Return to book
Review this book
About the author
Introduction
1. Access Control
2. Authentication
3. Biometrics
4. Crypto Engineering
- 4.1. Software Crypto
- 4.2. Hardware Crypto
5. Malware
- 5.1. Virus
- 5.2. Worm
- 5.3. Trojan Horse
- 5.4. Writing Virus
- 5.5. Rootkits
- 5.6. Anti-virus software
- 5.7. Inside popular software
6. Protecting Clients
7. Security and Usability
- 7.1. User Interface (UI)
- 7.2. Passwords
- 7.3. Cognitive Experiment
- 7.4. Insider Attacks
8. Secure Programming
- 8.1. Buffer overflow
  - 8.1.1. Buffer Overflow Protections
  - 8.1.2. Exploit Buffer Overflow
- 8.2. Secure C practice
- 8.3. secure-sensitive program
9. Physical Security
10. (Web Service) Architecture
- 10.1. Contents and Scripts
11. Confinements
- 11.1. chroot
- 11.2. JVM
- 11.3. Network Identity
- 11.4. Virtual Machine
- 11.5. Sandbox
12. Program Structure
- 12.1. Case study: 4.3BSD FTP Daemon
- 12.2. Case study: mailer
- 12.3. Case study: Web Browser
13. Security Analysis
- 13.1. Construction vs. Destruction
- 13.2. Analyze individual programs
- 13.3. Analyze overall system
- 13.4. Software Engineering Code of Ethics
- 13.5. Tools part 1: OS system calls
- 13.6. Tools part 2: fuzzing and more
- 13.7. Reconnaissance
14. The Internet of Things
- 14.1. Embedded Systems (Smart Devices)
- 14.2. Internet of Things Architecture
- 14.3. Case study: Thermostat
15. Logging
- 15.1. Loggin in practice
- 15.2. Log Incidents
- 15.3. Case study: PHP4 web server attack
16. After An Attack
- 16.1. Analyze a hacked system
- 16.2. Deleted Files
- 16.3. Monitor Intrusion
- 16.4. Conclusion
17. System Structure
- 17.1. Case study: build an e-commerce
- 17.2. Network Operation Center
- 17.3. Router Link Weakness
- 17.4. Remote Access
- 17.5. Question: store credit card number in database?
- 17.6. General Principle
18. Exams
- 18.1. Fall 2014 Midterm
- 18.2. Fall 2013 Midterm
- 18.3. Fall 2010 Midterm
- 18.4. Fall 2008 Midterm

Security Architecture and Engineering

Analyze individual programs

Complexity is the enemy of security.

What to look for?

Typical errors: buffer overflow, race conditions, etc.
- Buffer overflow candidates: gets(), strcpy(), sprintf()..
- TOCTTOU races: access(), stat() other than fstat()..
- Check declaration, should use malloc:
```
char buf[1024]; // bad declaration
```
- Not as easy as it sounds -- buffer sizes not always obvious
```
void buildmsg(char *dst, char *s, char *msg){
sprintf(dst, "Error: %s: %s\n", s, msg);
return;
}
```

Only check security sensitive programs.

Case Study: date command

$ date
Mon Nov 17 21:51:03 EST 2008
$ TZ=/usr/share/zoneinfo/Pacific/Guam date
Tue Nov 18 12:51:11 ChST 2008
$ TZ=/usr/share/zoneinfo/Pacific/Tahiti date
Mon Nov 17 16:51:20 TAHT 2008

BLIND TESTING: in the case of timezone, it won't find the error.
You can write test cases there's something to test for.
- grep for suspect functions.

Flow Analysis

We need to understand the paths to each suspect call.
We can use compilers to help us understand complex paths (analyze call stacks, to the low level).

Call graph:

  $ cflow env/*.c

  main() <int main (int argc,char **argv) at env/env.c:55>:

  setlocale()
  getopt()
  usage() <void usage (void) at env/env.c:94>:
  fprintf()
  exit()
  strchr()
  setenv()
  execvp()
  err()
  printf()
  exit()

flow analysis

Digression: Run-Time Checks

Best example: Perl's "taint mode"
- Data from untrustworthy sources: command-line arguments, environment variables, file input, etc. -- is marked as "tainted".
- Any variable derived from a tainted variable is marked “tainted”.
- Certain operations cannot be performed with tainted input; a run-time exception is generated.
- Read more on Perl's taint mode.

Individual programs are hard to analyze

Subprocedures make life hard.
Most routines are called from many different places, with different arguments.
Arguments passed may be arguments from a higher-level procedure.
Buffers may be dynamically allocated.