Professional Documents
Culture Documents
Secure Programming
Lng nh Hong
hoangla@soict.hut.edu.vn
Mc ch
Cung cp cc kin thc, k thut c bn xy dng cc ng dng an ton.
Yu cu
Yu cu v kin thc:
An ninh mng Ngn ng lp trnh C/C++.
Ln lp y
Thi lng mn hc
Thi lng: 45 tit
L thuyt: 30 tit Bi tp:15 tit
Ti liu
Secure Program Cookbook for C and C++, Matt Messier, John Viega, O'Reilly 2003.
Ni dung
Chng 1. Kim tra u vo Chng 2. Kim sot truy nhp Chng 3. M ha i xng Chng 4. Hm bm v xc thc thng ip Chng 5. M ha cng khai Chng 6. Anti-Tampering Chng 7. Cc vn khc
nh gi
Bi tp ln: 70% Qu trnh: 30%
Lng nh Hong
hoangla@soict.hut.edu.vn
Ni dung
1.1 Nguyn tc kim tra. 1.2 Cc hm nh dng xu (string formatting) . 1.3 Trn b m. 1.4 Trn s hc. 1.5 Kim tra tn file v ng dn. 1.6 Gii m URL 1.7 Cross-Site Scripting 1.8 SQL Injection
u tin loi b d liu hn l c gng sa cha d liu. Thc hin kim tra u vo ti nhiu cp, nhiu im
Kim tra u vo cc hm Kim tra u vo gia cc module.
Khng tip nhn lnh trc tip t ngi dng nu cha qua kim tra. Kim tra cc k t c bit, du nhy. Tm hiu v s dng c ch trch dn (quoting mechanism) nu cn. Cng hiu v d liu bao nhiu cng lc c tt by nhiu.
10
1.2 Cc hm nh dng xu
H cc hm printf() , syslog() cho php nh dng d liu rt mm do v mnh m tuy nhin cng cc k nguy him. Thn trng khi s dng %n
Tham s %n cho php ghi ra s lng k t kt xut c ra mt a ch bt k ch ra trong tham s tng ng. Nu khng tn ti tham s no th printf s ghi ln mt vng no thuc stack ca lung ang thc thi. VD. int counter = 0; printf(Hello%n,&counter); // OK, counter = 5 printf(Hello%n); // Nguy him !!! Xu nh dng c ngun gc t ngoi chng trnh c th c mt vi k t c bit m chng trnh cha lng trc c, hoc khng c tham s thay th tng ng. VD. char str[1024]; gets(str); printf(str); // Nguy him !!! printf(%s,str); // OK 11
1.2 Cc hm nh dng xu
Thn trng khi s dng sprintf, vsprintf vi %s
Cc hm trn u gi nh kch thc b m cho xu ch l v hn. Nn ch r s lng k t ti a s s dng khi dng vi %s. Nn s dng snprintf, vsnprintf nu c th. VD char str[1024]; char dst[32]; gets(str); sprintf(dst,Xau vua nhap vao la %s,str); // Nguy him sprintf(dst,Xau vua nhap vao la %.16s,str); // OK snprintf(dst,32,Xau vua nhap vao la %s,str);// OK
12
1.3 Trn b m
Trn b m: copy d liu vt qu bin ca mt b m no => ln vng nh ca bin (cu trc) khc. Phn ln cc hm x l xu trong C u khng thc hin kim tra bin ca b m: gets, strcpy, VD1: D liu b hng
int x = 0; char buff[8]; strcpy(buff,Hello AAAAAAAAAAAAAAAAAAAAAAAAAAAAA); printf(%d,x);
13
1.3 Trn b m
VD3: Khng tr v c t chng trnh con
void Hello() { char name[8]; printf(What is your name ?); gets(name); printf(Hello %s !, name); } void main() { Hello(); printf(Bye); }
14
1.3 Trn b m
VD4: Tn cng c ch trn b m
void Bye() { } void Hello() { void (*p)() = Bye; char name[8]; printf(What is your name ?); gets(name); printf(Hello %s !, name); p(); } void main() { Hello(); } printf(Bye);
15
1.3 Trn b m
Gii php:
S dng cc hm strncpy, memcpyv nhng hm c kim sot kch thc b m mt cch tng minh. S dng Stack Guard trong cc trnh bin dch h tr. S dng DEP (Data Execution Preventation) trn h iu hnh h tr. S dng ASLR (Address Space Layout Randomization) trn trnh bin dch v h iu hnh h tr.
