what is a security flaw
play

What is a Security Flaw? Colin Percival cperciva@freebsd.org Colin - PowerPoint PPT Presentation

Nov 23, 2023 •175 likes •357 views

What is a Security Flaw? Colin Percival cperciva@freebsd.org Colin Percival May 13, 2006 BSDCan'06 What is a Security Flaw? (Questions in Security: The Bad, the Ugly, and what we can do about them.) Colin Percival cperciva@freebsd.org

  1. What is a Security Flaw? Colin Percival cperciva@freebsd.org Colin Percival May 13, 2006 BSDCan'06

  2. What is a Security Flaw? (Questions in Security: The Bad, the Ugly, and what we can do about them.) Colin Percival cperciva@freebsd.org Colin Percival May 13, 2006 BSDCan'06

  3. What does a Security Officer do? • “Find security flaws and fix them” – What is a security flaw? – Do all security flaws need to be fixed? – How and where should they be fixed? • In practice, the job is... – 60% making policy decisions, – 30% administrative, – and 10% technical. Colin Percival May 13, 2006 BSDCan'06

  4. 1. What is a security flaw? • FreeBSD: – Any privilege escalation. – Any disclosure of potentially sensitive information. – Any remote denial of service. – Local denial of service attacks are not handled as security issues. • Any sufficiently advanced local DoS is indistinguishable from a user trying to get a lot of work done. • Some local denials of service are corrected as Errata. Colin Percival May 13, 2006 BSDCan'06

  5. 1. What is a security flaw? • Linux (most vendors): – Any privilege escalation. – Any disclosure of potentially sensitive information. – Any remote denial of service. – Any local denial of service. • Keeping kernel + world separate makes this easier. • Most Linux vendors correct local denial of service issues in batches, and only issue one advisory for the entire group. Colin Percival May 13, 2006 BSDCan'06

  6. 1. What is a security flaw? • OpenBSD: – Not even remote denial of service. – In January 2006, a bug was found which allows a remote attacker to send three IP packets and cause a kernel panic. • FreeBSD issued FreeBSD-SA-06:07.pf. • OpenBSD does not mention this bug on their “release errata & patch list” web page. Colin Percival May 13, 2006 BSDCan'06

  7. 1. What is a security flaw? • Intel: – Not even local privilege escalation. – “In order for this particular exploit to be launched on a system, the system has to already have been compromised” (May 2005). • Several LKML posters: – There's no point fixing local privilege escalation bugs, since attackers will always be able to find more of them. Colin Percival May 13, 2006 BSDCan'06

  8. 2. Would anybody really do that? • Sometimes the conditions needed for a bug to be exploited are so bizarre that it does not need to be treated as a security issue. • Bug discovered in sh(1): If a program is being run with two here-documents, and the first here-document includes backticks, the second here-document will be executed. – Data is being treated as code! – Who ever executes shell scripts constructed using untrusted input? – Why place untrusted input into a here-document instead of redirecting from a file? Colin Percival May 13, 2006 BSDCan'06

  9. 2. Would anybody really do that? • Bug discovered in qmail: If you can send a >2GB message to qmail-smtpd, you can execute arbitrary code via an integer overflow. – Response from DJB: “Nobody gives gigabytes of memory to each qmail-smtpd process”. – When DJB wrote qmail (1995), this was probably correct. • Documenting what you rely upon users never doing is a good idea. Colin Percival May 13, 2006 BSDCan'06

  10. 3. Where is the security flaw? • Cryptographic information can leak via timing channels in the cache on processors with Hyper- Threading. – Cryptographic code manipulates key information in non-oblivious ways. – Processors leak information about memory access patterns. • Which component is at fault? – Is it reasonable to expect information about memory access patterns to not be disclosed? Colin Percival May 13, 2006 BSDCan'06

  11. 3. Where is the security flaw? • Hypothetical bug in sort(1): Every time “aaaaaaaa” should be output, “/etc/master.passwd” is output instead. – Is this a security flaw? Not really... • Behaviour of portsnap client: – Download a database file, sanity-check its contents, use text file manipulation utilities including sort(1), and use the resulting text as file names. • Portsnap together with this pathologically buggy sort(1) is insecure, even though neither program has a security flaw . Colin Percival May 13, 2006 BSDCan'06

