun) return POLLERR; Compile mov rsi, QWORDPTR[rdi+8] // privileged code Source Code Binary Code Null pointer check gets eliminated (akin to CVE-2009-1897) May 2019 14

  15. Low-Level Vulnerabilities in C/C++ (1/2) Temporal Use of Spatial Memory Pointer Type Variadic Other Memory Safety Uninitialized Safety Violation Errors Function Misuse Vulnerabilities Violation Variables Integer Bad Casting Overflow Other Pointer Other UBs Type Errors • Most of these vulnerabilities can manifest as memory and type safety violations. May 2019 15

  16. Low-Level Vulnerabilities in C/C++ (2/2) Temporal Use of Spatial Memory Pointer Type Variadic Other Memory Safety Uninitialized Safety Violation Errors Function Misuse Vulnerabilities Violation Variables Integer Bad Casting Overflow Other Pointer Other UBs Type Errors • Some UBs may lead to unsafe code generation today. • And, things can change as compiler optimizations evolve – called time- bombs *. * W. Dietz, P. Li, J. Regher, and V. Adve; “Understanding integer overflow in C/C++.” In ICSE , 2012. May 2019 16

  17. Low-Level Vulnerabilities in C/C++ (2/2) Temporal Use of Spatial Memory Pointer Type Variadic Other Memory Safety Uninitialized Safety Violation Errors Function Misuse Vulnerabilities Violation Variables Integer Bad Casting -ftrivial-auto- Overflow var-init=zero -fwrapv -ftrapv Other Pointer Other UBs Type Errors -fno-strict- aliasing -fno-delete-null- pointer-checks • Some UBs may lead to unsafe code generation today. • And, things can change as compiler optimizations evolve – called time- bombs *. * W. Dietz, P. Li, J. Regher, and V. Adve; “Understanding integer overflow in C/C++.” In ICSE , 2012. May 2019 17

  18. Sanitizer Design and Implementation Temporal Use of Spatial Memory Pointer Type Variadic Function Other Memory Safety Uninitialized Safety Violation Errors Misuse Vulnerabilities Violation Variables Red-zone Uninitialized Pointer Dangerous Stateless Insertion Reuse Delay Memory Read Casting Format String Monitoring (Guard Pages) Detection Monitor Detection Per-pointer Uninitialized Argument Pointer Use Bounds Value Use Mismatch Lock-and-key Monitor Tracking Detection Detection Per-object Dangling Bounds Pointer Tracking Tagging Bug Finding Technique Program Instrumentation Metadata Management Embedded (a) Dynamic Metadata (b) Static Metadata 11101110101 0 check(); call check 101010110101 010101011010 *ptr = 3; store ptr Object Pointer Instruction Disjoint … … (a) Language-level (b) IR-level (c) Binary Others Instrumentation Instrumentation Instrumentation May 2019 18

  19. Sanitizer Design and Implementation: Bug Finding Techniques Bug Finding Techniques Temporal Use of Spatial Memory Pointer Type Variadic Function Other Class of Bugs Memory Safety Uninitialized Safety Violation Errors Misuse Vulnerabilities Violation Variables Red-zone Uninitialized Pointer Dangerous Stateless Insertion Reuse Delay Memory Read Casting Format String Monitoring (Guard Pages) Detection Monitor Detection Bug Finding Per-pointer Uninitialized Argument Pointer Use Technique Bounds Lock-and-key Value Use Mismatch Monitor Tracking Detection Detection Per-object Dangling Bounds Pointer Tracking Tagging May 2019 19

  20. Sanitizer Design and Implementation: Program Instrumentation Program Instrumentation Inlined Reference Monitor: Fine-grained run-time monitoring of program behavior to detect bugs as they occur. Source code Intermediate Representation Binary External (C/C++) (e.g., LLVM IR) call Libraries 11101110101 check(); call check 01010101101 (d) Library Interposition store ptr 01010101011 *ptr = 3; Compiler 0101 Compiler LD_PRELOAD for instrumenting only Frontend Backend calls to dynamically-linked external library functions (a) Language-level (b) IR-level (c) Binary-level May 2019 20

Recommend

Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne

Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne

Brief Blanching: An Effective Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne Johanningsmeier USDA-ARS Food Science Research Unit Part II. Quality assessment for blanched refrigerated pickles with various

615 views • 24 slides
APISan: Sanitizing API Usages through Semantic Cross-checking Insu Yun, Changwoo Min, Xujie Si,

APISan: Sanitizing API Usages through Semantic Cross-checking Insu Yun, Changwoo Min, Xujie Si,

APISan: Sanitizing API Usages through Semantic Cross-checking Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik Georgia Institute of Technology 1 APIs in todays software are plentiful yet complex Example: OpenSSL

923 views • 89 slides
A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis

A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis

Think Census A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis Approach to Privacy in Preservation of individuals privacy Public Databases What do we mean? Drineas, Dwork, Goldberg,

277 views • 3 slides
U A new addition to our product line here at back to a great place to live. sanitizers, foggers,

U A new addition to our product line here at back to a great place to live. sanitizers, foggers,

Corporate Sanitizing Solutions U A new addition to our product line here at back to a great place to live. sanitizers, foggers, onsite sanitizing & steam-cleaning crew services, perspex desk We are offering a wide range of products from

283 views • 16 slides
WINONE BIOZONE Nano Engineered Self Sanitizing Anti-Microbial Coating Present Situation and

WINONE BIOZONE Nano Engineered Self Sanitizing Anti-Microbial Coating Present Situation and

WINONE BIOZONE Nano Engineered Self Sanitizing Anti-Microbial Coating Present Situation and Technological Solution In the recent coronavirus outbreak, the world is aware of the acute and increasing need for the advance preventive measures and

591 views • 11 slides
Vehicle Sanitizing Checklist Protecting the workplace from Covid-19 and other contagious illness

Vehicle Sanitizing Checklist Protecting the workplace from Covid-19 and other contagious illness

Vehicle Sanitizing Checklist Protecting the workplace from Covid-19 and other contagious illness outbreaks Indiana LTAP Bryan Hubbard, Purdue Polytechnic Sarah Hubbard, Purdue Polytechnic R eflects guidelines as of August 12, 2020 Vehicle Sa

529 views • 17 slides
ASHEVILLE CARES STAY SAFE PLEDGE RESIDENTS NOT READY FOR TOURISTS Source: SMARInsights Domestic

ASHEVILLE CARES STAY SAFE PLEDGE RESIDENTS NOT READY FOR TOURISTS Source: SMARInsights Domestic

ASHEVILLE CARES STAY SAFE PLEDGE RESIDENTS NOT READY FOR TOURISTS Source: SMARInsights Domestic Leisure Traveler Sentiment COVID SANITIZING MOST IMPORTANT 85% of consumers say that knowing the cleaning and sanitizing protocols for a city and

478 views • 30 slides
Cleaning and Sanitizing 177 The information presented in this section is based on Parts 46 and

Cleaning and Sanitizing 177 The information presented in this section is based on Parts 46 and

Slide 177 Cleaning and Sanitizing 177 The information presented in this section is based on Parts 46 and 47 of the 2005 Food Code. The Food Code is available at: http://www.cfsan.fda.gov/~dms/fc05toc.html Slide 178 Cleaning Cleaning is

305 views • 26 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides

More recommend