16
1.4 Trn s hc
D liu nhn v c th c sai st trong trng lin quan n kch thc. Cc thao tc lin quan n s nguyn ln c th b trn, ln ln gia s nguyn khng du v c du VD1: Trn s VD2: Dng sai kiu c/khng du
unsigned int x = 0xFFFFFFFF; // MAX_INT if ( x+5 > 5 ) printf (X > 0 ) else printf(X < 0);
if (x < MAX_SIZE) { // x, s byte cn cp pht ty theo gii thut tnh c if (!(ptr = (unsigned char *)malloc(x))) abort( ); } else { /* Handle the error condition ... */ }
17
18
19
Cch gii m: duyt t u n cui , tm cc k t % v thay th bng m ASCII tng ng. Khng s dng cc hm x l xu chun v c th c k t NULL trong URL.
20
21
File Chao.php
Demo
Gii php: Lc b cc th HTML khi d liu t ngi dng. Mi ngn ng lp trnh c mt cch ring.
22
Cc k thut khai thc: An ninh mng VD: Mt ng dng web mun kim tra tn v mt khu gm hai trang
ask.php: Hin form ng nhp v thu nhn tn, mt khu login.php: Kt ni n CSDL v kim tra
23
24
25
26
Phng chng
Loi b tt c cc du v cc k t c bit nu cn. S dng escaped string Vi php/mysql: mysql_real_escape_string, hoc thm \. Vi SQL server: thm k t trc k t c bit. Vi Oracle DB: thm k t \ trc k t c bit.
27
Lng nh Hong
hoangla@soict.hut.edu.vn
Ni dung
2.1 C ch kim sot truy nhp trn Unix/Linux 2.2 C ch kim sot truy nhp trn Windows 2.3 H thp quyn truy nhp ca tin trnh 2.4 Xa file an ton 2.5 Hn ch quyn truy nhp trn file 2.6 Kha file 2.7 To file tm 2.8 Hn ch truy nhp n h thng file
29
30
Khi tin trnh to mt file hoc ti nguyn, h thng s gn user id v group id cho file mi bng effective user id v effective group id ca tin trnh. Khi tin trnh truy nhp mt file hoc ti nguyn, h thng s ln lt so snh user id, group id ca tin trnh v file v chn ra tp quyn tng ng. Nu khng khp th lp quyn th 3 s c s dng.
31
32
33
34
Mi i tng u c mt Owner, chnh l ngi to ra i tng. Owner c ton quyn vi i tng bt k trong DACL c cm hay khng. Owner c th b chim bi user khc.
35
36
Mt vi mu c s dng
static unsigned char single_pats[16] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; static unsigned char triple_pats[6][3] = { { 0x92, 0x49, 0x24 }, { 0x49, 0x24, 0x92 }, { 0x24, 0x92, 0x49 }, { 0x6d, 0xb6, 0xdb }, { 0xb6, 0xdb, 0x6d }, { 0xdb, 0x6d, 0xb6 } };
37
ng dng thay i umask bng hm umask() trc khi thc hin li gi to file.
#include <sys/types.h> #include <sys/stat.h> mode_t umask(mode_t mask);
38
Kha file cng c th xc nh lc to lp/truy nhp file thng qua hm CreateFile. on chng trnh sau s m mt file c vi ch Shared Lock.
