- Home
- Engineering
*Implementation Assurance*

Click here to load reader

View

192Download

4

Embed Size (px)

Implementation Assurance

3

Security engineering is about building systems to remain dependable in the face of malice, error and mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.

(by Ross Anderson)

Security Engineering

4

SDL (Security Development Lifecycle)

(Common Criteria)

6

(Common Criteria)

Samsung Smart TV Security Solution(received CC EAL1 certification)

LG Smart TV Application Security Solution(received CC EAL2 certification)

LG Smart TV Samsung Smart TV

7

8

Threat-Risk Modeling supports

Security ( ) and security ( ) identification

Systematic ( ) and penetration testing Structured penetration testing

Secure code review

Threat-Risk Modeling

(Quan Heng Lim, "Pentesting Methodology 101",https://blog.horangi.com/pentesting-methodology-101-28151c53eebf)

9

MSs STRIDE Threat Modeling Tools

10

Threat Modeling also Deals with..

(Carl Ellison, "Ceremony Design and Analysis )

11

Threat Modeling also Deals with..

12

13

Validation & Verification

Validation :

Verification :

14

Formal means two things : A mathematical (not English) ( ) An exhaustive ( ) method (not

simulation) ( ) coverage (i.e., over all possible

sequences of test vectors)

Sometimes semiformal is used to mean Formal specification, but not verification, or Nothing formal, but using similar algorithms.

( ) coverage

What is Formal Method?

15

What is Formal Method?

The Real World

Formal Specification

CodeAlgorithm / Code

16

Informal simulation methodology

Semiformal simulation methodology

Formal verification methodology

What is Formal Method?

17

Theorem Proving

Model Checking

What is Formal Method?

18

What is Formal Method?

19

Theorem prover

Accepts assumptions (givens) & goal in some notation

Tries to produce proof of goal, starting from assumptions

Using only a sequence of allowed inference rules & theorems

Theorem proving tools may be either :

Automated Interactive (proof assistant)

Theorem Proving-Based Testing

20

General purpose theorem prover ( ) was used to reason 5 classic authentication protocols and their variation.

( ) was used to analyze the Needham-Schroeder protocol and SET.

( ) was used to verify authentication protocol.

Theorem Proving-Based Testing

21

Assume there is a formal model M for the specification of the System under Test (SUT).

Specify the security goals (e.g., confidentiality, authenticity).

A model-checker will report M |= for all security properties defining the security goals of the model.

Model-Based Security Testing

22

But program verification is ( )! (by Alan Turing)

Even if the problem were in theory solvable for a given system, there are two common reasons that make a solution ( ):

The behaviour of the system or parts of the system may not be amenable to a mathematical treatment, or

The system may simply be too complex for verification to be feasible.

Model-Based Security Testing

23

In 1996, model checker ( ) was used to exhibit a flaw in the Needham-Schroeder protocol.

Since then many other model check tools or other proving tools showed the same thing.

Other protocols were or are being checked. SSL by Stanford IKE, SET by Meadows Netbill electronic payment protocol

Model-Based Security Testing

24

Model-Based Security Testing

25

Model-Based Security Testing

26

Strengths : ( ) Can provide ( ) guarantees.

Weaknesses : ( ) between the model and the

SUT has to be addressed. Model creation is burden on programmer The model might be incorrect. If verification fails, is the problem in the model

or the program?

( ) issues

Model-Based Security Testing

27

Security Testing Techniques in the Secure Software Development Lifecycle

But, Model-Based Testing Is Not Easy..

28

Also known as Source Code Analysis or White-Box Testing.

Techniques :

Code-Based Testing and Static Analysis

29

Strengths : ( )

Can provide ( ) guarantees - that is, a static analysis system can show, with certainty, that a given piece of binary code is secure.

( )

Weaknesses : Resulting in a large amount of ( ).

( ) provide actionable input (i.e., an example of a specific input that can trigger a detected vulnerability).

Code-Based Testing and Static Analysis

30

Also known as Black-Box Testing.

Techniques :

Strengths : Can provide ( ).

Pentesting and Dynamic Analysis

31

Plan : ( ) should be done early to be effective (Waterfall model)

The earlier you find problems, the easier it is to fix them.

Do

Check : ( ) (dynamic analysis)

Act

Threat Modeling vs. Pentesting

32

Pentesting cannot replace threat modeling! Pentesting should be used as

an adjunct to threat modeling.

Threat Modeling vs. Pentesting

33

Threat Modeling vs. Pentesting

34

Threat Modeling vs. Pentesting

35

Threat Modeling vs. Pentesting

36

Threat Modeling vs. Pentesting

37

Threat Modeling vs. Pentesting

38

Pentesting Can't Guarantee Coverage!

Pentesting can identify some vulnerabilities for repair. However,

the failure of any particular penetration team to find

vulnerabilities does not imply their absence. It only indicates that the team failed to find any. This is the

reason we need a rigorous development process (i.e., Security

Engineering or SDL).

1) Daniel Jackson et al., "Software for Dependable Systems: Sufficient Evidence?"

39

How to Get Code-Proof

40

How to Get Code-Proof

Aaron Tomb (Galois, Inc), "Assuring Crypto Code with Automated Reasoning",QCon, London, March 2017

41

There are rarely any guarantees that real-world cryptographic implementations match the mathematical specifications

targeted by cryptanalysis research.

How to Get Code-Proof

42

How to Get Code-Proof

( Aaron Tomb, "Automated Verification of Real-World Cryptographic Implementations)

43

Equivalence-Checking : Checks whether two functions, f and g, agree on all inputs

Safety-Checking : Checks run-time exceptions. Given a function f, we would like to know if f's execution can perform operations such as division by zero or index out of bounds.

How to Get Code-Proof

David A. Ramos and Dawson R. Engler, "Practical, Low-Effort Equivalence Verificationof Real Code", CAV 2011 : This shows a technique for performing a semantic equivalenceverification of new implementations vs reference implementations using a modified version of KLEE.

44

Several Ways to Link Model with Prog.

Matteo Avalle, Alfredo Pironti, Riccardo Sisto, "Formal Verification of Security ProtocolImplementations: a Survey", Formal Aspects of Computing, January 2014.

45

Several famous theorems (particularly Gdels incompleteness theorem and Rices theorem) imply that its impossible to write a program that can always construct a proof of some arbitrary theorem (or some arbitrary property of a piece of software). Because of these theoretical limits, ( ).

In practice, however, ( )contains characteristics that make many of its properties ( ).

The Limits of Automated Proof

46

Haskell based DSL (Domain-Specific Language) for writing ( )

DSL :

Cryptol

Lewis JR, Martin B., "Cryptol: High-Assurance, Retargetable Crypto Development and Validation", MILCOM 2003

47

Created by Galois Inc. with support from ( )

Cryptol specifications can be used to verify various implementations

C code, VHDL, etc.

Cryptol

Lewis JR, Martin B., "Cryptol: High-Assurance, Retargetable Crypto Development and Validation", MILCOM 2003

48

49( "Verified correctness and security of OpenSSL HMAC", Usenix Security Symposium 2015)

50

51

52

The key strategy is to upgrade weapon systems to qualify as High-Assurance Cyber Military Systems (HACMS),

strategically designed to better withstand a cyber attack.

53

54

55

(CW-TEC : Cyber Weapon Test and Evaluation Center)

(High-Assurance Cryptography)

(High-Assurance SystemNetwork)

(High-Assurance Management

System)

( : , : )

( : ) ( : ) ( : )

( ) ( ) ( )

Red Team

CyKor

()HAR