Upload
haszeli-food-resources
View
159
Download
1
Tags:
Embed Size (px)
Citation preview
VIVA Presentation
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES
EXPLOIT TAXONOMY BASED ON WELL-DEFINED CRITERIA
April 2015
Nurul Haszeli Bin AhmadM.Sc. in Computer Sciences (CS780)
Faculty of Computer and Mathematical SciencesUiTM Shah Alam
Supervisor: Prof. Madya Dr Syed Ahmad Sheikh Aljunid (FSMK, UiTM Shah Alam)
Dr Jamalul-lail Ab Manan (Advance Computing Lab, MIMOS Berhad)
Definition• Source-code perspective – Is an approach of viewing software
problem from developers point-of-view
• Well-defined criteria – set of criteria to establish a good solution
• Overflow vulnerabilities – vulnerabilities that trigger overflow (with/without intention) in computer system’s memory (stack, heap, data segment)
• Overflow vulnerabilities exploit taxonomy – A taxonomy constructed to classify overflow vulnerabilities based on exploitation approach.
• Well-Defined Taxonomy - A well-defined taxonomy should comply with sets of criteria, covers all classes and ease user in understanding the field of study
References:
1. A well-defined taxonomy is a structured classification that fulfils sets of criteria, eased user in classifying object of studies and used in
analysis and discussion (Axelsson, 2000).
2. A well-defined taxonomy should be clear, allowing precise classifications of object(Bishop and Bailey, 1996)
3. A well-defined taxonomy should cover all relevant classes (Hannan et. al.,2003)
Presentation Outline
Introduction
Problem Statement
Research Questions, Objectives, Assumptions & Scope
Research Methodology
Results and Discussion
Conclusion and Recommendations
Q & A
1
2
3
4
5
6
7
Introduction
2 3 4 5 6 71
1988
Morris Worm (One, 1996)
2000 2010 2014
1. Vulnerabilities and exploitation continue to persist and evolve with
no indication of it to recede (Brandan, 2014; Campbell, 2012; IBM,
2009; Kaspersky, 2009)
2. Number of attacks increase (Cybersecurity Malaysia, 2009; Cenzic
Inc, 2010)
3. Attacks become more sophisticated; W32.Stuxnet (Symantec
Corporation, 2010; Falliere, Murchu, & Chien, 2011; Chen T. M.,
2010)
4. Number of vulnerabilities released per year: ~5000 (Symantec
Corporation, 2014)
Introduction
2 3 4 5 6 71
1988
Morris Worm (One, 1996)
2000 2010 2014
• First ever detected and continue to be released in major vulnerabilities databases such as Microsoft, Cenzic, IBM, HP, NIST, SANS Institute, OWASP, OSVDB, etc.
• Exist in multiple variance – 10 types of C overflow vulnerabilities
• Works on it since 1970
• Program Analysis – Static and Dynamic
• 11 analysis methods
• > 40 analysis tools
• Safe library, Secure Compiler
Why C overflow
vulnerabilities is persistent
and significant?
Introduction
2 3 4 5 6 71
1988 2000 2010 2014
1. Vulnerabilities understanding is the process of educating and building the knowledge on vulnerabilities (Krsul, 1998).
2. A major step towards enhancement of tools and implementation for better defense mechanism (Krsul, 1998) and (Tsipenyuk, Chess, & McGraw, 2005).
To improve(understanding
and knowledge)
Guidelines
BooksTaxonomy
2 3 4 5 6 71
Problem Statement
1. C overflow vulnerabilities is still a major security
issue and the root cause of many successful
exploits.
2. Although vulnerabilities taxonomies and their
classification have been constructed,
presently:
a. most of these are non-source code based,
which prevented software developers
from understanding the vulnerabilities and
writing safe codes.
b. There are a few source code-based
taxonomies but not well-defined.
