P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\titulka.jpg
PB173 - Tématický vývoj aplikací v C/C++ (jaro 2016)
Skupina: Aplikovaná kryptografie a bezpečné programování
•Petr Švenda svenda@fi.muni.cz
•Konzultace: A.406, Pondělí 15-15:50

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Security code review
•Architecture overview
–Design choices and possible design flaws
•Code review
–How well is architecture actually implemented
•Whitebox, greybox & blackbox testing
–different level of access to code and documentation
•Available tools
–mainly for code review
2

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Security code review (2)
•You will always have a limited time
–try to rapidly build overall picture
–use tools to find low hanging fruit
•Focus on most sensitive and problematic areas
–use tools to focus your analysis scope
•More eyes can spot more problems
–experts on different areas
•
•
3

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Architecture overview

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Architecture overview
•Get all information you can quickly
•Assets
–What has the value in the system?
–What damage is caused when successfully attacked?
–What mechanisms are used to protect assets?
•Roles
–Who has access to what?
–What credentials needs to be presented?
•Thread model
–What is expected to do harm?
–What are you defending against?
5

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Architecture overview (2)
•Usage of well established techniques and standards
•Comparison with existing schemes
–What is the advantage of new scheme?
–Why changes were made?
•Security tradeoffs documented
–Possible threat, but unmitigated?
–Is documented or overlooked?
•
•
6

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Sensitive data flow mapping
•Identify sensitive data
–password, key, protected data...
•Find all processing functions
–and focus on them
•Create data flow between functions
–e.g. Doxygen call graph
•Inspect when functions can be called
–Is key schedule validity checked?
–Can be function called without previous function calls?
•Where are sensitive data stored between calls?
7

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Protocol design (and implementation)
•Packet confidentiality, integrity and authenticity
•Packet removal/insertion detection
•Replay attack
•Reflection attack
•Man in the middle
•
8

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Code overview

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Cryptography usage
•CIA (Confidentiality, Integrity, Availability)
–Plaintext data over insecure channel? Encrypted only?
–Can be packet send twice (replay)?
–What is the application response on data modification?
•What algorithms are used
–Broken/insecure algorithms? MD5? simple DES?
•What key lengths are used?
–< 90 bits symmetric crypto?
–< 1024 bits asymmetric crypto?
•Random number generation
–Where the key comes from?
–Is source entropic enough?
–srand() & rand()?
10

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Cryptography usage (2)
•Key creation
–Where the keys originate? Enough entropy?
–Who has access?
•Key storage
–Hard-coded keys
–Keys in files in plaintext
–Keys over insecure channels
–Keys protected by less secure keys
•Key destruction
–How are keys erased from memory?
–Can exception prevent key erase?
11

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Cryptography implementation
•Implementation from well known libraries?
•Own algorithms?
–security by obscurity?
–usually not secure enough
•Own modifications?
–Why?
–sometimes used to prevent compatible programs
–decreased number of rounds?
–Performance optimization with security impact?
•
12

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Code inspection
•Overall code logic
•Memory management - allocation, input validation
•String operations – copy, concatenate, string termination
•Data flow – conditional jumps, test of return values
•Race conditions (TOCTOU)
13

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Input validation
•Hard (and expensive) to do right
•Always use white-listing (what is allowed), not black listing (what is banned)
•Check for buffer overruns
–functions called with attacker’s input
–dangerous functions (strcpy…)
–arrays with fixed lengths
•Large inputs in general
–try to insert 1KB of text instead of user name
•Fuzzing
–large amount of automated inputs with different length
14

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Recommended reading
•Process of security code review
–http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=01668009
•Why cryptosystems fail, R. Anderson
–http://www.cl.cam.ac.uk/~rja14/Papers/wcf.pdf
•Software Security Code Review
–http://www.softwaremag.com/l.cfm?doc=2005-07/2005-07code
•Static code analysis tools
–http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
•Security in web applications (OWASP)
–http://www.owasp.org/index.php/Code_Review_Introduction
–
–
15

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Static analysis tools
•List of static checkers
–http://spinroot.com/static/
–http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
–https://security.web.cern.ch/security/recommendations/en/code_tools.shtml
•We will be interested in C/C++ checkers
–but tools exists for almost any language
•
PB173 | Security code review
16

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Both free and commercial tools
•Commercial tools
–PC-Lint (Gimpel Software)
–Klocwork Insight (Klocwork)
–Coverity Prevent (now under HP)
–Microsoft PREfast (included in Visual Studio)
•Free tools
–Rough Auditing Tool for Security (RATS) http://code.google.com/p/rough-auditing-tool-for-security/
–CppCheck http://cppcheck.sourceforge.net/
–Flawfinder http://www.dwheeler.com/flawfinder/
–Splint http://www.splint.org/
–FindBugs http://findbugs.sourceforge.net (for Java programs)
–Doxygen’s call graphs from source  http://www.stack.nl/~dimitri/doxygen/
–...
•
–
17
PB173 | Security code review

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
•
18
PB173 | Security code review

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Practical assignment
•Every team will make its own documentation & code available online
–upload to IS repository (available to others)
•Crypto - Project for review
–deadline today 9.5. 23:59
•Other teams will make security analysis of the architecture and code (2 projects)
–after 9.5. 24:00
–Presentation of findings 16.5. 12:00
•Points will be awarded according to:
–number&severity of problems found in reviewed projects
–quality of own architecture and code
19

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Practical assignment
•Some tips what to analyze:
–which functions are manipulating with sensitive information
–where is random numbers coming from
–code bugs?
•Use some analysis tools
–gcc -Wall -Wextra
–MSVS:Project®C/C++ ®General ®Warning level (/W4 /Wall)
–call graphs (e.g., Doxygen, http://cecko.eu/public/doxygen)
–Cppcheck (C/C++, Windows) http://cppcheck.sourceforge.net/
–...
–
•
20

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
PB173 | Security code review
Practical assignment (2)
•Summarize your findings
–problem identification + severity + applicability + short description
–2 pages enough (per project)
Identifikace problému: A_x (celková bezpečnostní architektura) / C_x (kód implementace)
Závažnost: nízká  /  střední  /  vysoká  /  není možné rozhodnout
Proveditelnost útoku: snadná (lze přímo externím útočníkem)  /  v závislosti na dalších součástech
systému  /  není možné rozhodnout (obvykle značí potenciální zranitelnost, kde ale detailní postup
pro možné zneužití přímo neznáme)
Popis problému: místo výskytu v kódu ve tvary soubor.c:číslo_řádku:funkce – popis
Navrhované řešení: jednoduchý popis (v případě, že jsme návrh schopni poskytnout)
21