Click here to load reader

Implementation Assurance

  • View

  • Download

Embed Size (px)

Text of Implementation Assurance

  • Implementation Assurance

  • 3

    Security engineering is about building systems to remain dependable in the face of malice, error and mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.

    (by Ross Anderson)

    Security Engineering

  • 4

    SDL (Security Development Lifecycle)

  • (Common Criteria)

  • 6

    (Common Criteria)

    Samsung Smart TV Security Solution(received CC EAL1 certification)

    LG Smart TV Application Security Solution(received CC EAL2 certification)

    LG Smart TV Samsung Smart TV

  • 7

  • 8

    Threat-Risk Modeling supports

    Security ( ) and security ( ) identification

    Systematic ( ) and penetration testing Structured penetration testing

    Secure code review

    Threat-Risk Modeling

    (Quan Heng Lim, "Pentesting Methodology 101",

  • 9

    MSs STRIDE Threat Modeling Tools

  • 10

    Threat Modeling also Deals with..

    (Carl Ellison, "Ceremony Design and Analysis )

  • 11

    Threat Modeling also Deals with..

  • 12

  • 13

    Validation & Verification

    Validation :

    Verification :

  • 14

    Formal means two things : A mathematical (not English) ( ) An exhaustive ( ) method (not

    simulation) ( ) coverage (i.e., over all possible

    sequences of test vectors)

    Sometimes semiformal is used to mean Formal specification, but not verification, or Nothing formal, but using similar algorithms.

    ( ) coverage

    What is Formal Method?

  • 15

    What is Formal Method?

    The Real World

    Formal Specification

    CodeAlgorithm / Code

  • 16

    Informal simulation methodology

    Semiformal simulation methodology

    Formal verification methodology

    What is Formal Method?

  • 17

    Theorem Proving

    Model Checking

    What is Formal Method?

  • 18

    What is Formal Method?

  • 19

    Theorem prover

    Accepts assumptions (givens) & goal in some notation

    Tries to produce proof of goal, starting from assumptions

    Using only a sequence of allowed inference rules & theorems

    Theorem proving tools may be either :

    Automated Interactive (proof assistant)

    Theorem Proving-Based Testing

  • 20

    General purpose theorem prover ( ) was used to reason 5 classic authentication protocols and their variation.

    ( ) was used to analyze the Needham-Schroeder protocol and SET.

    ( ) was used to verify authentication protocol.

    Theorem Proving-Based Testing

  • 21

    Assume there is a formal model M for the specification of the System under Test (SUT).

    Specify the security goals (e.g., confidentiality, authenticity).

    A model-checker will report M |= for all security properties defining the security goals of the model.

    Model-Based Security Testing

  • 22

    But program verification is ( )! (by Alan Turing)

    Even if the problem were in theory solvable for a given system, there are two common reasons that make a solution ( ):

    The behaviour of the system or parts of the system may not be amenable to a mathematical treatment, or

    The system may simply be too complex for verification to be feasible.

    Model-Based Security Testing

  • 23

    In 1996, model checker ( ) was used to exhibit a flaw in the Needham-Schroeder protocol.

    Since then many other model check tools or other proving tools showed the same thing.

    Other protocols were or are being checked. SSL by Stanford IKE, SET by Meadows Netbill electronic payment protocol

    Model-Based Security Testing

  • 24

    Model-Based Security Testing

  • 25

    Model-Based Security Testing

  • 26

    Strengths : ( ) Can provide ( ) guarantees.

    Weaknesses : ( ) between the model and the

    SUT has to be addressed. Model creation is burden on programmer The model might be incorrect. If verification fails, is the problem in the model

    or the program?

    ( ) issues

    Model-Based Security Testing

  • 27

    Security Testing Techniques in the Secure Software Development Lifecycle

    But, Model-Based Testing Is Not Easy..

  • 28

    Also known as Source Code Analysis or White-Box Testing.

    Techniques :

    Code-Based Testing and Static Analysis

  • 29

    Strengths : ( )

    Can provide ( ) guarantees - that is, a static analysis system can show, with certainty, that a given piece of binary code is secure.

    ( )

    Weaknesses : Resulting in a large amount of ( ).