Problem Statement
2 3 4 5 6 71
70s 20141990 2000 2010
1. For debugging and understanding code2. Focus on code causing error
In Summary1. Focus on software/coding vulnerabilities
(sw/hw/nw)2. Looking from memory/source-code perspective3. View/Solutions to overcome symptom that happen
after vulnerabilities occurs or exploitation occurs4. Too wide/generic classifications/taxonomy or
specifics but incomplete5. Starts looking on well-defined taxonomy6. Purpose – debugging, evaluate program analysis
Problem Statement
2 3 4 5 6 71
70s 20141990 2000 2010
Research Gaps
Taxonomy
Well-defined taxonomy
Source-code perspective
Looking on the root causes rather than symptom
Specifics to C overflow vulnerabilities
Purpose – Educate software developers on secure code
X
Problem Statement
2 3 4 5 6 71
“There is no taxonomy focusing on C
overflows vulnerabilities exploits from
source codes perspective and
constructed based on a set of well-
defined criteria with the objective of
helping the system developers and
programmers to develop secure codes to
reduce their mistakes or ignorance” (Thesis, page 9)
Research Gaps
2 3 4 5 6 71
Research Questions, Objectives, Assumptions & Scope
RQ RQ 1: Why C overflow vulnerabilities still persist
although it is common knowledge, and there are
numerous methods and tools available to overcome
them?
RO RO 1: To identify the reasons why C overflow
vulnerabilities, despite more than three decades,
still persist although there are various methods and
tools available.
5 RQ versus
5 RO
2 3 4 5 6 71
Research Questions, Objectives, Assumptions & Scope
RQ RQ 1: Why C overflow vulnerabilities still persist although it is common
knowledge, and there are numerous methods and tools available to
overcome them?
RO RO 1: To identify the reasons why C overflow vulnerabilities, despite
more than three decades, still persist although there are various
methods and tools available.
RQ RQ 2: How to improve the understanding and
knowledge of software developer on C overflow
vulnerabilities from source code perspective?
RO RO 2: To construct a well-defined C overflow
vulnerabilities exploit taxonomy from source code
perspectives.
2 3 4 5 6 71
Research Questions, Objectives, Assumptions & Scope
RQ RQ 3: How to evaluate the well-defined C overflow vulnerabilities taxonomy
from source code perspective?
RO RO 3: To evaluate and validate the constructed taxonomy against the well-
defined criteria
RQ RQ 4: Which Windows-based operating system is critical and vulnerable to
exploit using C overflow vulnerabilities?
RO RO 4: To evaluate the security vulnerability of window-based operating
systems with respect to C overflow vulnerabilities exploits
RQ RQ 5: What is the effectiveness of static analysis tools in detecting the C
overflow vulnerabilities exploit based on the well-defined taxonomy?
RO RO 5: To evaluate the effectiveness of static analysis tools in detecting C
overflow vulnerabilities based on the classes in the constructed taxonomy
2 3 4 5 6 71
Research Questions, Objectives, Assumptions & Scope
Ass
um
ptio
ns
1. Most exploits on vulnerabilities occurs in Windows 32 bit OS although many vulnerabilities are OS dependent.
2. Numbers of exploitation in UNIX or Linux OS are significantly small.
3. 64 bit OS is more secured compared to 32 bit OS.
4. Other programming language is safer.
2 3 4 5 6 71
Research Questions, Objectives, Assumptions & Scope
Scope
1. The main environment is Windows 32-bits OS.
2. The research is limited to Windows XP and 7
3. Only programs built using C language are considered
4. The evaluation was limited to five different analysis tools
5. Studies on program analysis is focus on static analysis.
6. The scope of the research was on C source code.
7. Only vulnerabilities triggering overflows in C programs
2 3 4 5 6 71
Research MethodologiesC Overflow Vulnerabilities Exploit Taxonomy
Theoretical Studies
Software Vulnerabilities
Program Analysis
Vulnerabilities Taxonomy
Taxonomy Construction
Taxonomy Criteria
Vulnerabilities Exploit Taxonomy
Taxonomy Evaluation
Taxonomy Evaluation
Tool Evaluation
Research Framework
2 3 4 5 6 71
Research Methodologies
Theoretical Studies
Taxonomy Construction
Taxonomy Evaluation
Research Phases
2 3 4 5 6 71
Research MethodologiesTheoretical Studies
RQ 1: Why C overflow vulnerabilities still persist although it is common and known for more than two decades?
