Hardening The Attack Surface

presented by

Hardening The Attack Surface

UEFI Winter Plugfest – February 21-23, 2012 Presented by

Douglas MacIver Principal Test Engineer, Microsoft Corp.

UEFI Plugfest – February 2012 www.uefi.org 1

Updated 2011-06-01

Hardening The Attack Surface UEFI Plugfest – February 2012 www.uefi.org 2

Hardening The Attack Surface UEFI Plugfest – February 2012 www.uefi.org 3

Harden

Attack

Surface

Hardening The Attack Surface

How to Harden an Attack Surface

• Threat Modeling

• Secure Coding

• Security Code Audits

• Fuzz Testing

• Software Security Defenses

UEFI Plugfest – February 2012 www.uefi.org 4

Hardening The Attack Surface

Media Player Threat Model

UEFI Plugfest – February 2012 www.uefi.org 5

Hardening The Attack Surface

UEFI Threat Model

UEFI Plugfest – February 2012 www.uefi.org 6

Hardening The Attack Surface

Secure Coding (one aspect)

Validation of untrusted input!

Poor validation of untrusted input may result in:

– Buffer overflows

– Integer and pointer corruption

– Memory overwrites

– …

Leading to:

– Compromised runtime integrity of authenticated components

– …

UEFI Plugfest – February

2012 www.uefi.org 7

Hardening The Attack Surface

Security Code Audits

UINT32 FindJamInBlob(BLOB* Blob, size_t BlobSize)

{

UINT32 JamOffset;

JamOffset = Blob->Start + Blob->Hdr.Size;

return JamOffset;

}

First, ask questions

Second, identify vulnerabilities

UEFI Plugfest – February

2012 www.uefi.org 8

Hardening The Attack Surface

Venn and the Art of Security Testing

UEFI Plugfest – February 2012 www.uefi.org 9

design implementation

customer wants/needs

bad design

bad impl

? bad design

bad impl

lucky

sadness

bad design

good impl

good design

bad impl

Hardening The Attack Surface

Fuzz Testing

UEFI Plugfest – February

2012 www.uefi.org 10

Format Aware

Fix-up Instrumented

Feedback Informed

Dumb

Effo

rt

Applying malformed data against the attack surface

Hardening The Attack Surface

Software Security Defenses

• Writing Secure Code

• Stack Buffer Overrun Detection (GS)

• Data Execution Prevention (DEP/NX)

• Address Space Layout Randomization (ASLR)

• Heap Corruption Detection

• Migration to Safer Functions

Hardening The Attack Surface

How to Harden and Attack Surface

UEFI Plugfest – February 2012 www.uefi.org 12

• Secure Coding: helps to avoid problems Guidelines for Writing Secure Code: http://msdn.microsoft.com/en-us/library/ms182020.aspx Writing Secure Code: http://msdn.microsoft.com/en-us/security/aa570401 Safe Integer Arithmetic in C: http://blogs.msdn.com/b/michael_howard/archive/2006/02/02/523392.aspx

• Threat Modeling: helps to define trust boundaries and potentially malicious data input points http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx

• Security Code Audits: helps identify vulnerabilities through manual code inspection http://technet.microsoft.com/en-us/library/cc723542.aspx http://blogs.msdn.com/b/sdl/archive/2011/10/19/code-analysis-for-all.aspx

• Fuzz Testing: helps find input parsing and other vulnerabilities http://msdn.microsoft.com/en-us/testing/cc162782.aspx

• Software Security Defenses: helps provide blanket protection against some threats http://msdn.microsoft.com/en-us/library/bb430720.aspx

Hardening The Attack Surface UEFI Plugfest – February 2012 www.uefi.org 13

Harden

Attack

Surface

Hardening The Attack Surface

Thanks for attending the UEFI Winter Plugfest 2012

For more information on the Unified EFI Forum and UEFI Specifications, visit http://www.uefi.org

presented by

UEFI Plugfest – February 2012 www.uefi.org 14