  12. What can we do about this? • Security questions become difficult when interfaces are unclear. • An interface is a contract. – Some interfaces are written in formal languages and define the exact behaviour required. • Formal languages are great, but very few people actually use them. – Most interfaces are very vague. • Most API contracts are violated due to bugs. – Fortunately computer programs don't have lawyers. Colin Percival May 13, 2006 BSDCan'06

  13. Violating contracts • What happens when real-world contracts are violated? – Lawyers go to court. – In the next version of the contract, lawyers add more fine print. • “If you are injured while skiing at our resort, we will try to evacuate you safely, but we do not guarantee that we will do so.” • We should add fine print to interface specifications. Colin Percival May 13, 2006 BSDCan'06

  14. Fine print • Separate the behaviour which is expected to be provided from the behaviour which is guaranteed to be provided. • Algorithmists have done this for a long time: – Quicksort takes O(n log n) expected time, but O(n 2 ) guaranteed time. • Don't use quicksort for sorting data provided by an untrusted source! • Most code can break without introducing security issues. Colin Percival May 13, 2006 BSDCan'06

  15. Benefits of fine print • Fine print makes the Security Officer's job easier. – It is immediately obvious whether an bug needs to be treated as a security issue. • Fine print allows developers to indicate the state of their code. – Most developers don't want to say “I was drunk when I wrote this, so don't trust it for anything important”. • Clarifying which code has security implications allows eyeballs to be concentrated on the most important code. Colin Percival May 13, 2006 BSDCan'06

  16. Conclusions • Security is hard. – Especially when you have several independent components. – Especially when interfaces are poorly documented. • Rather than aiming for zero bugs, we should aim for zero security bugs. – Failing that, we should document what sort of bugs will be treated as security issues, so that users of our code know what they can rely upon. Colin Percival May 13, 2006 BSDCan'06

  17. Supported by: www.freebsdfoundation.org www.irmacs.sfu.ca Paper: http://www.daemonology.net/papers/codingbycontract.pdf Colin Percival May 13, 2006 BSDCan'06

Recommend

due to a design flaw on many pontoon boats Explain the design flaw Describe the accident

due to a design flaw on many pontoon boats Explain the design flaw Describe the accident

Finger Amputations due to a design flaw on many pontoon boats Explain the design flaw Describe the accident Recommendations WEERES Ball Moves away Pinch Zone Door Door closed open Spooner Emergency Room 4 Days later Product

469 views • 25 slides
Problems Flaw Hypothesis Methodology depends on caliber of testers to hypothesize and

Problems Flaw Hypothesis Methodology depends on caliber of testers to hypothesize and

Problems Flaw Hypothesis Methodology depends on caliber of testers to hypothesize and generalize flaws Flaw Hypothesis Methodology does not provide a way to examine system systematically Vulnerability classification schemes help

1.11k views • 74 slides
Malware Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage and

Malware Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage and

CSE 127: Computer Security Malware Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage and David Wagner Vulnerability of the week: Sudo flaw thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html Today

748 views • 39 slides
On- -line flaw growth line flaw growth On monitoring in high monitoring in high temperature

On- -line flaw growth line flaw growth On monitoring in high monitoring in high temperature

On- -line flaw growth line flaw growth On monitoring in high monitoring in high temperature plant temperature plant Ian Atkinson, KANDE International Ltd Ian Atkinson, KANDE International Ltd Stephen Kelly, Doosan Doosan Babcock Energy

471 views • 23 slides
QSA Global range of flaw detectors When personnel safety and control reliability come first

QSA Global range of flaw detectors When personnel safety and control reliability come first

QSA Global range of flaw detectors When personnel safety and control reliability come first Application (key industries) Gamma Series 880 Flaw Detectors SENTINEL 880 Series Elite SENTINEL 880 Series Delta SENTINEL 880 Series Omega Gamma

460 views • 23 slides
On the Use of PU Learning for Quality Flaw Prediction in Wikipedia Edgardo Ferretti, Donato

On the Use of PU Learning for Quality Flaw Prediction in Wikipedia Edgardo Ferretti, Donato

On the Use of PU Learning for Quality Flaw Prediction in Wikipedia Edgardo Ferretti, Donato Hernndez, Rafael Guzmn, Manuel Montes, Marcelo Errecalde & Paolo Rosso September 19th, PAN@CLEF'12, Rome Who are we? Methodological Design PU

