Implementation Assurance

고려대학교정보보호대학원

마스터 제목 스타일 편집

Security engineering is about building systems to remain dependable in the face of malice, error and mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.

(by Ross Anderson)

Security Engineering

SDL (Security Development Lifecycle)

마스터 제목 스타일 편집국제공통평가기준 (Common Criteria)

국제공통평가기준 (Common Criteria)

Samsung Smart TV Security Solution(received CC EAL1 certification)

LG Smart TV Application Security Solution(received CC EAL2 certification)

LG Smart TV Samsung Smart TV

Threat-Risk Modeling supports

Security ( ) and security ( ) identification

Systematic ( ) and penetration testing ⇒ Structured penetration testing

Secure code review

Threat-Risk Modeling

(Quan Heng Lim, "Pentesting Methodology 101",https://blog.horangi.com/pentesting-methodology-101-28151c53eebf)

MS’s STRIDE Threat Modeling Tools

Threat Modeling also Deals with..

(Carl Ellison, "Ceremony Design and Analysis“ )

Threat Modeling also Deals with..

Validation & Verification

Validation :

Verification :

Formal means two things : A mathematical (not English) ( ) An exhaustive ( ) method (not

simulation) ( ) coverage (i.e., over all possible

sequences of test vectors)

Sometimes “semiformal” is used to mean… Formal specification, but not verification, or Nothing formal, but using similar algorithms.

( ) coverage

What is Formal Method?

The Real World

Formal Specification

CodeAlgorithm / Code

Informal simulation methodology

”Semiformal” simulation methodology

Formal verification methodology

Theorem Proving

Model Checking

Theorem prover

Accepts assumptions (“givens”) & goal in some notation

Tries to produce proof of goal, starting from assumptions

Using only a sequence of allowed inference rules & theorems

Theorem proving tools may be either :

Automated Interactive (“proof assistant”)

Theorem Proving-Based Testing

General purpose theorem prover ( ) was used to reason 5 classic authentication protocols and their variation.

( ) was used to analyze the Needham-Schroeder protocol and SET.

( ) was used to verify authentication protocol.

Theorem Proving-Based Testing

Assume there is a formal model M for the specification of the System under Test (SUT).

Specify the security goals φ (e.g., confidentiality, authenticity).

A model-checker will report M |= φ for all security properties φ defining the security goals of the model.

Model-Based Security Testing

But program verification is ( )! (by Alan Turing)

Even if the problem were in theory solvable for a given system, there are two common reasons that make a solution ( ):

The behaviour of the system or parts of the system may not be amenable to a mathematical treatment, or

The system may simply be too complex for verification to be feasible.

In 1996, model checker ( ) was used to exhibit a flaw in the Needham-Schroeder protocol.

Since then many other model check tools or other proving tools showed the same thing.

Other protocols were or are being checked. SSL by Stanford IKE, SET by Meadows Netbill electronic payment protocol

Strengths : ( ) Can provide ( ) guarantees.

Weaknesses : ( ) between the model and the

SUT has to be addressed. Model creation is burden on programmer The model might be incorrect. If verification fails, is the problem in the model

or the program?

( ) issues

Security Testing Techniques in the Secure Software Development Lifecycle

But, Model-Based Testing Is Not Easy..

Also known as ‘Source Code Analysis’ or ‘White-Box Testing’.

Techniques :

Code-Based Testing and Static Analysis

Strengths : ( )

Can provide ( ) guarantees - that is, a static analysis system can show, with certainty, that a given piece of binary code is secure.

Weaknesses : Resulting in a large amount of ( ).

( ) provide ‘actionable input’ (i.e., an example of a specific input that can trigger a detected vulnerability).

Code-Based Testing and Static Analysis

Also known as ‘Black-Box Testing’.

Techniques :

Strengths : Can provide ‘( )’.

Pentesting and Dynamic Analysis

Plan : ( ) should be done early to be effective (Waterfall model)

“The earlier you find problems, the easier it is to fix them.”

Check : ( ) (dynamic analysis)

Threat Modeling vs. Pentesting

“Pentesting cannot replace threat modeling! Pentesting should be used as

an adjunct to threat modeling.”

Pentesting Can't Guarantee Coverage!

Pentesting can identify some vulnerabilities for repair. However,

the failure of any particular penetration team to find

vulnerabilities does not imply their absence. It only indicates that the team failed to find any. This is the

reason we need a rigorous development process (i.e., Security

Engineering or SDL).

