Ed Moyle 2006 RSA

Information about Ed Moyle 2006 RSA

Published on August 27, 2007

Author: Amateur

Source: authorstream.com

Content

Self-Defending Structures: A Model for Design and Implementation :  Self-Defending Structures: A Model for Design and Implementation Session IMP-202 Presented by: Ed Moyle, CTG Believe It or Not… :  Believe It or Not… It’s not just about security. Software bugs cause: Loss of life Race conditions in the 'Therac 25' software lead directly to numerous deaths Loss of money/property The (fortunately) unmanned Ariane 5 rocket exploded due to an overflow condition. The rocket cost $7 billion and the cargo was estimated at $500 million Failure of critical infrastructure An overflow condition shut down a Washington DC hospital on in 1989 Dozens more at the 'Software Horror Stories' Web Page (http://www.cs.tau.ac.il/~nachumd/verify/horror.html) 10-Second Agenda:  10-Second Agenda What’s the issue? Why do we need a new approach? How and why does this approach work? How would somebody start using the approach? Where can someone learn more? What’s the Issue?:  What’s the Issue? We’ve all heard these a million times: Software vulnerabilities ('bugs') are a huge security problem The earlier you find bugs, the cheaper they are to fix The rate of vulnerability discovery is increasing Vulnerabilities cost money: increased maintenance, reduced sales, even a hit to stock price Keeping the bug-rate down costs money Proof Points:  Proof Points In case you don’t believe it, compare: Year-by-year vulnerability discovery rate as per the National Vulnerability Database with Cost of fixing bugs in the lifecycle as per 'The Developer Testing Paradox' (Developer Testing magazine) Result: More bugs found late in the cycle (i.e. production) - the most expensive time! What’s Going On?:  What’s Going On? We’re asking developers to remember to implement more and more complicated security-related rules Memories are fallible Some security-related tasks are complicated and hard to do right 100% of the time Deadlines are tight It’s hard to test for everything, especially when there’s not enough time Other factors might obviate secure code Maintenance programmers Configuration decisions What About Today’s Approaches? :  What About Today’s Approaches? Traditional wisdom says: 'Educate' Developers (e.g. about the evils of calls like 'strcpy()') Audit the code manually or using automated tools Change the development process to make sure that security is integrated into the process These approaches work, but they all have one thing in common… The Common Factor:  The Common Factor The cost the same or more year-over-year: Developers change jobs – new developers come and old ones go. You have to continue to train your development staff on an ongoing basis. Technologies change – new API’s, SDK’s, IDE’s, and all the other acronyms mean you’ll need to keep your auditors (or scanners) up to date on an ongoing basis. Processes change – new development techniques (RUP, MSF, XP, etc.) mean you’ll need to continually need to the way security fits in. Conclusion: Both education and audit are self-perpetuating cost centers that require constant or increasing expenditure over time. Requirements for a New Approach:  Requirements for a New Approach Reduce bugs to the same degree as other approaches Not be mutually exclusive with other efforts Cost less year-over-year Ensure uniformity across development teams Not depend on a particular language Enter Self-Defending Structures:  Enter Self-Defending Structures 'Self Defending Structures' are: Data structures that enforce security policy Data container objects Index or storage data structures (hashtables, dictionaries) Cryptography helper objects/API’s Discussed in the analyst community as 'Application Security Frameworks' Implemented commercially for various application contexts e.g. RSA BSAFE Data Security Manager Does it Work Better?:  Does it Work Better? Abstracts security decisions away from developers The right security things 'just happen' behind the scenes without conscious developer intervention Security functionality becomes centralized, therefore making bugs easier to fix Developer education becomes easier because there are less 'does and don’ts' that developers have to remember Scanning requirement becomes easier because dangerous functionality is centralized in one place Is it Really Cheaper? :  Is it Really Cheaper? Requires an initial investment in terms of development time (con) Reuse means cost goes down over time (pro) Initial investment in building, buying, or researching Long-term savings in management Long-term savings in reduced bugs Periodic development required for updates, but may not be required for incremental API or technology changes (pro and con) Sample Usage:  Sample Usage Data containers that implement memory scrubbing during destruction (or on command) Zeroization of memory before free() or delete (e.g. c/c++) or before we release the last reference (e.g. Java) Population of memory with random data before free() or delete or before releasing the last reference Key container objects that implement expiry or data protection Framework might choose not to encrypt new data with an expired key Framework could maintain keystores for different applications Data that enforces transmission/usage policy Framework could only operate on certain hosts or for certain users Simple Example (High Level View):  Simple Example (High Level View) Let’s start simply: Our [hypothetical] security policy requires that all sensitive data be zeroized when use is concluded; this includes: Cryptographic keys Passwords or user data Regulated Data We don’t want developers to have to remember to make calls to something like memset() every time data is freed Simple Example (Low Level View):  Simple Example (Low Level View) UML 2.0 Sequence Diagram of Self-Defending Memory-Zeroizing Data Container: More Functionality (High Level):  More Functionality (High Level) One addition we can make to the example: Instead of using nulls (zeroizing), we could change the object to write over the data with random data Make the object driven by policy so that developers do not need to worry about: When to scrub the memory How to scrub the memory Changes in security policy impacting memory handling Most importantly, the implementation of memory scrubbing More Functionality (Low Level):  More Functionality (Low Level) UML 2.0 Sequence Diagram of Policy-Driven Self-Defending Memory-Zeroizing Data Container: Design and Implementation Strategies:  Design and Implementation Strategies The easy way: Use object orientation to write code that encapsulates security functionality within container objects (e.g. the last example) Buy (or make use of) an external toolkit that provides some degree of security automation The hard way: Use a procedural language to write code that mirrors an underlying API (like the C API) Getting Part of the Way There:  Getting Part of the Way There Some widely-accessible frameworks do parts of this already: Sun Java JCE Microsoft .NET (e.g. System.security) OpenSSL EVP API RSA BSAFE Data Security Manager They do part of it, but they don’t do all of it… Some Limitations of Existing Frameworks:  Some Limitations of Existing Frameworks JCE provides cryptographic functionality in an opaque way and provides key storage objects, but does not provide zeroization (especially of passwords.) Watch out for: Immutable strings .NET provides cryptographic functionality in an opaque way. Watch out for: Legacy (i.e. CAPI) key storage BSAFE Data Security Manager provides cryptographic functionality, but: 'You gotta play to win' (you get the benefit only where you use the toolkit) Applications:  Applications Enterprise Toolkits – put policy decisions back in the hands of security Commercial Toolkits – simplify product deployment and overall configuration Web Components – defend against external attacks and provide a buffer between UI and underlying services Further Reading (and Shameless Plug):  Further Reading (and Shameless Plug) Some additional resources: RSA BSAFE Data Security Manager documentation or evaluation(http://www.rsasecurity.com/) WASF article series by Thomas Ortega (http://uk.builder.com/) Analyst research (e.g Burton Group research on app security frameworks – http://www.burtongroup.com) Our book Summary/Conclusion:  Summary/Conclusion Development is a hard job, asking developers to remember more details, to learn a new style, or to change the way they work is unrealistic Scanning tools help, but they require both manual intervention, periodic upkeep, and can be highly impacted by technology changes. Self-Defending Structures/Application Security Frameworks increase the security and efficiency of the development process over the long term Self-Defending Structures require an initial investment in time, but ultimately are more effective than other traditional approaches Questions?:  Questions? Thank you!!!! Don’t hesitate to write/call for more information: [email protected] (603)264-1350

Related presentations


Other presentations created by Amateur

Time Management
19. 06. 2007
0 views

Time Management

genitourinary surgery
30. 04. 2008
0 views

genitourinary surgery

musso
28. 04. 2008
0 views

musso

JBEIT Procurement
18. 04. 2008
0 views

JBEIT Procurement

Rodgers
17. 04. 2008
0 views

Rodgers

IPsec Business
16. 04. 2008
0 views

IPsec Business

1narongchai
14. 04. 2008
0 views

1narongchai

ch03 4e sp07
13. 04. 2008
0 views

ch03 4e sp07

EntretiensMD 061005 VA
10. 04. 2008
0 views

EntretiensMD 061005 VA

The story of Abraham 3 10
19. 06. 2007
0 views

The story of Abraham 3 10

low cost strategy 040405
13. 03. 2008
0 views

low cost strategy 040405

PP Latin America Unit XX
22. 10. 2007
0 views

PP Latin America Unit XX

C6436 11th Family
24. 02. 2008
0 views

C6436 11th Family

reniers film history
20. 02. 2008
0 views

reniers film history

08 Osborne Use of Methanol
07. 11. 2007
0 views

08 Osborne Use of Methanol

Notes Japan
09. 10. 2007
0 views

Notes Japan

Pablo NERUDA
16. 10. 2007
0 views

Pablo NERUDA

indiaglorious
16. 10. 2007
0 views

indiaglorious

Greeklegacies
17. 10. 2007
0 views

Greeklegacies

CRP 1000 Presentation
19. 10. 2007
0 views

CRP 1000 Presentation

CrossingtheFinishLine
05. 09. 2007
0 views

CrossingtheFinishLine

RAI Status Report
23. 10. 2007
0 views

RAI Status Report

distribution aufait
23. 10. 2007
0 views

distribution aufait

comma
05. 09. 2007
0 views

comma

MIE2006 Workshop
05. 09. 2007
0 views

MIE2006 Workshop

PlenaryPovertyNarayan
29. 11. 2007
0 views

PlenaryPovertyNarayan

ubicomp smart homes
27. 08. 2007
0 views

ubicomp smart homes

ShirleyJackson
27. 08. 2007
0 views

ShirleyJackson

Culture Conflict Resolution
27. 08. 2007
0 views

Culture Conflict Resolution

anxiety
27. 08. 2007
0 views

anxiety

NYpanel 4 DATAUSE
05. 09. 2007
0 views

NYpanel 4 DATAUSE

Influenza 2006
25. 10. 2007
0 views

Influenza 2006

mals russia trip
26. 10. 2007
0 views

mals russia trip

geneticAlgorithm
29. 10. 2007
0 views

geneticAlgorithm

june7
15. 11. 2007
0 views

june7

The Romans WWtbaM
14. 12. 2007
0 views

The Romans WWtbaM

Lsn 3 Egypt
10. 10. 2007
0 views

Lsn 3 Egypt

Economics of ClimateChange
30. 12. 2007
0 views

Economics of ClimateChange

Amateur Satellites
03. 01. 2008
0 views

Amateur Satellites

bio refinery
03. 01. 2008
0 views

bio refinery

Nobelpreise
15. 10. 2007
0 views

Nobelpreise

Impact of Metrology Eng
22. 10. 2007
0 views

Impact of Metrology Eng

DensityNotes
06. 11. 2007
0 views

DensityNotes

All Star Grill
17. 12. 2007
0 views

All Star Grill

Slivovsky CPE350 Lecture5
07. 01. 2008
0 views

Slivovsky CPE350 Lecture5

Obesity Trends Map
09. 08. 2007
0 views

Obesity Trends Map

Obesity Prevalence
09. 08. 2007
0 views

Obesity Prevalence

Logics of Enquiry
09. 08. 2007
0 views

Logics of Enquiry

Obesity workshop
09. 08. 2007
0 views

Obesity workshop

CAIRO NOTABLE EARTHQUAKES
23. 11. 2007
0 views

CAIRO NOTABLE EARTHQUAKES

Robotalk
03. 01. 2008
0 views

Robotalk

Potts Whipple
12. 10. 2007
0 views

Potts Whipple

07 wifi Hovis
29. 10. 2007
0 views

07 wifi Hovis

prop50information
03. 01. 2008
0 views

prop50information

Angola MTB
19. 10. 2007
0 views

Angola MTB

PP JA FUENTES
22. 10. 2007
0 views

PP JA FUENTES

cowie
19. 11. 2007
0 views

cowie

myers12
09. 08. 2007
0 views

myers12

wehrle
15. 10. 2007
0 views

wehrle

4B2006
22. 10. 2007
0 views

4B2006

Energizing your online presence
27. 08. 2007
0 views

Energizing your online presence