711 views • 29 slides
Overview of the 1st International Competition on Quality Flaw Prediction in Wikipedia Maik

Overview of the 1st International Competition on Quality Flaw Prediction in Wikipedia Maik

Overview of the 1st International Competition on Quality Flaw Prediction in Wikipedia Maik Anderka Benno Stein Bauhaus-Universitt Weimar http://pan.webis.de Wikipedia Facts 285 languages 87 339 125 pages 23 013 694 encyclopedic

459 views • 24 slides
Vulnerability Analysis Chapter 24 Computer Security: Art and Science , 2 nd Edition Version 1.0

Vulnerability Analysis Chapter 24 Computer Security: Art and Science , 2 nd Edition Version 1.0

Vulnerability Analysis Chapter 24 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 24-1 Overview What is a vulnerability? Penetration studies Flaw Hypothesis Methodology Other methodologies Vulnerability

1.76k views • 148 slides
There's a party at ring0... (...and you're invited) Tavis Ormandy, Julien Tinnes BlackHat Las

There's a party at ring0... (...and you're invited) Tavis Ormandy, Julien Tinnes BlackHat Las

There's a party at ring0... (...and you're invited) Tavis Ormandy, Julien Tinnes BlackHat Las Vegas 2010 Introduction All systems make some assumptions about kernel security. Sometimes a single kernel flaw can break the entire security model.

1.11k views • 63 slides
One FlAw over the Cuckoos Nest on , Ricardo J. Rodr guez I naki Rodr

One FlAw over the Cuckoos Nest on , Ricardo J. Rodr guez I naki Rodr

One FlAw over the Cuckoos Nest on , Ricardo J. Rodr guez I naki Rodr guez-Gast All wrongs reversed inaki@sensepost.com, rjrodriguez@fi.upm.es @virtualminds es @RicardoJRdez SensePost Universidad Polit

827 views • 71 slides
Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano Cervesato

Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano Cervesato

Expressing Type-Flaw Attacks in a Strongly Typed Language Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL Washington DC http://www.cs.stanford.edu/~iliano/ 2 nd International Workshop on Foundations for

891 views • 45 slides
Lecture 2: Vim's Giant Flaw Part I Recurring Themes Annoucements Homework 1 will be out by

Lecture 2: Vim's Giant Flaw Part I Recurring Themes Annoucements Homework 1 will be out by

Lecture 2: Vim's Giant Flaw Part I Recurring Themes Annoucements Homework 1 will be out by tonight! Covers everything up to and including this lecture. No commands will be covered (as usual), we will get to that in the second part of

1.24k views • 111 slides
#5 Feed/Food The Fatal Flaw: #5 FEED/FOOD Intensive sea cage fish farmings

#5 Feed/Food The Fatal Flaw: #5 FEED/FOOD Intensive sea cage fish farmings

Five Fundamental Flaws of Sea Cage Salmon Farming #1 Wastes #2 Escapes #3 Diseases/Parasites #4 Chemicals #5 Feed/Food The Fatal Flaw: #5 FEED/FOOD Intensive sea cage fish farmings dependence upon a fast

1.81k views • 124 slides
Icicle Workgroup Presentation IPID Pump Exchange Fatal Flaw Evaluation December 6, 2013 Mike

Icicle Workgroup Presentation IPID Pump Exchange Fatal Flaw Evaluation December 6, 2013 Mike

Icicle Workgroup Presentation IPID Pump Exchange Fatal Flaw Evaluation December 6, 2013 Mike Kaputa Dan Haller Dave Rice 2012 Appraisal Study Overview Started with OCR Grant for Campbell Creek Reservoir 5 Alternatives studied with

571 views • 8 slides
BondCh Check ck Multi-mode bond inspection flaw detector BondC dChe heck Introduc duction

BondCh Check ck Multi-mode bond inspection flaw detector BondC dChe heck Introduc duction

BondCh Check ck Multi-mode bond inspection flaw detector BondC dChe heck Introduc duction Multi-mode bond testing instrument Pitch-catch Resonance MIA ( Mechanical Impedance ) Built on established AeroCheck+ EC instrument

529 views • 24 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides

More recommend