Application Security CSS 548 Dan Chock What are some ways that compilers can affect application security Improving Application Security Checking for and preventing potential vulnerabilities ID: 238325
Download Presentation The PPT/PDF document "Compilers and" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Compilers and Application Security
CSS 548
Dan ChockSlide2
What are some ways that compilers can affect application security?
Improving
Application SecurityChecking for and preventing potential vulnerabilitiesAdditional Effects on SecurityUnderstanding compiler optimization for binary obfuscationReducing Application SecurityCompiler vulnerabilities and backdoors
OverviewSlide3
More Secure CodePreventing
stack buffer overflow exploitation via canaries
Improving Application Security
“Anatomy
of a Stack Smashing Attack and How GCC Prevents
It”,
Dr.
Dobbs, Oliver Mueller, June 19, 2012Slide4
Improving Application Security
GCC Options
-fstack-protector; -fstack-protector-all
Adds a guard variable
(aka canary)
to functions that are initialized when a function is entered and checked when exited. If a guard check fails the program exits.
Visual Studio Switches
/
GS
Shadowing
to protect class member definitions, stack data reordering to protect function pointersSlide5
/
sdl
– Superset of /GS, expands scope and treats select security warnings as errors Improving Application Security
Warning
Switch
Description
C4146
/we4146
A unary minus operator was applied to an unsigned type, resulting in an unsigned result
C4308
/we4308
A negative integral constant converted to unsigned type, resulting in a possibly meaningless result
C4532/we4532 Use of “continue”, “break” or “goto” keywords in a __finally/finally block has undefined behavior during abnormal terminationC4533/we4533Code initializing a variable will not be executedC4700/we4700 Use of an uninitialized local variableC4789/we4789Buffer overrun when specific C run-time (CRT) functions are usedC4995/we4995 Use of a function marked with pragma deprecatedC4996/we4996 Use of a function marked as deprecated
“Compiler Security Enhancements in Visual Studio 11”,
SDL Team, MSDN, Dec. 2, 2011Slide6
Binary Obfuscation
volatile
keywordAdditional Effects On Security
“Binary Obfuscation from the Top Down”, Sean TaylorSlide7
“Binary Obfuscation from the Top Down”, Sean Taylor
Binary Obfuscation
volatile
keywordSlide8
Compiler VulnerabilitiesInsecure Compiler
Optimization
Improperly removing sensitive data from memoryDead store removal - code that is used to overwrite memory is removed by the compilerCompiler backdoorsModifying compiler to recognize specific code while compiling and include a backdoor in the outputKen Thompson - “Reflections on Trusting Trust” describes modified C compiler that would backdoor the login command to accept backdoor passwordReducing Application SecuritySlide9
Compiler/hardware approaches to embedded systems security [1]
Secure compiler inserts hidden code into the compiled code that is validated during run-time by
hardwareSecurity-preserving compiler for distributed programs [2]Four stages: slicing, control flow protection (to keep track of state), replication (implement distributed program variables as local replicas), and cryptography (insert crypto operations to protect variable
changes)
Specialized Compilers and SecuritySlide10
[1] “Performance Study of a Compiler/Hardware Approach to Embedded
Systems Security”,
Kripashankar Mohan, Bhagi Narahari, Rahul Simha, Paul Ott1,Alok Choudhary, and Joe Zambreno[2] “A Security-Preserving Compiler for Distributed
Programs From
Information-Flow Policies to Cryptographic
Mechanisms”,
Cédric
Fournet
,
Gurvan
Le
Guernic, Tamara RezkAdditional References:Slide11
Questions?