char buff[1024]; DWORD bytesRead = 0; HANDLE fileHandle = NULL; fileHandle = CreateFile(L"C:\\SecureProgramming\\Test.txt", GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); 40
41
2.7 To file tm
ng dng to file tm lu tr thng tin tm thi ca chng trnh. File tm nn c to lp mt cch an ton, v xa khi kt thc chng trnh. Trn unix/linux:
Hm mkstemp() c th s dng to file tm vi tn ngu nhin. ng dng cn xa file theo tn, ngay sau li gi mkstemp m bo khng tin trnh no truy nhp c. Sau khi tin trnh kt thc mt cch bnh thng/khng bnh thng, file tm s khng th truy nhp c na. VD char szPath[] = fileXXXXXX"; int fd; fd = mkstemp(szPath); unlink(szPath); printf("Temperary file created, press any key to continue..."); write(fd,"Hello",5); close(fd); 42
2.7 To file tm
Trn Windows:
Khng c hm tng ng mkstemp() GetTempFileName() sinh tn file ngu nhin nhng d on. GetTempPath() ly ng dn n th mc tm ca ngi dng hin ti. To file bng hm CreateFile vi hai thuc tnh FILE_ATTRIBUTE_TEMPORARY v FILE_FLAG_DELETE_ON_CLOSE VD HANDLE fileHandle = NULL; fileHandle = CreateFile(L"C:\\SecureProgramming\\Tmp.txt", GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_ALWAYS, FILE_ATTRIBUTE_TEMPORARY| FILE_FLAG_DELETE_ON_CLOSE, 0);
43
VD:
#include <unistd.h> chroot("/new/root/directory"); chdir("/");
44
Chng 3. M ha i xng
Symmetric Crytography
Lng nh Hong
hoangla@soict.hut.edu.vn
Ni dung
3.1 Biu din kha 3.2 Chuyn i chui hexa v kha nh phn. 3.3 M ha v gii m Base64 3.4 Cc phng php m ha i xng 3.5 M ha i xng vi OpenSSL 3.6 M ha i xng vi Microsoft Crypto API
46
47
48
49
50
51
52
M ha i xng: S dng chung mt kha cho m ha v gii m C hai loi: M khi v m dng C nhiu ch m ha: ECB, CBC, CFB, OFB, CTR, CWC C nhiu gii thut:
Cipher Key size 128 bits[5] 128 bits 192 bits[7] 128 or 256 bits Up to 256 bits (usually 128 bits) 128, 192, or 256 bits Up to 256 bits (usually 128 bits) Speed[4] 14.1 cpb in asm, 22.6 cpb in C 41.3 cpb 108.2 cpb 6.4 cpb 10.7 cpb 35.6 cpb 23.2 cpb Implementation Brian Gladman's[6] OpenSSL OpenSSL Fast reference implementation[8] OpenSSL Fast reference implementation OpenSSL It gets a lot faster on 64-bit platforms and is at least as fast as AES in hardware. This implementation is written in C. Notes The assembly version currently works only on Windows.
53
S dng th vin:
Trn Unix/Linux: Ti source v v bin dch. Kt qu l file libcrypto.[so/a], libssl.[so/a] v cc file .h include vo chng trnh. Trn Windows: Ti bn binary bin dch sn: libeay32.dll, ssleay32.dll, tp tiu (.h) v tp th vin (.lib). Link http://www.ie7pro.com/openssl.html
54
55
58
59
60
t ch m
CBC ECB
61
62
63
68
70
Lng nh Hong
hoangla@soict.hut.edu.vn
Ni dung
4.1 Cc loi hm bm v MAC thng dng 4.2 Bm vi OpenSSL 4.3 Bm d liu vi CryptoAPI 4.4 Xc thc thng ip vi HMAC 4.5 Salt
72
73
128 bits (same length Good as cipher block size) 128 bits 128 bits 128 bits 256 bits 128 bits 160 bits 160 bits 256 bits 384 bits 512 bits Good to low Insecure Very low, may be insecure Very high Good High High Very high Very high Very high
74
75
A universal hash ~18 cpb and AES Message digest function hash127 + AES AES AES Block cipher Block cipher 90 cpb ~6 cpb 29.5 cpb 29.5 cpb 72 cpb 89 cpb
76
77
80
81
82
83
84
85
86
87
88
Bi tp
1. Vit chng trnh m ha v gii m tp tin bng gii thut AES-256 bit. Mt khu nhp t bn phm. Kim tra tnh ng n ca kt qu bng gii thut SHA-256. S dng th vin OpenSSL. Khun dng d liu ca tp tin sau khi m ha c th nh sau: <Kch thc><Ni dung tp tin m><Gi tr bm SHA-256> 2. Vit chng trnh chat client-server n gin trong knh truyn c m ha theo gii thut AES-256. Key c sinh ra t mt khu tha thun trc v khng truyn qua mng, Vector khi to l m BCD c thit lp t ngy v gi hin ti ca h thng (Hm API GetSystemTime). V d: Nu hin ti l 07h ngy 10/10/2011 th gi tr di dng hexa ca vector khi to l 2011101007000.00
89
Bi tp
3. Vit chng trnh bm ni dung mt file bng gii thut HMAC-AES256, s dng th vin OpenSSL. Mt khu bm nhp t bn phm. 4. Vit chng trnh kim tra tnh ton vn ca mt file bng gii thut HMAC-AES256. Mt khu kim tra nhp t bn phm.
90
Lng nh Hong
hoangla@soict.hut.edu.vn
Ni dung
5.1 M ha vi OpenSSL RSA 5.2 K s d liu 5.3 Biu din kha di dng DER/PEM 5.4 Kt ni SSL 5.5 H tng kha cng khai
92
93
94
95
96
97