Pre-analysis on vulnerabilities
and information
security issues
In-depth review on software
vulnerabilities
Critical review on C overflow vulnerabilities
Critical review on program
analysis
Critical review on
vulnerabilities understanding
RO 1: To identify the reasons why C overflow vulnerabilities, despite more than three decades, still persist although there are various methods and tools available.
2 3 4 5 6 71
Research MethodologiesTaxonomy
Construction
RQ 2:: How to improve the understanding and knowledge of software developer on C overflow vulnerabilities from source code perspective?
Development of Criteria for Well-Defined Taxonomy
C Overflow Vulnerabilities Exploits Taxonomy
Construction
RO 2: To construct a well-defined C overflow vulnerabilities exploit taxonomy from source code perspective.
2 3 4 5 6 71
Research MethodologiesTaxonomy
Construction
RQ 2:: How to improve the understanding and knowledge of software developer on C overflow vulnerabilities from source code perspective?
RO 2: To construct a well-defined C overflow vulnerabilities exploit taxonomy from source code perspective.
Critical review on relevant publications
Extracted the criteria for
constructing taxonomy
Detail analysis on the
identified criteria
Construct criteria of well-
defined taxonomy
Review the constructed
criteria
2 3 4 5 6 71
Research MethodologiesTaxonomy
Construction
RQ 2:: How to improve the understanding and knowledge of software developer on C overflow vulnerabilities from source code perspective?
RO 2: To construct a well-defined C overflow vulnerabilities exploit taxonomy from source code perspective.
Critical review on relevant
reports
Formation of Classes
Detail analysis on related
publications
Organized and constructed
the taxonomy
Review the constructed taxonomy
RO 3: To evaluate and validate the constructed taxonomy against the well-defined criteria. RO 4: To evaluate the security vulnerability of window-based operating systems with respect to C overflow vulnerabilities exploits.RO 5: To evaluate the effectiveness of static analysis tools in detecting C overflow vulnerabilities based on the classes in the constructed taxonomy
2 3 4 5 6 71
Research MethodologiesTaxonomy Evaluation
RQ 3: How to evaluate the well-defined C overflow vulnerabilities taxonomy from source code perspectiveRQ 4: Which Windows-based operating system is critical and vulnerable to exploit using C overflow vulnerabilities?RQ 5: What is the effectiveness of static analysis tools in detecting the C overflow vulnerabilities exploit based on the well-defined taxonomy?
2 3 4 5 6 71
Research MethodologiesTaxonomy Evaluation
Evaluate taxonomy against the constructed criteria for well-
defined taxonomy
Measure the criticality and significant of
each identified classes
Measure the criticality of OS
and vulnerabilities exploitation
impact
Evaluate the static analysis
tools effectiveness in detecting the
identified classes
2 3 4 5 6 71
Results and DiscussionCriteria for Well-Defined Taxonomy
1. To ensure that the constructed taxonomy is well-defined and therefore contributes to the improvement of understanding
on C overflow vulnerabilities and hence eliminate or reduce
C overflow vulnerabilities occurrences (Tsipenyuk, Chess, &
McGraw, 2005; Krsul, 1998)
2. Previous works list between 3 (Killourhy,2004) to 18 (Lough, 2001)
• Too less or too many – insufficient or repetitive or not
relevant.
3. 8 relevant criteria that will ensure a taxonomy is well-
defined.
