static analysis of security properties by abstract
play

Static Analysis of Security Properties by Abstract Interpretation - PowerPoint PPT Presentation

Static Analysis of Security Properties by Abstract Interpretation cole normale suprieure, quipe Abstraction Mehdi Bouaziz Friday, May 11 2012 Static Analysis of Security Properties by Abstract Interpretation Mehdi Bouaziz, cole normale


  1. Static Analysis of Security Properties by Abstract Interpretation École normale supérieure, équipe Abstraction Mehdi Bouaziz Friday, May 11 2012

  2. Static Analysis of Security Properties by Abstract Interpretation Mehdi Bouaziz, École normale supérieure 2/13 Static Analysis of Security Properties by Abstract Interpretation

  3. Static Analysis by Abstract Interpretation → course MPRI 2-6: − Abstract Interpretation: application to verification and static analysis Mehdi Bouaziz, École normale supérieure 2/13 Static Analysis of Security Properties by Abstract Interpretation

  4. Security Properties → ? − Mehdi Bouaziz, École normale supérieure 2/13 Static Analysis of Security Properties by Abstract Interpretation

  5. Security? Mehdi Bouaziz, École normale supérieure 3/13 Introduction to Security

  6. Security? Information Security? Mehdi Bouaziz, École normale supérieure 3/13 Introduction to Security

  7. Security? Phishing Access Control Deadlock Policy Accountability Earthquake Attack Encryption Possession Authenticity Fire Randomization Authorization Firewall Reference Monitor Availability Flooding Risk Runtime Check Buffer Overflow Format String Sandbox Bug Implicit Flow SQL Injection Classification Information-Flow Stack Inspection Confidentiality Input Validation Stack Overflow Control-Flow Integrity Symlink Race Covert Channels Isolation Tainting Cross-Site Scripting Language-Based Theft Cryptanalysis Least Privilege Threat Cryptography Malicious Code Type Safety Cryptology Memory Safety Utility Dangling Pointer Non-Interference Vulnerability Data Race Non-Repudiation Wild Jump Declassification Obfuscation Mehdi Bouaziz, École normale supérieure 3/13 Introduction to Security

  8. Key Concepts Ipub Opub Ipriv Opriv Mehdi Bouaziz, École normale supérieure 4/13 Introduction to Security

  9. Key Concepts ◮ Confidentiality Opub Ipriv Mehdi Bouaziz, École normale supérieure 4/13 Introduction to Security

  10. Key Concepts ◮ Confidentiality ◮ Integrity Ipub Opriv Mehdi Bouaziz, École normale supérieure 4/13 Introduction to Security

  11. Key Concepts ◮ Confidentiality ◮ Integrity ◮ Disponibility Mehdi Bouaziz, École normale supérieure 4/13 Introduction to Security

  12. Key Concepts ◮ Confidentiality ◮ Integrity ◮ Disponibility ◮ Authenticity ◮ Accountability ◮ Possession ◮ Non-repudiation ◮ Utility Mehdi Bouaziz, École normale supérieure 4/13 Introduction to Security

  13. Security Policy A statement that partition the states of the system into a set of authorized (secure) states and a set of unauthorized (nonsecure) states. Mehdi Bouaziz, École normale supérieure 5/13 Introduction to Security

  14. Security Policy A statement that partition the states of the system into a set of authorized (secure) states and a set of unauthorized (nonsecure) states. Specify who can read/write what data, execute what command, under which condition. Mehdi Bouaziz, École normale supérieure 5/13 Introduction to Security

  15. Security Policy A statement that partition the states of the system into a set of authorized (secure) states and a set of unauthorized (nonsecure) states. Specify who can read/write what data, execute what command, under which condition. ◮ Natural language (law, documentation) ◮ Encoded text ( 755 root root /bin ) Mehdi Bouaziz, École normale supérieure 5/13 Introduction to Security

  16. Security Policy A statement that partition the states of the system into a set of authorized (secure) states and a set of unauthorized (nonsecure) states. Specify who can read/write what data, execute what command, under which condition. ◮ Natural language (law, documentation) ◮ Encoded text ( 755 root root /bin ) ◮ Code ( if (x.isPrivate()) exit(1); //avoid leak ) Mehdi Bouaziz, École normale supérieure 5/13 Introduction to Security

  17. Security Policy A statement that partition the states of the system into a set of authorized (secure) states and a set of unauthorized (nonsecure) states. Specify who can read/write what data, execute what command, under which condition. ◮ Natural language (law, documentation) ◮ Encoded text ( 755 root root /bin ) ◮ Code ( if (x.isPrivate()) exit(1); //avoid leak ) ◮ ∅ Mehdi Bouaziz, École normale supérieure 5/13 Introduction to Security