    ( ) provide actionable input (i.e., an example of a specific input that can trigger a detected vulnerability).

    Code-Based Testing and Static Analysis

  • 30

    Also known as Black-Box Testing.

    Techniques :

    Strengths : Can provide ( ).

    Pentesting and Dynamic Analysis

  • 31

    Plan : ( ) should be done early to be effective (Waterfall model)

    The earlier you find problems, the easier it is to fix them.


    Check : ( ) (dynamic analysis)


    Threat Modeling vs. Pentesting

  • 32

    Pentesting cannot replace threat modeling! Pentesting should be used as

    an adjunct to threat modeling.

    Threat Modeling vs. Pentesting

  • 33

    Threat Modeling vs. Pentesting

  • 34

    Threat Modeling vs. Pentesting

  • 35

    Threat Modeling vs. Pentesting

  • 36

    Threat Modeling vs. Pentesting

  • 37

    Threat Modeling vs. Pentesting

  • 38

    Pentesting Can't Guarantee Coverage!

    Pentesting can identify some vulnerabilities for repair. However,

    the failure of any particular penetration team to find

    vulnerabilities does not imply their absence. It only indicates that the team failed to find any. This is the

    reason we need a rigorous development process (i.e., Security

    Engineering or SDL).

    1) Daniel Jackson et al., "Software for Dependable Systems: Sufficient Evidence?"

  • 39

    How to Get Code-Proof

  • 40

    How to Get Code-Proof

    Aaron Tomb (Galois, Inc), "Assuring Crypto Code with Automated Reasoning",QCon, London, March 2017

  • 41

    There are rarely any guarantees that real-world cryptographic implementations match the mathematical specifications

    targeted by cryptanalysis research.

    How to Get Code-Proof

  • 42

    How to Get Code-Proof

    ( Aaron Tomb, "Automated Verification of Real-World Cryptographic Implementations)

  • 43

    Equivalence-Checking : Checks whether two functions, f and g, agree on all inputs

    Safety-Checking : Checks run-time exceptions. Given a function f, we would like to know if f's execution can perform operations such as division by zero or index out of bounds.

    How to Get Code-Proof

    David A. Ramos and Dawson R. Engler, "Practical, Low-Effort Equivalence Verificationof Real Code", CAV 2011 : This shows a technique for performing a semantic equivalenceverification of new implementations vs reference implementations using a modified version of KLEE.

  • 44

    Several Ways to Link Model with Prog.

    Matteo Avalle, Alfredo Pironti, Riccardo Sisto, "Formal Verification of Security ProtocolImplementations: a Survey", Formal Aspects of Computing, January 2014.

  • 45

    Several famous theorems (particularly Gdels incompleteness theorem and Rices theorem) imply that its impossible to write a program that can always construct a proof of some arbitrary theorem (or some arbitrary property of a piece of software). Because of these theoretical limits, ( ).

    In practice, however, ( )contains characteristics that make many of its properties ( ).

    The Limits of Automated Proof

  • 46

    Haskell based DSL (Domain-Specific Language) for writing ( )

    DSL :


    Lewis JR, Martin B., "Cryptol: High-Assurance, Retargetable Crypto Development and Validation", MILCOM 2003

  • 47

    Created by Galois Inc. with support from ( )

    Cryptol specifications can be used to verify various implementations

    C code, VHDL, etc.


    Lewis JR, Martin B., "Cryptol: High-Assurance, Retargetable Crypto Development and Validation", MILCOM 2003

  • 48

  • 49( "Verified correctness and security of OpenSSL HMAC", Usenix Security Symposium 2015)

  • 50

  • 51

  • 52

    The key strategy is to upgrade weapon systems to qualify as High-Assurance Cyber Military Systems (HACMS),

    strategically designed to better withstand a cyber attack.

  • 53

  • 54

  • 55

  • (CW-TEC : Cyber Weapon Test and Evaluation Center)

    (High-Assurance Cryptography)

    (High-Assurance SystemNetwork)

    (High-Assurance Management


    ( : , : )

    ( : ) ( : ) ( : )

    ( ) ( ) ( )

    Red Team