2 3 4 5 6 71
Results and Discussion
No Criteria Purpose
1. Simplicity To ease understanding
2. Organized structures To demonstrate the relationship
3. Obvious To ease the process of classifications.
4. Repeatability For consistency.
5. Specificity / Mutual exclusive /
Primitive
To remove ambiguity
6. Similarity Strengthen the obviousness and
specificity
7. Completeness To remove doubt
8. Knowledge compliant To ease learning and classifying.
1. Criteria for Well-Defined Taxonomy
2 3 4 5 6 71
Results and Discussion
1. Construction guided by the developed criteria
2. Constructed from Source-code perspective
3. Looking into the root cause rather than symptoms
4. Based on various works (Chess and McGraw (2004), Hansmann
(2003) and Howard (2011)) and vulnerabilities reports between late
80s – 2013 published at various site such as MITRE, Kaspersky, IBM
and NIST
2. Taxonomy of C Overflow Vulnerabilities Exploit
Result
A well-defined taxonomy with 10 unique classes .
1. Three of the classes are new; Memory Functions, Variable
Type Conversion and Pointer Scaling/Mixing2. Each has unique characteristics defined from source-code
perspective that triggers overflow
2 3 4 5 6 71
Results and DiscussionTaxonomy of C Overflow Vulnerabilities Exploit
Unsafe Functions
Array Out-of-Bound
Integer Range/Overflow
Return-into-libC
Memory Function
Function Pointer / Pointer Aliasing
Variable Type Conversion
Pointer Scaling / Pointer Mixing
Uninitialized Variable
Null Termination
2 3 4 5 6 71
Results and Discussion2. Taxonomy of C Overflow Vulnerabilities Exploit
Discussion
1. A characteristics based taxonomy
2. Overflow vulnerabilities in application developed using C
language3. Classified classes in a well-defined taxonomy.
4. Focus on exploit methodologies and source-code perspective
5. Comparison to previous work
1. Constructed from the same perspective but in generic
approach and did not focus on exploitation methods from
source-code view such as by Shariar (2011) and Weber
(2005)
2. Specifics to C language too but covers limited C overflow
vulnerabilities such as by Moore (2007), Wilander (2002)
3. Covers many overflow vulnerabilities but in general context
(Tsipenyuk, 2005; Killourhy, 2004);
2 3 4 5 6 71
Results and Discussion –Evaluation
# Type Findings
1 Evaluating the effectiveness and completeness in classifying vulnerabilities using the taxonomy.Please refer to:1. Table 4.3, page 1612. Table 4.4, page 162
1. Classifying vulnerabilities highly dependent on user skill and knowledge in the language itself
2. The taxonomy is effective and complete to classify C overflow vulnerabilities
3. The taxonomy ease user in understanding C overflow vulnerabilities from source-code view.
2 Evaluation on Taxonomy for Comprehensiveness Criterion (please refer to table 4.5, page 165 – 166)
1. The taxonomy covers all overflows till the date the thesis is written
2. There are sites that did not published some of the vulnerabilities due to:
1. Scope / interest area2. Years started to file3. Contributors
2 3 4 5 6 71
Results and Discussion –Evaluation
# Type Findings
3 Evaluation on Relevancies and Significant of Classes in C Overflow Vulnerabilities Exploit Taxonomy.Please refer to:1. Table 4.6, page 1702. Table 4.7, page 1713. Table 4.8, page 172
1. All classes listed in the taxonomy is relevant and significant
2. Most of the classes was filed with medium to high impact and severity
3. There are classes which was last detected in 2009
2 3 4 5 6 71
Results and Discussion –Evaluation
# Type Findings
4 Evaluation on Significant and Relevancies of C Overflow Vulnerabilities Classes and Impact to OS Criticality.Please refer to:1. Table 4.9 – table 4.12 (page 176 –
183)2. Table 4.13 page 1863. Table 4.14 – table 4.17 (page 188 –
193)
1. All OS is vulnerable to C
overflow vulnerabilities exploit. The only different is
difficulties and complexity of exploit.
2. 32bits OS is the most vulnerable and easy to exploit
5 Evaluation on Static Analysis Tools Effectiveness in Detecting Vulnerabilities based on C Overflow Vulnerabilities Exploit Taxonomy (referto Table 4.18, page 197)
1. All static analysis tool has yet to be able to detect all classes.
2. All static analysis still have false negative/positive.
2 3 4 5 6 71
Phases
Section
Phase 1 – Theoretical Studies
Research Question (RQ)
RQ 1: Why C overflow vulnerabilities still persist although it is common and known for more than two decades?