  18. Information Security Controls ◮ Access Control ◮ Information-Flow Control ◮ Control-Flow Integrity ◮ Encryption Mehdi Bouaziz, École normale supérieure 6/13 Introduction to Security

  19. Information Security Controls ◮ Access Control ◮ Information-Flow Control ◮ Control-Flow Integrity ◮ Encryption Mehdi Bouaziz, École normale supérieure 6/13 Introduction to Security

  20. Information Security Controls ◮ Access Control ◮ Information-Flow Control ◮ Control-Flow Integrity ◮ Encryption Mehdi Bouaziz, École normale supérieure 6/13 Introduction to Security

  21. Information Security Controls ◮ Access Control ◮ Information-Flow Control ◮ Control-Flow Integrity ◮ Encryption → courses − MPRI 1-13: Initiation to cryptology MPRI 2-12-1: Cryptanalysis MPRI 2-12-2: Arithmetic algorithms for cryptology MPRI 2-13-2: Error correcting codes and applications to cryptography MPRI 2-30: Cryptographic protocols: computational and symbolic proofs Mehdi Bouaziz, École normale supérieure 6/13 Introduction to Security

  22. Threats ◮ Physical: Earthquake, Fire, Flooding, Theft ◮ In the code: ◮ Memory Safety: ◮ Buffer Overruns ◮ Stack Overflow ◮ Dangling pointers ◮ Concurrency: ◮ Deadlocks ◮ Data races ◮ Symlink races ◮ Input Validation: ◮ SQL injection ◮ Cross-Site Scripting (XSS) ◮ Format String ◮ Control/Data-Flow: ◮ Type Safety ◮ Wild Jumps ◮ Self Modifying Code Mehdi Bouaziz, École normale supérieure 7/13 Introduction to Security

  23. Language-Based Mechanisms ◮ Runtime Checks: Reference Monitor (OS, Interpreter, Firewall), Inlined Reference Monitor ◮ Programming Languages: Type-Safe Languages, Typed Assembly Language (TAL) ◮ Executing Model: Isolation, Sandboxing, Stack Inspection ◮ Static Analysis: Information-Flow Typing, Abstract Interpretation ◮ Exotic: Obfuscation, Randomization Mehdi Bouaziz, École normale supérieure 8/13 Introduction to Security

  24. Security Policy (2) ◮ Authorization ◮ History-Based ◮ Control-Flow ◮ Information-Flow ◮ Classification (private/public) ◮ Declassification (when, where, by who and what private information can be considered public) Mehdi Bouaziz, École normale supérieure 9/13 Introduction to Security

  25. Information-Flow Security Non-Interference: No two executions are observably different if they differ solely by confidential inputs. Explicit Flows: from assignments Implicit Flows: from Indirect Flows and Covert Channels: ◮ Termination Channel ◮ Timing Channel ◮ Probabilistic Channel ◮ Resource Exhaustion Channel ◮ Power Channel Mehdi Bouaziz, École normale supérieure 10/13 Introduction to Security

  26. Information-Flow Security Type System h / ∈ V ars ( exp ) ⊢ exp : high ⊢ exp : low ⊢ exp : low [ pc ] ⊢ skip [ pc ] ⊢ h := exp [ low ] ⊢ l := exp [ pc ] ⊢ C 1 [ pc ] ⊢ C 2 ⊢ exp : pc [ pc ] ⊢ C [ pc ] ⊢ C 1 ; C 2 [ pc ] ⊢ while exp do C ⊢ exp : pc [ pc ] ⊢ C 1 [ pc ] ⊢ C 2 [ high ] ⊢ C [ pc ] ⊢ if exp then C 1 else C 2 [ low ] ⊢ C Mehdi Bouaziz, École normale supérieure 11/13 Introduction to Security

  27. Issues Non-interference is too restrictive. Most real-world programs need exceptions to non-interference: declassification. Examples? Mehdi Bouaziz, École normale supérieure 12/13 Introduction to Security

  28. Issues Non-interference is too restrictive. Most real-world programs need exceptions to non-interference: declassification. Examples? Other issues: ◮ Expressiveness: first-class functions, exceptions, objects ◮ Concurrency: threads, nondeterminism, distribution ◮ Covert channels: termination, timing, probability ◮ Security policies: declassification, quantitative security, dynamic policies ◮ Certification: proven compilers, proof-carrying codes Mehdi Bouaziz, École normale supérieure 12/13 Introduction to Security

  29. Thank you for listening Questions are welcome Mehdi Bouaziz, École normale supérieure 13/13 Introduction to Security

Recommend


More recommend