Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

LANGSEC 2011-2016

No description
by

Meredith Patterson

on 29 May 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of LANGSEC 2011-2016

...the 1940s... LANGSEC 2011-2016 Meredith L. Patterson
Upstanding Hackers, LLC
www.langsec.org ...the 1960s... ...the 1950s... 1956 2013 2012 2011 2010 2009 2008 2007 2006 2005 Dejector: the first formal defense
against SQL injection Zed Shaw writes Mongrel, a web server with a formal HTTP parser Zed Shaw scraps Mongrel for Mongrel2,
rewrites everything except the HTTP parser Thin web server forks Mongrel,
keeps the parser Unicorn web server forks Mongrel,
keeps the parser Puma web server forks Mongrel,
keeps the parser X.509 parse tree
differential attacks Google releases Protocol Buffers Recurity Labs releases Blitzableiter Travis Goodspeed unveils "packet-in-packet" PHY-layer injection Netzob automates botnet (and other) protocol reversing James Oakley and Sergey Bratus demonstrate arbitrary code execution in DWARF bx and Sergey Bratus demonstrate arbitrary code execution in ELF metadata Julian Bangert and Sergey Bratus demonstrate arbitrary code execution in MMU trap handler bx demonstrates arbitrary code execution in Mach-O metadata Hammer parser generator library released Robert David Graham's C10M: 10 million simultaneous connections in userspace ...the 1990s... ...the 1980s... ...the 1970s... 1936 Turing answers the Entscheidungsproblem raichoo releases a Javascript backend for Idris James Coglan releases websocket-driver Chomsky Hierarchy formalized About that parser... Development time: ~1 week "We'd put Mongrel behind Apache and watch Mongrel reject ~80% of the attacks" No payload == no CPU load Who's using it anyway? Why protocol buffers? Inline DSLs for the rest of us Problem #1:
Any Input is a Program Problem #2:
Not all parsers can be created equal What We Know Proving a program correct is, in the general case, impossible. Crafted input is the vector for exploitation. Input languages are not (usually) Turing-complete! Why parse them like they are? Why mix recognition and processing? The low-hanging fruit is right there!
Take it! I Know What Queries I Want, I Wrote Them Myself Oh, you wanted an argument? This is abuse! class Client
def initialize(url)
@uri = URI.parse(url)
@parser = Faye::WebSocket::HybiParser.new(url, :masking => true)
@state = :connecting
@tcp = tcp_connect(@uri.host, @uri.port || 80)
@handshake = @parser.create_handshake

@tcp.write(@handshake.request_data)
loop { parse(@tcp.read) }
end

def send(message)
case @state
when :connecting
@queue ||= []
@queue << message
when :open
data = @parser.frame(message, :text)
@tcp.write(data)
end
end def parse(data)
case @state
when :connecting
leftovers = @handshake.parse(data)
return unless @handshake.complete?
if @handshake.valid?
@state = :open
parse(leftovers)
@queue.each { |msg| send(msg) } if @queue
else
@state = :closed
end
when :open, :closing
@parser.parse(data)
end
end
end With websocket-driver class Client
attr_reader :url

def initialize(url)
@url = url
@uri = URI.parse(url)
@driver = WebSocket::Driver.client(self)
@tcp = tcp_connect(@uri.host, @uri.port || 80)

@driver.start
loop { parse(@tcp.read) }
end
def parse(data)
@driver.parse(data)
end

def send(message)
@driver.text(message)
end

def write(data)
@tcp.write(data)
end
end ...and you're done. It all started with \0 ...but wait, there's more! A lightning rod for Flash Packet-in-packet Netzob C10M Sickle Idris Hilbert: "What's an algorithm that can determine whether an arbitrary first-order logic expression is universally valid?" Turing: "There's not one." Input drives state changes/transitions in input handlers Only a well-defined execution model can be trusted Input handler is either a recognizer for its input as a well-defined language, or it's pwned. Two views of the same data can lead to confusion Three major X.509 parsers Multiple ELF parsers in binary toolchain Context-free equivalence problem One language, one grammar, two implementations? Ok. One language, two grammars? NO. If SQL is deterministic context-free ... (it is) ... but I only want to accept queries for my app ... ... and if it only takes a subset of the rules of SQL to produce those queries ... (it does) ... then why not only accept strings in that sub-grammar? Write-once, run-anywhere Abstracts implementation away from you You focus on semantics, library handles syntax Most Flash exploits use intentionally malformed files Simple solution: full recognition before processing! Works with NoScript Performs limited semantic property validation Where does this ad forward to? Does this widget load 3rd-party content? Marshall Beddoe, 2005: "What happens if we throw bioinformatics prediction algorithms at opaque data streams?" Recovers grammar definitions from (e.g.) botnet C&C protocols Information theory in practice! Claude Shannon, Ralph Hartley 8 cores / 64GB RAM / 10Gbps should be able to handle 10 million simultaneous connections Forget the kernel, servers can do it all in userspace DNS server (forthcoming, Black Hat) parses the .com zonefile faster than wc About 2Gbps Would be faster, but there are cache misses when creating zone table Moxie Marlinspike: "What happens when you insert a null byte into the CN of a CSR?" Typically, you got back a cert with a null byte in the CN www.paypal.com\0.evil.com Not all browsers saw it that way! www.paypal.com\0 -- end of string! This is fixed now https://github.com/UpstandingHackers/hammer C underneath, bindings for everything else (coming soon!) API based on Haskell/Scala's parser combinators Write-once, never implement again No separate compilation step (unlike Ragel or bison) Standard library for Hammer Message formats File formats Encodings/codecs Bitwise parsing too! Still in planning stages -- follow us on GitHub for news as it happens Bounty program! CN=www.paypal.com/CN=www.evil.com Some implementations paid attention to the first CN, others the last What happens when the CA pays attention to the first and signs the CSR with both? OID: 06 0D 55 04 82 80 80 80 80 80 80 80 80 80 03 "2.5.4.2^64+3" OpenSSL: "That's 2.5.4.2361183241434822606851" CryptoAPI: "That's 2.5.4.3!" Dependent types: proving things about your program, while you program Coq Agda Idris: "proving security properties" in mind from day 1 If we can have C on the web with Emscripten, why not put dependent types there too? On a final note Let us focus on integrating technological developments in a way that allows us to preserve core constitutional principles, democratic oversight, and digital freedoms as essentials in our open societies. Marietje Schaake, Dutch MEP Fundamentally an escaping problem ... at PHY layer Logic: "Packet starts wherever a SYNC is!" What happens if you put a SYNC in the body? Hardware doesn't know any better! If a symbol error occurs in the preamble or the sync, receiver thinks the body is a new packet! Encryption eliminates this problem. https://github.com/UpstandingHackers/hammer @maradydd
mlp@upstandinghackers.com
Full transcript