1) Daniel Jackson et al., "Software for Dependable Systems: Sufficient Evidence?"

How to Get Code-Proof

☞ Aaron Tomb (Galois, Inc), "Assuring Crypto Code with Automated Reasoning",QCon, London, March 2017

There are rarely any guarantees that real-world cryptographic implementations match the mathematical specifications

targeted by cryptanalysis research.

(☞ Aaron Tomb, "Automated Verification of Real-World Cryptographic Implementations“)

Equivalence-Checking : Checks whether two functions, f and g, agree on all inputs

Safety-Checking : Checks run-time exceptions. Given a function f, we would like to know if f's execution can perform operations such as division by zero or index out of bounds.

☞ David A. Ramos and Dawson R. Engler, "Practical, Low-Effort Equivalence Verificationof Real Code", CAV 2011 : This shows a technique for performing a semantic equivalenceverification of new implementations vs reference implementations using a modified version of KLEE.

Several Ways to Link Model with Prog.

☞ Matteo Avalle, Alfredo Pironti, Riccardo Sisto, "Formal Verification of Security ProtocolImplementations: a Survey", Formal Aspects of Computing, January 2014.

Several famous theorems (particularly Gödel’s incompleteness theorem and Rice’s theorem) imply that it’s impossible to write a program that can always construct a proof of some arbitrary theorem (or some arbitrary property of a piece of software). Because of these theoretical limits, ( ).

In practice, however, ( )contains characteristics that make many of its properties ( ).

The Limits of Automated Proof

Haskell based DSL (Domain-Specific Language) for writing ( )

Cryptol

☞ Lewis JR, Martin B., "Cryptol: High-Assurance, Retargetable Crypto Development and Validation", MILCOM 2003

Created by Galois Inc. with support from ( )

Cryptol specifications can be used to verify various implementations

C code, VHDL, etc.

Cryptol

☞ Lewis JR, Martin B., "Cryptol: High-Assurance, Retargetable Crypto Development and Validation", MILCOM 2003

49(☞ "Verified correctness and security of OpenSSL HMAC", Usenix Security Symposium 2015)

The key strategy is to upgrade weapon systems to qualify as High-Assurance Cyber Military Systems (HACMS),

strategically designed to better withstand a cyber attack.

마스터 제목 스타일 편집사이버무기시험〮평가연구센터

사이버무기 시험〮평가 연구센터(CW-TEC : Cyber Weapon Test and Evaluation Center)

고신뢰 암호장비실(High-Assurance Cryptography)

고신뢰 시스템〮네트워크실(High-Assurance System•Network)

고신뢰 관리체계실(High-Assurance Management

System)

(센터장 : 황석중 교수, 부센터장 : 김승주 교수)

(실장 : 홍석희 교수) (실장 : 김승주 교수) (실장 : 이경호 교수)

암호알고리즘연구실 (홍석희 교수) 보안성분석〮평가연구실 (김승주 교수) 위험관리연구실 (이경호 교수)

Red Team

(사)HARU

(팀장 : 이기택 박사과정)

정형기법연구실 (최진영 교수) 암호프로토콜연구실 (이동훈 교수)

외부 자문단

사이버사, 기무사, KISA, TTA,국가보안기술연구소 등

네트워크연구실 (이원준 교수)

Security Regression Testing

Test suite minimization

Test case prioritization

Test case selection

Security Regression Testing

June 3, 2015) In the Beginning…

Brief Introduction to CGC

Cyber Grand Challenge

(Korea Univ’s CyKor + Korea Univ’s SANE Lab + Others)

Traditional Capture The Flag

Traditional Pwn2Own

(source: DARPA)

Robots’ CTF, Cyber Grand Challenge

(source: DARPA)

Robots’ CTF, Cyber Grand Challenge

Brief Introduction to CGC – in 2014 –

(source: DARPA)

The CRS had to work without human intervention. Any teams found to use human assistance were disqualified.

The CRS had to patch bugs in challenges. Points were gained for every bug successfully patched. Challenges with no patched bugs received zero points.

The CRS could prove bugs exist in challenges. The points from patched challenges were doubled if the CRS could generate an input that crashed the challenge.

