1 / 18

Secure Programming

Secure Programming. Lai Zit Seng November 2012. A Simple Program. int main() { char name[ 100]; printf (&quot;What is your name?<br>&quot;); gets (name) ; printf (&quot;Hello, &quot;); printf (name) ; printf (&quot;!<br>&quot;); return 0; }. Buffer Overflow Example. #include &lt; string.h &gt;

shay
Télécharger la présentation

Secure Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Secure Programming Lai Zit Seng November 2012

  2. A Simple Program int main() { char name[100]; printf("What is your name?\n"); gets(name); printf("Hello, "); printf(name); printf("!\n"); return 0; }

  3. Buffer Overflow Example #include <string.h> void foo (char *bar) { char c[12]; strcpy(c, bar); // no bounds checking... } int main (intargc, char **argv) { foo(argv[1]); } Source: Wikipedia

  4. C Functions That Should Be Banned

  5. Race Conditions • E.g.: How to create a temporary file in /tmp? • Use a static filename • Dynamically generate a filename • Check, then create the file Suppose attacker knows program wants to create this file /tmp/tmpXNg2i9. What can attacker try to do? $ ls –l /tmp total 8 lrwxr-xr-x 1 lzs wheel 11 Nov 12 11:20 tmpXNg2i9 -> /etc/passwd

  6. Random Number Generation • How do you generate random numbers? • How do you seed the generator? #include <stdio.h> main () { srand(0); printf("Num #1: %d\n", rand()); printf("Num #2: %d\n", rand()); printf("Num #3: %d\n", rand()); } Num #1: 520932930 Num #2: 28925691 Num #3: 822784415 This sequence is fixed. If the seed is known, the random sequence can be entirely pre-determined.

  7. Encryption vs Encoding • How do you store secrets? • E.g. if your app needs to store passwords or credentials If you encrypt secrets with a password, then where do you store that password?

  8. Use Standard Libraries and Protocols • Make use of whatever is already available: • Glib • D-Bus IPC • SSL/OpenSSL for secure communications • Don’t reinvent the wheel

  9. Security by Obscurity • Although in some circumstances it can be adopted as part of a defense-in-depth strategy • Security through minority • Don’t count on the unlikely

  10. Principles • Least privilege • Economy of mechanism/Simplicity • Open design • Complete mediation • Fail-safe defaults • Least common mechanisms • Separation of privilege • Psychological acceptability/Easy to use Source: The Protection of Information in Computer Systems (http://www.cs.virginia.edu/~evans/cs551/saltzer/)

  11. Secure by Design • Security needs to be designed from the start

  12. Borrowing from Perl’s Taint Mode • You may not use data derived from outside your program to affect something else outside your program – at least, not by accident. $arg = shift; # $arg is tainted $hid = $arg, 'bar'; # $hid is also tainted $line = <>; # Tainted $line = <STDIN>; # Also tainted open FOO, "/home/me/bar" or die $!; $line = <FOO>; # Still tainted $path = $ENV{'PATH'}; # Tainted, but see below $data = 'abc'; # Not tainted system "echo $arg”; # Insecure http://perldoc.perl.org/perlsec.html

  13. A Program 2. Avoid buffer overflow 3. Program internals/Design approach 6. Language-specific issues 7. Special topics 1. Validate all input 5. Send info back judiciously 4. Carefully call out to other resources Source: http://www.dwheeler.com/secure-programs/secure-programming.pdf

  14. Multi Facets of Information Security Access control Software development security Business continuity & disaster recovery Cryptography Telecommunications & network security Legal, regulations, investigations & compliance Security architecture & design Information security governance & risk management Physical security Operations security

  15. Resources • https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard • http://www.tldp.org/HOWTO/Secure-Programs-HOWTO/index.html

  16. What’s more dangerous than knowing nothing, is knowing something…

  17. Lai Zit Senghttp://www.facebook.com/zitseng Questions?

More Related