PRC56 Amanda open
27. 09. 2007
0 views

PRC56 Amanda open

ufrj 2003
28. 12. 2007
0 views

ufrj 2003

voting
27. 08. 2007
0 views

voting

copyright law
30. 10. 2007
0 views

copyright law

My name is Meth
02. 10. 2007
0 views

My name is Meth

PAAB Presentation Kelly
27. 02. 2008
0 views

PAAB Presentation Kelly

healthy eating SC
04. 03. 2008
0 views

healthy eating SC

Future Naval Capabilities
06. 03. 2008
0 views

Future Naval Capabilities

FP7 FAFB Information 2
27. 11. 2007
0 views

FP7 FAFB Information 2

RigandShip experience
07. 11. 2007
0 views

RigandShip experience

MORTON
07. 11. 2007
0 views

MORTON

Pakistan RSpresentation
30. 03. 2008
0 views

Pakistan RSpresentation

Preciosa factura 1949
19. 06. 2007
0 views

Preciosa factura 1949

Postales de Amistad 1970
19. 06. 2007
0 views

Postales de Amistad 1970

Kickoff Presentation 2007
30. 10. 2007
0 views

Kickoff Presentation 2007

Simplemente Espectacular 1 1714
19. 06. 2007
0 views

Simplemente Espectacular 1 1714

Regalos Originales
19. 06. 2007
0 views

Regalos Originales

Regalito 1713
19. 06. 2007
0 views

Regalito 1713

realidad
19. 06. 2007
0 views

realidad

Toda mujer deberia 1971
19. 06. 2007
0 views

Toda mujer deberia 1971

The three wise men 2 of 12
19. 06. 2007
0 views

The three wise men 2 of 12

Tanga mania 2016
19. 06. 2007
0 views

Tanga mania 2016

srs presentation
19. 06. 2007
0 views

srs presentation

SOAP
19. 06. 2007
0 views

SOAP

slideshoweou
19. 06. 2007
0 views

slideshoweou

HEARTof Darkness pres2
27. 08. 2007
0 views

HEARTof Darkness pres2

smpp tuberculosis janssens
15. 10. 2007
0 views

smpp tuberculosis janssens

AFD 070425 016
27. 08. 2007
0 views

AFD 070425 016

Rocks and Minerals
15. 10. 2007
0 views

Rocks and Minerals

corso studi fisica
15. 10. 2007
0 views

corso studi fisica

TL China
25. 03. 2008
0 views

TL China

Proverbios Animados 1951
19. 06. 2007
0 views

Proverbios Animados 1951

errors funny fatal
27. 08. 2007
0 views

errors funny fatal

20060828091411514
12. 10. 2007
0 views

20060828091411514

08 Neil Scales
16. 11. 2007
0 views

08 Neil Scales

Refleja Lo Que Piensas 1954
19. 06. 2007
0 views

Refleja Lo Que Piensas 1954

Recomenzar 1911
19. 06. 2007
0 views

Recomenzar 1911

ATAMS Pre Bid Presentation 2
28. 02. 2008
0 views

ATAMS Pre Bid Presentation 2

Newspapers drive sales for web2
04. 10. 2007
0 views

Newspapers drive sales for web2

Koonce et al Poster
09. 08. 2007
0 views

Koonce et al Poster

kottmann pl
18. 03. 2008
0 views

kottmann pl

The Lizards
19. 06. 2007
0 views

The Lizards

vet2
21. 10. 2007
0 views

vet2

Burger Ch07 Magnetics
05. 01. 2008
0 views

Burger Ch07 Magnetics

Robo en cajeros II 2080
19. 06. 2007
0 views

Robo en cajeros II 2080

Robo en cajeros 1908
19. 06. 2007
0 views

Robo en cajeros 1908

Quien Snoopy 1952
19. 06. 2007
0 views

Quien Snoopy 1952

hietala materiaali
27. 08. 2007
0 views

hietala materiaali

Lilas
09. 08. 2007
0 views

Lilas

454
16. 03. 2008
0 views

454

thor
05. 09. 2007
0 views

thor

Para enviar 1934
19. 06. 2007
0 views

Para enviar 1934

aug12 rita VeenaJha
17. 10. 2007
0 views

aug12 rita VeenaJha

Posiciones incorrectas 2012
19. 06. 2007
0 views

Posiciones incorrectas 2012

Heminger IBTTA VII
14. 11. 2007
0 views

Heminger IBTTA VII

PowerPointslaveshipi nternet
27. 08. 2007
0 views

PowerPointslaveshipi nternet

educators presentation
16. 02. 2008
0 views

educators presentation

Diversity in the Family
24. 02. 2008
0 views

Diversity in the Family