1 of 25 slides
Understanding and Countering Insider Threats InSoftware Development
Michael FranzUniversity of California, Irvine
Presented by Ivan HristovDepartment of Computer ScienceDresden University of Technology
Winter Semester 2008
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 2 of 25 slides
Part I
Presentation
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 3 of 25 slides
”Bug or feature?”
Bugs - bad mistakes or good profit
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 4 of 25 slides
Bugs can be power!
”Ispa Scientia Potestas Est - Knowledge is power.”
Sir Francis Bacon
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 5 of 25 slides
The Problem
We live in a chaos!
There are bad guys that want bugs!
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 6 of 25 slides
Aim(s)
What for?
“zombie farms”
phishing
governmental back doors
other purposes
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 7 of 25 slides
Conspiracy theory
Trojan horse
$50 billion dollars industry
espionage, “moles”
“protection”
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 8 of 25 slides
Sources of software bugs
Important aspects to consider
”doors behind the back doors”
stocks always matter
outsourcing
how well your company treats you
the good old friend Buddy
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 9 of 25 slides
Open source utopia
Some problems
- Lack of resources
- “Untraceability”
- Open source
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 10 of 25 slides
Author’s Solution
The idea
Fault tolerance mechanism through
Versioning
Parallelism
Consistency check
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 11 of 25 slides
Author’s Approach
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 12 of 25 slides
Problem subset
What’s treated?
1st arbitrary code execution
2nd specific input
What’s NOT treated?
covert channels
”time bombs”
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 13 of 25 slides
Use case
Scenario
buffer overflows
specific input
”out-of-specification” behavior
knowledge determinism
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 14 of 25 slides
Existing defense strategies
Basic idea
Ruin the attacker’s knowledge determinism
Drawback
Randomization is difficult
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 15 of 25 slides
Proposed defense strategy
Improvement
slightly different versions
parallelism
monitoring
optionally - randomization
Basic idea
One specific input is meaningful to only one program version
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 16 of 25 slides
Basic Idea
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 17 of 25 slides
Basic Idea
Two variants of the same program.[Fra08]
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 18 of 25 slides
Additional variation
Where?
register reallocation
heap randomization
code relocation
OS Entry Point Randomization
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 19 of 25 slides
Checkpointing - take the shortcut
Overall process
1st identical inputs
2nd behavior synchronization
3rd internal states monitoring
How far do you trust your OS?
OS calls as synch points
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 19 of 25 slides
Checkpointing - take the shortcut
Overall process
1st identical inputs
2nd behavior synchronization
3rd internal states monitoring
How far do you trust your OS?
OS calls as synch points
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 20 of 25 slides
Checkpointing - stay on the safe side
Trusted Computing
1st trusted hypervisor
2nd hardware component
3nd additional registers
Cost?
0.001% of the total CPU transistor amount
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 20 of 25 slides
Checkpointing - stay on the safe side
Trusted Computing
1st trusted hypervisor
2nd hardware component
3nd additional registers
Cost?
0.001% of the total CPU transistor amount
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 21 of 25 slides
Slightly Different Versions
HOWTO create multiple versions?
HW virtualization
storage address remappings
hypervisor on-demand code translation
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 22 of 25 slides
Overall architecture
Trusted Code Base
TCB is a hypervisor.[Fra08]
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
Introduction Motivation Defense Discussion 23 of 25 slides
Some discussion points
Does virtualization equate panacea?
What type of cost is the important one?
Checkpoint protocols scheduling?
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
24 of 25 slides
Part II
References
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
25 of 25 slides
Michael Franz.Understanding and countering insider threats in softwaredevelopment.International MCETECH Conference, pages 81–90, 2008.
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine
25 of 25 slides
Part III
Questions?
Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine