trusted free and open source software (foss) foss hardening

NATO IST 091 # 18

Robert Charpentier DRDC Valcartier

Dr Mourad DebbabiConcordia University

November 22nd – 23rd , 2010

Trusted Free and Open Source Software (FOSS) FOSS Hardening

2

FOSS Project History

OverviewGuidelines

FOSS in mil

SupportOptions

DefensiveDesign

FOSSAuditing

FOSSHardening

Architecturesfor

Hostile Environments

FOSS: Free and Open Source Software

2003-04 2005 2005

2005-06 2006-09 2008-11

3

Lessons Learned with FOSS

• Adoption of Open Standards should be prioritized

• FOSS must be selected on its technical advantages

• Hybrid architectures using COTS and FOSS are often best

• Access to source code has proven very beneficial and practical

• FOSS offers more options for long-term maintenance

4

FOSS Project History

OverviewGuidelines

FOSS in mil

SupportOptions

DefensiveDesign

FOSSAuditing

FOSSHardening

Architecturesfor

Hostile Environments


2003-04 2005 2005

2005-06 2006-09 2008-10

5

Preprogrammed Security

Preprogrammed SecurityExisting Software Existing Software

Software Weaving

Secure Software

Ref: TFOSS project (2006 –2009) – Concordia, DRDC, NSERC & Bell

6

TFOSS Project Themes


7



8



9

TFOSS Project


10

TFOSS Students

1. Vulnerability Detection:

2 Ph.D. + 2 M.Sc.

2. Security Hardening Patterns and Plans:

1 Ph.D. + 1 M.Sc.

3. AOP Security Weaving:

2 Ph.D. + 1 M.Sc.

AOP: Aspect-Oriented Programming

11

Security Hardening Definition

• Process and methodology used to

– remove vulnerabilities, and/or

– add security functionalities, and/or

– prevent their exploitation in existing software

12

Analysis and Hardening on GIMPLE

Java/C++/C/ADA/Fortran …

Secured Executable

Security Features

• Facilitate introducing new security features into AOP languages.

• Unify the matching and weaving processing in mainstream languages

GCC: GNU Compiler Collection

13

Hardening on GIMPLE

GCC: GNU Compiler Collection

14

Case Studies

• Inspired by CERT and US Homeland Security coding rules

• Vulnerabilities:

– Unsafe creation of chroot jail

– TOCTOU

– Unsafe temporary file creation

– Use of deprecated function

– Etc.

• Well-known FOSS packages:

– Openssh-5.0p1 (encryption and authentication)

– Shadow-4.1.1 (handles passwords)

– Patchutils-0.1.5 (operates on patch files)

– Binutils-2.19.1 (manipulation of object code)

– Inn-2.4.6 (news server)

– Etc.

15

Implementation & Experiment

• Analyzed packages: 35 Linux packages written in C– apache-1.3.41, krb5-1.6, binutils-2.19.1, openssh-5.0p1, shadow-4.1.2.2, inn-2.4.6,

openca-tools-1.1.0, freeradius-2.1.3, amanda-2.5.1p2, zebra-0.95a, etc.

• Experiment result summary:

Error: Total reported errorsErr: Real errorsFP: False positivesDN: Statically undecidable errors

16

Race Conditions

Race Condition TOCTTOU

17

Temporary Files

Temporary File Errors

18

Data Flow Analysis

Comparison between Data Flow Analysis and Control Flow Analysis

19

Conclusion

• Methodologies, Techniques & Toolsets:– For security evaluation of software:

• Assisted vulnerability detection in GIMPLE

• Automated test generation (not covered today)

– For security hardening :

• Automated code injection in GIMPLE (i.e. GCC)

• Results available to the NATO community

20

TFOSS Project Team (11 March 2008)

21

TFOSS Lead Team

Dr. M. Debbabi + 3 other ProfessorsConcordia University

R. Charpentier + Capt. J. FurlongDRDC and CF

R. Low + 2 Bell analystsBell Canada

22

Thanks to: Marc-André Laverdière, Nadia Belbidia, Syrine Tlili, Dima Alhadidi, Aiman Hanna,

Xiaochun Yang, Azzam Mourad, Zhenrong Yang, Amine BoukhetoutaRachid Hadjidj, Hakim Idrissi Kaitouni, Hai Zhou Ling

Bell Canada and NSERC

[email protected]

trusted free and open source software (foss) foss hardening

Documents