Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Trustworthy Systems from Un-Trusted Components
PRESENTED BY PROF. ABHIK ROYCHOUDHURYNATIONAL UNIVERSITY OF [email protected]
http://www.comp.nus.edu.sg/~tsunami
2
Vulnerability Discovery
Binary Hardening
Verification Data Protection
Agency Collaboration
Industry Collaboration
Education – NUS (Bachelors in Infosec)
Research Outputs – Publications, Tools, Academic Collaboration, Exchanges, Seminars, Workshops
Enhancing local capabilities
Ongoing NRF Project Overall Outlook
ProjectHighlightsUsageandResearchimpact◦ IntegrationtowidelyusedtoolslikeAFLwithactiveusergroups◦ DARPACGCbinaries– findscrashesfaster>10times◦ Integratedintothemostwidelyusedsecuritytestingtool
◦ Angelix toolonautomatedprogramrepair ◦ SecurityVulnerabilitiesremainun-patchedforlong….
ResearchVisibility◦ Invitedtalks atSummerSchoolonInformationSecurityandmanyothervenues◦ IEEEInnovationSpotlight2018fromamongallIEEEarticle.
EducationalImpact◦ DegreePrograminInfosec atNUSstartedconcurrently◦ Modulesbeingcreatedusingoutcomesoftheproject◦ Hands-onCTFeducation inexistingclassesusingprojectoutcomes.
3
ScholarlyImpact◦ High-citation trend
◦ Dataorientedprogramming,April2016[FWCI22.89]
◦ Angelix paperonautomatedprogramrepair,May2016[FWCI26.09]◦ Homerunpaperswithfieldweightedcitationimpact>20
◦ Dagstuhl work-shoponAutomatedRepairorganized– January2017◦ RecentInvitedtalks◦ DistinguishedLectureatLuxembourgS&Tcenter,January2017◦ KLEEworkshoponSymbolicExecution,April2018◦ 9th InternationalSummerSchoolonInformationSecurityandProtectionJuly2018◦ https://cs.anu.edu.au/cybersec/issisp2018/
◦ Publications:CCS,NDSS,Usenix Security,S&P,ICSE,FSE
4
Highlights
SampleTechnologiesfromTSUNAMiAFLFast— 10xfaster thanAFL◦ 1st place@Hackernews◦ 2nd place@DARPACGC(TeamCodejitsu)◦ 6 CVEs@USNationalVulnerabilityDatabase(initial countonlyduringpublication)
◦ 180 stars@Github (+90forks)◦ 2000USD@GoogleSecuritybugbounties◦ Integrated intomain-lineAFL
AFLGo— 1stdirected greybox fuzzer◦ 17CVEs@USNationalVulnerabilityDatabase
◦ 39bugs@security-critical internet libraries (libxml)
◦ 41stars @Github (9forks)
◦ Outperforms state-of-the-artinpatchtesting(KATCH)
◦ Outperforms state-of-the-artincrashreproduction(BugRedux)
5PRESENTATIONTONRFEXPERTPANEL,FEB23,2018
LowFat— EfficientBinaryHardeningDetects stack/bufferoverflowsandtypeconfusionattacks17% performanceoverhead(vs.45%state-of-the-art)12%memoryoverhead(vs.700%state-of-the-art)IntegratedwithAFLFastandAFLGotodetectmorevulnerabilitiesmoreefficiently!
1
6
SecureSmartNationInfra-structure
CertificationofsoftwareforIoT devicesinsmarthome,smarthealth,robots/dronesFocusonenvironmentawarefunctionalitycertification,butalsoweaveinnon-functionalpropertiesCapabilitiesforsuchcertificationexistinNUS,andsomepartnershipsfortranslation,butmoremaybeneeded.
TSUNAMi projectTSUNAMiProject◦ ReactiveSoftwareSecurity(WP1)◦ AutomatedVulnerabilityDetection◦ AutomatedVulnerabilityRepair
◦ ProactiveSoftwareSecurity(WP2+WP3)◦ AutomatedHardening◦ AutomatedProtocolVerification
◦ AssumingCompromisedOperatingSystem(WP4)◦ EnsuringSecureApplicationExecution
WP1: Binary Analysis
• Directed Fuzzing as an optimization problem (No constraint solving)• Program analysis moved to instrumentation time
to retain efficiency of greybox fuzzing.• Distance to targets efficiently computed at runtime.• Find global minimum using search meta-heuristic – Simulated Annealing
• Results: outperforms KATCH and BugRedux. 17 CVEs assigned• Application: patch testing, crash reproduction, information flow analysis
AFLGo: Directed Greybox Fuzzing
[CCS’17]
• Model Greybox Fuzzing as Markov chain • Design power schedules to regulate the “energy” to gravitate path
exploration towards low-frequency paths• Results & Impact
• 10x faster than the state of the artReceived 2000 USD @Google bug bounty
• Outperforms KLEE on vulnerability detection • 2nd place (on vulnerability detection)
@DARPA CGC (Team Codejitsu)• 6 CVEs
AFLFast: Coverage-based Greybox Fuzzing
[CCS’16, TSE’18]
• Point-of-failure and Call-stack based Bucketing do not take program semantics into account leading to over-condensing, send-bucket and long-tail problems
• Our symbolic analysis based solution• Identify culprit constraint• Use culprit constraint as semantic “reason” of failure• Group failing paths having same “reason” together
Bucketing Failing Test via Symbolic Analysis
p1
f1f2 f3 f4x xx
b2b1
b4
b3
b5
Culpritconstraint
[FASE’17]
AutomatedProgramRepair
12
1intsearch(intx,inta[],intlength){2inti;3for(i=0;i<length;i++){4if(x==a[i])5returni;6}7return−1;8}
(a) Correctlinearsearch
1 int search(int x,int a[],int length){2 int L=0;3 int R=length-1;4 do{5 int m=(L+R)/2;6 if(x==a[m]){7 returnm;8 }elseif(x<a[m]) {//bugfix:x>a[m]9 L=m+1;10 }else{11 R=m-1;12 }13 }while(L<=R);14 return-1;15 }
(b)Buggybinarysearch
User-definedcondition: length=3&a[0]<a[1]<a[2]
Verificationcondition
ExperimentsonembeddedLinuxBusybox
SemGraft (ICSE18)
13
Verificationcondition
Counterexample
IsSAT?Negate
Patchfound
Buggyprogram
IsSAT?
