1 of 25 slides

Understanding and Countering Insider Threats InSoftware Development

Michael FranzUniversity of California, Irvine

Presented by Ivan HristovDepartment of Computer ScienceDresden University of Technology

Winter Semester 2008

iv.hristov@yahoo.com

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 2 of 25 slides

Part I

Presentation

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 3 of 25 slides

”Bug or feature?”

Bugs - bad mistakes or good profit

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 4 of 25 slides

Bugs can be power!

”Ispa Scientia Potestas Est - Knowledge is power.”

Sir Francis Bacon

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 5 of 25 slides

The Problem

We live in a chaos!

There are bad guys that want bugs!

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 6 of 25 slides

Aim(s)

What for?

“zombie farms”

phishing

governmental back doors

other purposes

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 7 of 25 slides

Conspiracy theory

Trojan horse

$50 billion dollars industry

espionage, “moles”

“protection”

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 8 of 25 slides

Sources of software bugs

Important aspects to consider

”doors behind the back doors”

stocks always matter

outsourcing

how well your company treats you

the good old friend Buddy

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 9 of 25 slides

Open source utopia

Some problems

- Lack of resources

- “Untraceability”

- Open source

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 10 of 25 slides

Author’s Solution

The idea

Fault tolerance mechanism through

Versioning

Parallelism

Consistency check

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 11 of 25 slides

Author’s Approach

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 12 of 25 slides

Problem subset

What’s treated?

1st arbitrary code execution

2nd specific input

What’s NOT treated?

covert channels

”time bombs”

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 13 of 25 slides

Use case

Scenario

buffer overflows

specific input

”out-of-specification” behavior

knowledge determinism

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 14 of 25 slides

Existing defense strategies

Basic idea

Ruin the attacker’s knowledge determinism

Drawback

Randomization is difficult

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 15 of 25 slides

Proposed defense strategy

Improvement

slightly different versions

parallelism

monitoring

optionally - randomization

Basic idea

One specific input is meaningful to only one program version

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 16 of 25 slides

Basic Idea

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 17 of 25 slides

Basic Idea

Two variants of the same program.[Fra08]

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 18 of 25 slides

Additional variation

Where?

register reallocation

heap randomization

code relocation

OS Entry Point Randomization

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 19 of 25 slides

Checkpointing - take the shortcut

Overall process

1st identical inputs

2nd behavior synchronization

3rd internal states monitoring

How far do you trust your OS?

OS calls as synch points

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 19 of 25 slides

Checkpointing - take the shortcut

Overall process

1st identical inputs

2nd behavior synchronization

3rd internal states monitoring

How far do you trust your OS?

OS calls as synch points

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 20 of 25 slides

Checkpointing - stay on the safe side

Trusted Computing

1st trusted hypervisor

2nd hardware component

3nd additional registers

Cost?

0.001% of the total CPU transistor amount

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 20 of 25 slides

Checkpointing - stay on the safe side

Trusted Computing

1st trusted hypervisor

2nd hardware component

3nd additional registers

Cost?

0.001% of the total CPU transistor amount

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 21 of 25 slides

Slightly Different Versions

HOWTO create multiple versions?

HW virtualization

storage address remappings

hypervisor on-demand code translation

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 22 of 25 slides

Overall architecture

Trusted Code Base

TCB is a hypervisor.[Fra08]

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Introduction Motivation Defense Discussion 23 of 25 slides

Some discussion points

Does virtualization equate panacea?

What type of cost is the important one?

Checkpoint protocols scheduling?

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

24 of 25 slides

Part II

References

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

25 of 25 slides

Michael Franz.Understanding and countering insider threats in softwaredevelopment.International MCETECH Conference, pages 81–90, 2008.

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

25 of 25 slides

Part III

Questions?

Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine