The Future of Software Security - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

The Future of Software Security

Description:

Idea: static taint tracking. Inputs from untrusted sources are 'tainted' ... yet, we probably won't solve the software security. problem any time soon, either ... – PowerPoint PPT presentation

Number of Views:14
Avg rating:3.0/5.0
Slides: 12
Provided by: phillip79
Category:

less

Transcript and Presenter's Notes

Title: The Future of Software Security


1
The Future of Software Security
David Wagner U.C. Berkeley
2
The Scale of the Problem
  • Viruses and worms prevalent and especially
    nasty ones can cost gt 1 billion per occurrence
  • Phishing, pharming, botnets, rootkits, privacy
    spills
  • Cybercrime profits for 2004 (105 billion)
    claimed to exceed those of drug crime Treasury
    Dept.
  • 80 of home users infected with spyware NCSA
  • MTTI (Mean Time To Infection) for WinXP
    out-of-box ? 15 minutes SANS
  • Why? (1) Because we havent made security
    usable. (2) Because our software is riddled
    with defects.

3
Where is Software Security Heading?
  • Traditional approaches arent adequate
  • operating system security a good OS cant
    make up for a buggy app
  • virus detectors, IDS a kludge on its last legs
  • patch-and-pray cant keep up with the
    blackhats
  • working around buggy end hosts in the network
    a nice idea, killed by HTTP, SOAP,
  • Software security is a software quality problem
  • Software bugs security holes bad
  • Weve got an application security problem

4
Application Security Matters
Browser safe days (in 2004) unpatched(2/18/06) days to patch
Internet Explorer 7 ( 2) 34 463
Opera 300 (82) 0 93
Firefox 339 (93) 2 43
unsafe remotely exploitable hole is publicly
known and no patch available safe anything
else. Sources scanit, Secunia
  • Application quality can make a measurable
    difference

5
Complexity No End in Sight
  • Complexity is the enemy of security yet is on
    the rise

6
Approaches
  • What can we do about it?
  • Try harder
  • Hardened languages and execution environments
  • Tools to find security bugs in legacy code
  • Languages, programming disciplines, tools to
    eliminate security bugs in new code

7
MOPS A C Model Checker
  • Experiment Analyze an entire Linux distribution
  • Redhat 9, all C packages (732 pkgs, 50 MLOC)
  • Examined 5 sample security rules
  • Team of 4 manually examined 900 warnings
  • Laborious multiple person-months of effort
  • Found 108 new security holes in Linux apps

Security Property Warnings Real bugs Bug ratio
TOCTTOU 790 41 5
temporary files 108 34 35
strncpy 1378 11(? 165468?) 5-10
Total 2333 108
  • Lesson Security bugfinding tools can be very
    effective

8
Input Validation
char name gethostbyaddr(...)-gth_name printf(
name) // BUG!
  • Idea static taint tracking
  • Inputs from untrusted sources are tainted
  • Prevent the flow of tainted data to trusting
    sinks
  • Crude implementation abuse the C type
    system struct taintedstr char p struct
    taintedstr name mktaintedstr(gethostbyaddr(..
    .)-gth_name) printf(name) // TYPE ERROR!
  • Cheesy hack augmented (Apps) Hungarian char
    tszName gethostbyaddr()-gth_name printf(tszNa
    me) // BUG!

9
Taint Analysis Through Type Inference
  • A better way type qualifier inference (CQual)
  • New types tainted int, untainted int, etc.
  • Tool infers these qualifiers, where needed, so
    you dont have to
  • Application Detection of format string
    vulnerabilities
  • Partial results 3 vulnerabilities in 200K LOC
  • In progress analysis of an entire Linux
    distribution (260M LOC, 16K packages)
  • Application Detection of user/kernel
    vulnerabilities in the Linux kernel
  • Linux 2.4.20 11 exploitable security holes
  • Linux 2.4.23 10 exploitable security holes

10
User/Kernel Security Holes
  • Experiment Can CQual verify absence of u/k
    bugs?
  • Sound whole-kernel analysis

Linux kernel Warnings Bugs Annotations Size
2.4.23-default 53 10 287 300K LoC
  • Found 10 exploitable holes in Linux 2.4.23 core
  • Sparse missed all 10 bugs 7000 annotations
    many FPs
  • MECA missed 6/8 bugs 75 annotations very few
    FPs
  • Lesson Verifying absence of (certain) bugs is
    within reach
  • Lesson Verification tools find more bugs

11
Parting Thoughts
  • Security (quality) is a whole-systems problem
  • Affects all elements of the system
  • Pervades SW lifecycle design, implementation,
    QA
  • Security (quality) is a people problem
  • Training, user testing, processes, ...
  • Program analysis tools can help with the
    gruntwork
  • Bottom line Better tools and better languages
    can help, but theres no silver bullet
  • If we havent solved the software quality
    problem yet, we probably wont solve the
    software security problem any time soon, either
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Future of Software Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!