Professional Documents
Culture Documents
Lecture Notes SoftwareSecurityDevelopmentDuringTheSoftwareLifeCycle Best Practices (Part1)
Lecture Notes SoftwareSecurityDevelopmentDuringTheSoftwareLifeCycle Best Practices (Part1)
SECURITY DEVELOPMENT
AND BEST PRACTICES
P R O F E S S O R : D R . PA O L I N A C E N T O N Z E
L E C T U R E N . 6 ( PA RT 1 )
CS 315-CS 615
Software Security
Fall 2015
LECTURE OUTLINE
2
TEXT BOOK REFERENCE
• Gary McGraw is Chief
Technology Officer (CTO) of
Cigital (a USA software
security company)
• His real world experience is
grounded in years of
consulting with major
corporations and software
producers
• He serves on the technical
advisory boards of
Counterpane, Fortify, and
Indigo
PART I
I N T R O D U C T I O N TO S O F T WA R E
SECURITY BEST PRACTICES
SOFTWARE SECURITY
5
SOFTWARE SECURITY BEST PRACTICES
6
7
SOFTWARE SECURITY:
THE MOST CRITICAL ASPECT OF COMPUTER
SECURITY
• The first appearance of software security field in academia was
in 2001
• Best practices are neither widely adopted nor obvious
• A central and critical aspect of the computer security problem is
a software problem
• Most software has flaws (50%--60%)
• (i.e., inconsistent error handling)
• Implementation bugs (40%-- 50%)
• (i.e., buffer overflows and design flaws)
8
BUFFER OVER-FLOW VULNERABILITY
9
BUFFER OVERFLOWS EXAMPLE
10
BUFFER OVERFLOWS IN C BASED
LANGUAGES
• Buffer overflow:
• one of the oldest
• well-known exploitable bugs in C based language
• Although the iPhone has:
• some built-in preventative measures to prevent buffer overflow
• exploits resulting in code execution are still possible
• C functions such as strct() and strcpy()are the APIs most
often abused in this fashion
• yet, these functions are still used in the iPhone applications
today
SOME C-BASED LANGUAGE BEST
PRACTICES
• The threat of classic C exploits is
reduced, but not eliminated, by
using high-level Objective-C APIs
• It is very important to use some
best practices, such as:
• using NSString rather than legacy
string operations like strcat and
strcp to protect against buffer
overflows
• It occurs when:
• A computed value is larger than the storage space it’s
assigned to
• When calculating the size of a buffer to be allocated
(C, C++)
• The calculated size of the buffer will be smaller
than the amount of data to be copied to it (end
result)
SECURITY ISSUES IN SWIFT: WHAT THE NEW LANGUAGE DID NOT FIX
15
SECURITY IMPACT OF INTEGER
OPERATIONS
• Attackers can use these conditions
• To influence the value of variables in
Hacker ways that the programmer did not
Hacking into an online purchase
intend, i.e.,
• When calculating a purchase
order total, an integer overflow
could allow the total to shift from
a positive value to a negative
one
• This would give money to the
customer in addition to their
purchases, when the transaction is
completed
EXPLOIT SCENARIO:
SECURITY IMPACT OF INTEGER OPERATIONS
*note 1:Signed/Unsigned Mismatch In the Two's Compliment System, the bit-streams that represent a negative signed integer correspond to a
very large unsigned integer. For example, the same 32-bit stream is used to represent both -1 and 4,294,967,295 -- casting between signed and
unsigned integers can result in a drastic change in interpreted value.
EXPLOITING SOFTWARE DEFECTS
18
19
NUMBER OF VULNERABILITIES FOR OS
AND APPLICATIONS
21
VULNERABILITY DISTRIBUTION
BY TYPE
22
TOP OPERATING SYSTEMS BY
VULNERABILITIES IN 2014
23
TOP APPLICATIONS BY VULNERABILITIES
REPORTED IN 2014
24
PART II
S O F T WA R E S E C U R I T Y
VERSUS
A P P L I C AT I O N S E C U R I T Y
DEFINITION OF APPLICATION
SECURITY
• Application Security:
• It means many different things to many different people
• In IEEE Security & Privacy magazine: “The
protection of software after it is already built”
• It is easier to protect something that is defect free than
something with vulnerabilities
26
“WHAT IS THE MOST EFFECTIVE
WAY TO PROTECT SOFTWARE?”
• On one hand, Software Security:
Designing software to be secure
Building secure software
Making sure that software is secure
Educating:
software developers
architects
Users about how to build secure things
27
“WHAT IS THE MOST EFFECTIVE WAY TO
PROTECT SOFTWARE?” (CON.)
28
APPLICATION SECURITY VS
SOFTWARE SECURITY
• Application Security:
• Finding and fixing known security problems after they’ve been
exploited in systems
• Software Security:
• The process of designing, building, and testing software for security
• Identifies and expunges (eliminate) problems in the software itself
• Software security practitioners attempt to build software that can
withstand attack proactively
• example: although there is some real value in stopping buffer overflow
attacks by observing HTTP traffic as it arrives over port 80, a superior
approach is to fix the broken code and avoid the buffer overflow
completely
29
READING ARTICLES HOMEWORK
30
OTHER OPEN SOURCE TOOLS FOR STATIC
ANALYSIS
• https://www.owasp.org/index.php/Static_Code_Analysis
(OWASP introduction to static analysis and free/open source
tools for static analysis)
• http://iosdevelopertips.com/objective-c/open-source-static-analys
is-tool-for-objective-c.html
(static analysis tool for C-Objective)
31
HOMEWORK
• Everyone must listen and learn the podcast below at this URL:
(I will ask about this in class)
• https
://www.cigital.com/podcasts/show-113-software-security-best-practices/
• Use one of the tools listed in the previous slide in order to
identify some vulnerability in a program
• Or you can use some other tool that you may already know in
order to identify some program/software vulnerability
• Show me that you have tried at least one of those tools
32