IT Sicherheit - 7. Security Engineering

Buffer Overflows

Secure Coding Guidlines

Security Patterns

Microsoft Security Development Lifecycle

Introduction

early detection of vulnerabilites often fails in the development lifecycle

Patch Management ist the result

Security Engineering ist about building system to remain dependable in the face of malice, error or mischance

Security: Make Sure certain things cannot happen

Functionality: Make sure certain things can happen

relevant disciplines

Cryptographie and computer security

chip design

social engineering

costs, financiel

secure passwords

construction of building, centers...

Abstraction Levels

high-level

mid-level

low-level

system design

development process

security patterns

coding guidelines

coding guidelines

specific knowledge of system architecture

Types

Stack-based BO

Off-by_One BO

BSS BO

HEAP BO

application segments

Stack

Heap

BSS

Data

Text

local nonstatic variables, arguments, RET

malloc/new and free/delete

global non initialized variables

initialized global and static local variables

program code

Stack and register

LIFO structure

Pointer

EIP = Instruction Pointer

ESP = Stack Pointer

EBP = Base / Frame Pointer

function call

calling:

entering

parameters pushed to stack

return adress is pushed to stack

EIP is changed to start of function

save stack pointer

allocate space for local variables / parameters

execute code

cleanup stack and restore old frame pointer

return from function

attacks

Stack Smashing

Integer Overflow

Strnig format attacks

Countermeasures:

save coding

secure libraries, functions

code analyzers

data execution prevention

Linux PaX, Windows DEP

Canaries (Stack Guard)

Adress Space Layout Randomization (ASLR)

Return oriented programming (ROP)

write-able memory is not executable. So use already existing code snippets to execute instructions

Advantages

Turing complete

Circumvent DEP/NX

Gadgets can be found by tools

Number of Gadgets can be increased by shfiting oddset to instructions

Countermeasures:

Address Space Layout Randomization (ALSR)

Position independent execution (PIE)

use fiicent input validation

use version / configuration control

adhere to the KISS-principle + Security

use libraries

use the latest compilers

white list rather than blacklist

encode html input

never trust input to sql statements

defense against coding errors

use security design patterns

make security policy

use strong crypto

stay informed about new vulnerabilities

educate developers constantly

describe features at a higher level of abstraction

template/description how to solve a problem

structure

Context

Problem

Requirements

Solutions

PrivSep Pattern

Pre-authentication

Post-authentication

Training

Requirements

Design

Implementation

Verification

Release

Response

Establish Security Requirements

Create Quality Gates / Bug Bars

Perform Security and Privacy Risk Assesment

Establish Design Requirements

Perform attack surface Analysis / Reeduction

Use Threat Modeling

Use Approved Tools

Deprecate unsage functions

perform static analysis

perform dynamic analysis

perform fuzz testing

conduct attack surface review

Create an incident Response plan

Conduct final security review

Certify Release and archive

execute incident response plan

Core Security Training

security testing

secure coding

threat modeling

secure design

privacy