Angelicforest
IsSAT?
Componentlibrary
Candidatepatch
No
Yes
Yes
Yes
Buggyprogram
Referenceprogram
Symbolicanalysis
WP2: Binary Hardening
• EffectiveSan is a comprehensive dynamic type checker for C/C++ programs• Key observation: most C/C++ vulnerabilities are type errors:
• EffectiveSan directly detects the following classes of error:• Type errors (type confusion, bad casts, etc.)• Bounds errors (buffer overflows, etc.)• Sub-object bounds errors (overwriting vptrs, etc.)• Use-after-free, reuse-after-free, and double free errors
EffectiveSan: Dynamically Typed C/C++
[PLDI’18]
• EffectiveSan stores meta data (META) at the base of all objects• Given p into object q, use low-fat pointer base(p) to find (META)
• (META) stores the dynamic type which is checked at runtime
How EffectiveSan Works
LOWFAT
[PLDI’18]
WP3: Formal Verification
• The interaction between components is termed as protocols• E.g., Single-Sign-On (SSO) protocol: the communication among a browser, a web
server and a website using SSO service
Communication as protocol
A.com
Username&password
User(Client)
IdentityProvider(IdP)
Accesstoken
Accesstoken
login
• Developed a framework to extract protocols from messages and perform formal analysis
• Protocol extraction• Protocol modelling• Model verification• Result confirmation
Communication as protocol
ModellingProtocolExtraction
Analysis
ProtocolModellingRefine
Finished?
RepeatRefinement
AttackerModel
ProtocolFuzzing
Model
FormalVerification
ReportReportAnalysis
Confirmedvulnerability
ReconstructAttack
AttackerModel
SDKAnalysis Security
PropertyNetworkTraces
NY
RefinedProtocol
Verification
• Formal verification of the communication/protocols are necessary• Protocols, especially security protocols, are error-prone
• Model checking based on PAT (Process Analysis Toolkit)• Protocol: CSP# model• Security properties: assertions or LTL• Built a PAT library for modelling
cryptographic primitives and reasoning on attacker knowledgebounded sessions
Formal verification of protocols
[ICFEM‘17]
• Verification of security protocols with unbounded sessions• Stateful security protocols - global states which influence the protocol behavior
and may unboundedly evolving• Developed a specification framework based on horn clauses• Developed a verification algorithm for verifying stateful security protocols with
unbounded evolving of global states
Formal verification of protocols
YES
NOOR
Representashornclauseswithstates
Deductionofatargetedrule
Stateful protocol
protocol
state
change
influence
Reasoning• Knowledgeforward
searchfortheattacker• Statebackwardsearchto
findavalidevolvingtraceSpecificationFramework
VerificationAlgorithm
Result
[ICFEM‘17]
WP4: Sensitive Data Protection
ConstantLatencyRead-OnlyORAM§Leakageviadataaccesspatternsiscommon
§ObliviousRAMincursatbestO(logN)overheadforread/writeaccesses
§KeyInsight:Forread-onlydata,shuffle&accessstepscanbeparallelized
§OurApproach:With√Ntrustedhardware(SGX)coresontheserver§ Distributeworkineachshufflesteptomultiplethreads§ Thismatchestherateofaccessandshuffleoperations
§Result:Constantlatencywithsufficientcomputationalcores(80threads)§ 0.3secondstofetchablockof256KB
RQ:Canweachieve“constantlatency”forspecificcaseinrealapplications?
EncryptedRAM
EncryptedCloud Storage
Peer-to-peer/Distributedsystem
Secretkeys
Userqueries
OnlineBehavior
Photos
Music
PDFs
Videos
• Micro-containers with• Targeted 20K-30K lines of code of TCB• Unlike LibOSes, Panoply doesn’t virtualize the namespace
Panoply: Micro-containers for SGX
[NDSS’17]
• Tool-chain and OS support for new security • Primitives and encrypted computation• Panoply prototype
• Security primitives supporting application execution• Limited SDK, Compiler, and library support• Currently tested for 4 case studies
Panoply: Micro-containers for SGX
[NDSS’17]
• HTTP/2WebserverwithpriviledgeseparattiontopreventNeverbleedH2O
• DistributedAnonymousNetworkTOR• DatabasestreamingapplicationFreeTDS• PopularSSL/TLSandcryptographiclibraryOpenSSL