Research Objectives (RO)
RO 1: To identify the reasons why C overflow vulnerabilities, despite more than three decades, still persist although there are various methods and tools available.
Phase Deliverables / Output (RR)
RR 1: Strength and weaknesses of current detection and prevention mechanism RR 2: Gaps in understanding vulnerabilities
Research Summary
2 3 4 5 6 71
Phases
Section
Phase 2 – Taxonomy Construction
Research Question (RQ)
RQ 2: How to improve the understanding and knowledge of software developer on C overflow vulnerabilities from source code perspective?
Research Objectives (RO)
RO 2: To construct a well-defined C overflow vulnerabilities exploit taxonomy from source code perspective.
Phase Deliverables / Output (RR)
RR 3: Criteria of well-defined taxonomy RR 4: Taxonomy of C overflow vulnerabilities exploit
Research Summary
2 3 4 5 6 71
Phases
Section
Phase 3 – Taxonomy Evaluation
Research Question (RQ)
RQ 3: How to evaluate the well-defined C overflow vulnerabilities taxonomy from source code perspectiveRQ 4: Which Windows-based operating system is critical and vulnerable to exploit using C overflow vulnerabilities?RQ 5: What is the effectiveness of static analysis tools in detecting the C overflow vulnerabilities exploit based on the well-defined taxonomy?
Research Objectives (RO)
RO 3: To evaluate and validate the constructed taxonomy against the well-defined criteria.RO 4: To evaluate the security vulnerability of window-based operating systems with respect to C overflow vulnerabilities exploits.RO 5: To evaluate the effectiveness of static analysis tools in detecting C overflow vulnerabilities based on the classes in the constructed taxonomy
Phase Deliverables / Output (RR)
RR 5: Taxonomy validatedRR 6: Significant findings of the research
Research Summary
2 3 4 5 6 71
Conclusion and Recommendations
Research Contribution
Theoretical Contribution
Criteria to Construct Well-Defined
Taxonomy
C Overflow Vulnerabilities Exploit
Taxonomy
Novel Methods to Evaluate Taxonomy
Practical Contribution
Evaluation Methods on Critical OS
Evaluation Methods on 5 Static Analysis Tools
2 3 4 5 6 71
Conclusion and Recommendation
1. C Overflow Vulnerabilities is still relevant2. There is NO well-defined taxonomy specifically focusing on
complete C Overflow Vulnerabilities from source-code perspective for improvement of understanding and knowledge of C developers which looks into the root cause of the
problem. Therefore, this is a taxonomy; “C Overflow Vulnerabilities Exploit” Taxonomy; that is proven from the evaluation done to be helpful and useful.
3. 5 evaluations done that shows the significant and relevancies of each classes in the constructed taxonomy
2 3 4 5 6 71
Conclusion and
Recommendation1.Development of new methods and tools or
improvise current methods and tools to analyse
source code for C overflow vulnerabilities.
2. To further evaluate the taxonomy with larger
group of security experts
3. To use the taxonomy to evaluate commercial
analysis tools.
4. To use the taxonomy to evaluate commercial software using improvise methods and tools.
Q & A“Lack of knowledge and
understanding would produce software with vulnerabilities and
failure of implementing effective security mechanisms”
-Krsul, 1998
Nurul Haszeli Bin Ahmad M.Sc. in Computer Sciences (CS780)Faculty of Computer and Mathematical SciencesUiTM Shah Alamhttp://malaysiandeveloper.blogspot.comlinkedIn / twitter: masteramuk
Supervisor: Prof. Madya Dr Syed Ahmad Sheikh Aljunid (FSMK, UiTM Shah Alam)Dr Jamalul-lail Ab Manan (Advance Computing Lab, MIMOS Berhad)
Thank You