The patched challenges had to function and perform almost as well as the originals. Points were lost based on performance and functionality loss (= availability loss) in the patched challenges.

Teams are allowed to combine after the qualifying event.

Brief Introduction to CGC – Rules –

Brief Introduction to CGC – Schedule –

- ~70 teams → 7 qualified teams- Every qualified team received 750,000$(8억7천만원)!

- 1st: 2,000,000$(23억3천만원)- 2nd: 1,000,000$- 3rd: 750,000$

(source: DARPA)

Brief Introduction to CGC – Finalists –

(source: DARPA)

마스터 제목 스타일 편집Brief Introduction to CGC – Finalists –

마스터 제목 스타일 편집ForAllSecure’s MAYHEM

마스터 제목 스타일 편집DEFCON CTF 2015

마스터 제목 스타일 편집MAYHEM @ DEFCON CTF 2016

마스터 제목 스타일 편집MAYHEM @ Smithsonian

August 2016

- Automated unpacking- Vulnerability discovery- Taint tracing- Anomaly Detection

Fully autonomous network defense: Interact with opponent!

(source: DARPA)

Brief Introduction to CGC – After CGC –

"Security operations must besignificantly more automated and

manageable"

Why CGC?

Categorization

Mutation-based (Dumb fuzzing) :

Generation-based (Smart fuzzing) :

Evolutionary :

Fuzzing [1]

Problems

Suffer from the need for an ( ) set of test cases.

Can you ‘guess’ when fuzzing is ‘finished’?

Thus we need ‘( )’!

( ) : The degree to which the source code of a program is tested by a particular test suite

Fuzzing [1]

Lack of code coverage is a bad thing Can’t find bugs in code you’re ( )

executing

Then, how to gain ‘( )’ code coverage

Code Coverage Analysis

Symbolic Expression (Example) 3x + 2y = 8

Symbolic Execution Proposed in 1976.

A system to generate test data and symbolically execute programs (Lori Clarke, 1976)

Symbolic execution and program testing (James King, 1976)

2005 ~ present : practical symbolic execution

Rather than executing a program with concrete input value, execute it ( ) representing the inputs.

Symbolic Execution [2,3]

Applications :

Bug finding

Test Input Generation (a.k.a Symbolic Execution Tree)

Program verification (= Code assurance)

Determining functional equivalence

Worst-case execution time estimation for real-time software

Memory :

Environment :

Loops :

State space explosion and path selection :

Constraint solver :

Binary code :

Challenges of Symbolic Execution

( ) : Symbolic execution of a program may result in a very large, possibly infinite number of paths.

|paths| ~ 2|if-statements|

By ( ), symbolic execution can explore the target program more efficiently. However, if a precondition is ( ), no ( ) will be found.

Precondition Symbolic Execution

Problem : Traditional symbolic execution ( ) is too slow to find exploitable bugs.

Insight : Only explore ( ) (Fast).

Precondition Symbolic Execution to only (likely) ( )

(e.g.)

Precondition Symbolic Execution

Static and dynamic program analysis techniques can be used to narrow the space of states.

(E.g.)

Program Slicing :

Taint-analysis :

Program Slicing & Taint-Analysis

SAT : Find an assignment to a set of Boolean variables that makes the Boolean formula true

Example :

p∧(q∨¬p)∧(¬q∨¬r) is satisfiable. Choose p, q, v : p=true, q=true, r=false

p∧(q∨¬p)∧(¬q∨¬p) is unsatisfiable.

SAT Solver

Simple method for checking satisfiability :

Check all ( ) possibilities for v where n = number of variables.

Good news : It ( ) works

Bad news : It is ( ), so only feasible for ( ) n. It has been proven that SAT is ( )

(1970).

SAT Solver

SMT (Satisfiability Modulo Theories) = SAT++

An SMT formula is a Boolean combination of formulas over first-order theories.

The State of the Art : Handle ( ). (Example)

SMT Solver

SMT-Solvers :

SMT-Lib : Library of benchmarks

http://www.smtlib.org

SMT Solver

DARPA's APAC(Automated Program Analysis for Cybersecurity) for DoD mobile app marketplaces

DARPA's VET(Vetting Commodity IT SW and FW)

Only CGC Event? Not! – R&Ds

Turing Test) Loebner Prize Competition

http://www.loebner.net/Prizef/loebner-prize.html

Artificial Intelligence) AAAI Annual Computer Poker Competition

http://www.computerpokercompetition.org/

Satisfiability) SAT Competition

http://www.satcompetition.org/

Satisfiability Modulo Theories) SMT Competition

http://www.smtcomp.org

Only CGC Event? Not! – Competitions

Now drawing widespread attention!

