trusted free and open source software (foss) foss hardening
TRANSCRIPT
NATO IST 091 # 18
Robert Charpentier DRDC Valcartier
Dr Mourad DebbabiConcordia University
November 22nd – 23rd , 2010
Trusted Free and Open Source Software (FOSS) FOSS Hardening
2
FOSS Project History
OverviewGuidelines
FOSS in mil
SupportOptions
DefensiveDesign
FOSSAuditing
FOSSHardening
Architecturesfor
Hostile Environments
FOSS: Free and Open Source Software
2003-04 2005 2005
2005-06 2006-09 2008-11
3
Lessons Learned with FOSS
• Adoption of Open Standards should be prioritized
• FOSS must be selected on its technical advantages
• Hybrid architectures using COTS and FOSS are often best
• Access to source code has proven very beneficial and practical
• FOSS offers more options for long-term maintenance
4
FOSS Project History
OverviewGuidelines
FOSS in mil
SupportOptions
DefensiveDesign
FOSSAuditing
FOSSHardening
Architecturesfor
Hostile Environments
FOSS: Free and Open Source Software
2003-04 2005 2005
2005-06 2006-09 2008-10
5
Preprogrammed Security
Preprogrammed SecurityExisting Software Existing Software
Software Weaving
Secure Software
Ref: TFOSS project (2006 –2009) – Concordia, DRDC, NSERC & Bell
6
TFOSS Project Themes
FOSS: Free and Open Source Software
7
TFOSS Project Themes
FOSS: Free and Open Source Software
8
TFOSS Project Themes
FOSS: Free and Open Source Software
9
TFOSS Project
FOSS: Free and Open Source Software
10
TFOSS Students
1. Vulnerability Detection:
2 Ph.D. + 2 M.Sc.
2. Security Hardening Patterns and Plans:
1 Ph.D. + 1 M.Sc.
3. AOP Security Weaving:
2 Ph.D. + 1 M.Sc.
AOP: Aspect-Oriented Programming
11
Security Hardening Definition
• Process and methodology used to
– remove vulnerabilities, and/or
– add security functionalities, and/or
– prevent their exploitation in existing software
12
Analysis and Hardening on GIMPLE
Java/C++/C/ADA/Fortran …
Secured Executable
Security Features
• Facilitate introducing new security features into AOP languages.
• Unify the matching and weaving processing in mainstream languages
GCC: GNU Compiler Collection
13
Hardening on GIMPLE
GCC: GNU Compiler Collection
14
Case Studies
• Inspired by CERT and US Homeland Security coding rules
• Vulnerabilities:
– Unsafe creation of chroot jail
– TOCTOU
– Unsafe temporary file creation
– Use of deprecated function
– Etc.
• Well-known FOSS packages:
– Openssh-5.0p1 (encryption and authentication)
– Shadow-4.1.1 (handles passwords)
– Patchutils-0.1.5 (operates on patch files)
– Binutils-2.19.1 (manipulation of object code)
– Inn-2.4.6 (news server)
– Etc.
15
Implementation & Experiment
• Analyzed packages: 35 Linux packages written in C– apache-1.3.41, krb5-1.6, binutils-2.19.1, openssh-5.0p1, shadow-4.1.2.2, inn-2.4.6,
openca-tools-1.1.0, freeradius-2.1.3, amanda-2.5.1p2, zebra-0.95a, etc.
• Experiment result summary:
Error: Total reported errorsErr: Real errorsFP: False positivesDN: Statically undecidable errors
16
Race Conditions
Race Condition TOCTTOU
17
Temporary Files
Temporary File Errors
18
Data Flow Analysis
Comparison between Data Flow Analysis and Control Flow Analysis
19
Conclusion
• Methodologies, Techniques & Toolsets:– For security evaluation of software:
• Assisted vulnerability detection in GIMPLE
• Automated test generation (not covered today)
– For security hardening :
• Automated code injection in GIMPLE (i.e. GCC)
• Results available to the NATO community
20
TFOSS Project Team (11 March 2008)
21
TFOSS Lead Team
Dr. M. Debbabi + 3 other ProfessorsConcordia University
R. Charpentier + Capt. J. FurlongDRDC and CF
R. Low + 2 Bell analystsBell Canada
22
Thanks to: Marc-André Laverdière, Nadia Belbidia, Syrine Tlili, Dima Alhadidi, Aiman Hanna,
Xiaochun Yang, Azzam Mourad, Zhenrong Yang, Amine BoukhetoutaRachid Hadjidj, Hakim Idrissi Kaitouni, Hai Zhou Ling
Bell Canada and NSERC