1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University...
-
Upload
meghan-greene -
Category
Documents
-
view
212 -
download
0
Transcript of 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University...
![Page 1: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/1.jpg)
1
Vulnerability Assessment
of Grid Software
James A. KupschComputer Sciences Department
University of Wisconsin
Condor Week 2007May 2, 2007
![Page 2: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/2.jpg)
2
Security Problems Are Real
Everyone with a computer knows this.
If you’re not seeing vulnerability reports and fixes for a piece of software, it doesn’t mean that it is secure. It probably means the opposite; they aren’t looking or aren’t
telling.
The grid community has been largely lucky (security through obscurity).
![Page 3: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/3.jpg)
3
Many Avenues of Attack
InternetFirewall:
Attack web usingwww protocols
Compromised host Internal bad guy
wwwserver
We’re looking for attacks that exploit inherent weakness
in your system.
![Page 4: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/4.jpg)
4
Impact of Vulnerabilities
FBI estimates computer security incidents cost U.S. businesses $67 billion in 2005 [
CNETnews.com]
Number of reported vulnerabilities each year is increasing [CERT stats]
0
2000
4000
6000
8000
1994 1998 2002 2006
![Page 5: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/5.jpg)
5
Security Requires Independent Assessment
Fact #1:Software engineers have long known that testing groups must be independent of development groups
Fact #2:Designing for security and the use of secure practices and standards does not guarantee security
Independent vulnerability assessment is crucial…
…but it’s usually not done
![Page 6: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/6.jpg)
6
Security Requires Independent Assessment
(cont.)You can have the best design in the world,
but can be foiled by …– Coding errors
– Interaction effects
– Operational errors
– Configuration errors
– …
• Vulnerability assessment proactively finds and eliminates vulnerabilities
![Page 7: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/7.jpg)
7
Project Goals• Develop techniques, tools and procedures for
vulnerability assessment focusing on Grid software
• Apply to production software
• Improve the security of this software
• Educate developers about best practices
• Increase awareness about the need to do this
• Train and build a community of security specialists
![Page 8: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/8.jpg)
8
Security Evaluation Process
• Overview– Insider - full access to source, documents, developers– Independent - no agenda, no blinders– First principles - let the process guide what to
examine
• Architectural analysis• Resource and privilege analysis• Component analysis• Codification of techniques and
dissemination
![Page 9: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/9.jpg)
9
System Analysis(a.k.a. understanding the
system)Architectural analysis - the structure of the
system: what processes, their function, communication channels, trust relationships…
Resource analysis - objects in the system and the operations allowed
Privileges analysis - privilege model used internally by the software and by external resources
Data flow diagrams
![Page 10: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/10.jpg)
10
Privileges - Root Install
Submit Host
Central Manager
User
submit
startd
schedd
shadow
Execute Host
startd
schedd
starter
User Job
collectornegotiator
1. Job Description File
2. Job ClassAd
1. Machine ClassAd
5. ReportMatch
6. Claim Host
7. ForkShadow
8. Establish Communication Path 9. Set policy and fork User Job
4. NegotiationCycle
7. forkStarter
root
user
Real UIDs
4.NegotiationCycle
5. Report Match 3. Job ClassAd
![Page 11: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/11.jpg)
11
Component Analysis(a.k.a. finding the bad stuff)
• Audit the source code of a component using…
• First principles - use knowledge from previous analyses to guide search
• Look for vulnerabilities in a component
• Finds deeper problems not found by– Black box testing
– Threat driven vulnerability testing
![Page 12: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/12.jpg)
12
Categories of Vulnerabilities
• Design flaws– Problems inherent in the design– Hard to automate discovery
• Implementation bugs– Improper use of the programming language, or of a
library API– Localized in the code
• Operational vulnerabilities– Configuration or environment
• Social engineering attacks– Valid users tricked into attacking
Occur about equally
![Page 13: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/13.jpg)
13
Many Types of Vulnerabilities
Buffer overflowsInjection attacks
Command injection(in a shell)
Format string attacks(in printf/scanf)
SQL injectionCross-site scripting or
XSS(in HTML)
Directory traversalInteger vulnerabilities
Race conditionsNot properly
dropping privilegeInsecure permissionsDenial of serviceInformation leaksLack of integrity checksLack of authenticationLack of authorization
![Page 14: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/14.jpg)
14
Integrating Vulnerability Assessment into the Development Process
• Writing Vulnerability Reports
– See http://www.cs.wisc.edu/condor/security
• Vulnerability Disclosure Process
• Fixing vulnerabilities
• Announcing Vulnerabilitiesand Fixes
![Page 15: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/15.jpg)
15
Systems Investigated• Univ. of Wisconsin’s Condor Project
– Batch queuing workload management system
– 600K lines of code, began 15 years ago
– http://www.cs.wisc.edu/condor
• SDSC’s Storage Resource Broker (SRB)– Distributed data store, with metadata and
federation capability
– 275K lines of code, began 9 years ago
– http://www.sdsc.edu/srb
• NCSA’s MyProxy (just starting)
![Page 16: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/16.jpg)
16
Vulnerabilities Found
• 15 vulnerabilities in Condor documented– 2 from Condor staff– 1 in third-party library
• 6 vulnerabilities in SRB documented– 1 from SRB staff
• Most of these have existed for years in shipping releases
![Page 17: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/17.jpg)
17
Summary of Project
• Develop local assessment expertise
• Develop assessment procedures
• Assessed and found vulnerabilities in Condor and SRB, starting MyProxy
• Codify and disseminate methodology and techniques
• Train developers to prevent vulnerabilities
![Page 18: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/18.jpg)
18
Conclusion
• If you are developing middleware, you need to be doing this
• If you are using middleware, you need to make sure the people producing it are doing this
• If you are funding middleware, you need to make sure you are funding this
![Page 19: 1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.](https://reader036.fdocuments.in/reader036/viewer/2022072015/56649edc5503460f94bec347/html5/thumbnails/19.jpg)
19
Security BOFThursday 3:00 – 4:00
Questions