☞ Symposium Celebrates Ed Clarke and Model Checking, CMU, September 2014

But It’s a Branch of Model Checking

☞ 차상길, "바이너리 분석을 통한 자동 익스플로잇 생성: 과거, 현재, 그리고 미래", SECUINSIDE 2016

☞ Symposium Celebrates Ed Clarke and Model Checking, CMU, September 2014

마스터 제목 스타일 편집Security Engineering vs. CC Evaluation

CC Part 3

* Assurance Classes

* Assurance Components

CC Part 2Security Functional Requirements

* Functional Classes

* Functional Families

* Functional Components

* Detailed Req.

* Functional Packages

CC Part 1Introduction and General Model

* Assurance Families

* Detailed Req.

* Eval. Assur. Levels

Security AssuranceRequirements

CC Part 3

* General Concepts

* Evaluation Model

Security Engineering vs. CC Evaluation

End-to-End Proof

High-AssuranceCyber System

Scope, Depth,Rigor

Security Engineering vs. CC Evaluation

Now The World Goes for High-EALs

Any Others?

The CC is not alone.

Many evaluation programs exist (30+).

Let’s take a look at them…. briefly!

Security Assurance Landscape

1. B. P. Miller, L. Fredriksen, and B. So. "An Empirical Study of the Reliability of UNIX Utilities", Commun. ACM, 33(12):32-44, Dec. 1990.

2. James C. King, "Symbolic Execution and Program Testing", Communications of the ACM, volume 19, number 7, 1976, 385-394.

3. Lori A. Clarke, "A Program Testing System", ACM 76: Proceedings of the Annual Conference, 1976, pages 488-491, Houston, Texas, United States.

4. Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, PongsinPoosankam, Prateek Saxena, "BitBlaze : A New Approach to Computer Security via Binary Analysis", ICISS '08 Proceedings of the 4th International Conference on Information Systems Security, Pages 1-25

5. Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel and Giovanni Vigna, "Driller : Augmenting Fuzzing Through Selective Symbolic Execution", Network and Distributed System Security Symposium (NDSS) 2016

6. Trail of Bits, “How We Fared in the Cyber Grand Challenge”, Trail of Bits Blog

References

Implementation Assurance

Implementation Assurance

Engineering

Transcript of Implementation Assurance

Kotka implementation

SNORT Implementation

Extrait e assurance m assurance

implementation of implementation of 3r in surabaya city surabaya ...

GENERAL GUIDELINES OF HALAL ASSURANCE SYSTEM LPPOM … · Internal Halal Auditor is staff(s) officially appointed by Company Management to coordinate implementation of HAS. 11. Fatwa

Assurance Auto...Assurance Auto Document d'information relatif à un produit d'assurance Baloise Insurance Assurance Omnium Safe 1 Assurance optionnelle dans le cas d'une Grande Omnium:

Les Assurances Maritimes Assurance CORPS Assurance FACULTÉS Assurance RESPONSABILITÉ

ITIL Implementation

Metadata Quality Assurance Part II. The implementation begins

Erp Implementation

Implementation patterns

„Ereigniskette“ IMPLEMENTATION

TD Assurance Assurance médicale de voyage Régime …0619... · 2020. 2. 27. · 1 . TD Assurance . Assurance médicale de voyage . Régime d’assurance séjour prolongé 55+ Certificat

Implementation Toolkit

PowerPoint Presentation Outline • Lake Elsinore Reference Hydrology Update • Implementation Framework • Reasonable Assurance Analysis • Supplemental project characterization

ASSURANCE SERVICES

การแปลงกลยุทธ์ไปสู่การปฏิบัติ (Implementation)

Methodology, Implementation, Data Processing, and Reporting · Methodology, Implementation, Data Processing, and Reporting 1 ... Research & Information Services ... Implementation,

Notions de droit en assurance de dommages - Accueil · • Assurance voyage, • Assurance valeur de remplacement d’automobile (FPQ 5) • Assurance de responsabilité vendu avec

Bab 16 - Quality Assurance and Implementation - Upload