Chapter 12 Insecurity in Software
What is SRE?
|Software reverse engineering.
Serious attackers use SRE techniques to find and exploit flaws, or create
new ones. Also:
Tools for SRE:
Regmon monitors all accesses of the Windows registry. Filemon monitors all accesses of files. VMWare allows users to set up virtual machines.
DISASSEMBLER: STATIC VIEW, the code must be decrypted before it can be executed (an attacker can look at the decryption code and get access to the exe file.
FALSE DISASSEMBLY: Jumps in the code + self modifying code (modifies its code in real-time)
DEBUGGER: DYNAMIC VIEW can treat complex code as a blackbox.
ANTI-DEBUGGING TECHNIQUES: Don`t handle threads well. Possible to implement a hardware-based debugger. A program can monitor the use of these debug registers and stop if they are in use. A program can also monitor for inserted breakpoints. The debugger does not prefetch instructions. There might be rubbish in some of the memory locations.
Software Tamper Resistance:
Guards: Code breaks when tampering occurs. The code hash sections of itself as it executes and compare the computed hash values with the known hash values of the original code. Hashed only on executable code, it is too costly to do it on plain text.
Obfuscation: IS MAKING THE SOFTWARE DIFFICULT TO UNDERSTAND.
Metamorphism Revisited: Clones. Negative when it comes to Trudy; Break once, brake everywhere. Instead we make software that changes where it is put, so the copies are not identical just like viruses that mutate.
Digital Rights Management:
Encryption is not enough since the receiver of the paid software is a potential attacker who has the key.
Will use anti-disassembly, anti-debugging, obfuscation in addition to a strong cipher.
Digital Right Management is an attempt to provide "remote control" over digital content. We would like to distribute digital content, but we want to retain some control-remote control-over its use after it has been delivered.
Persistent protection: We must protect the digital content so that the protection stays with the content after it`s delivered. Examples:
CRYPTOGRAPHY IS NOT THE SOLUTION TO THE DRM PROBLEM
Encryption is only used to ensure that the data can be securely delivered.
Security by obscurity: It is difficult to understand where the key is. Software obfuscation is the same.
Kerckhoffs Principle: Cryptodesign need to be open.
Analog hole: The content can be captured in analog form. Digital music can be recorded using a microphone and movies can be recorded from the screen with a videocamera.
Human nature: A big problem in DRM. Bigger that with passwords.
A DRM system:
Using a SDS (secure document server) and the client software (software plugin to the Adobe PDF reader). The document is encrypted into the server and the client has to login to the server to get the key to decrypt the document. The SDS resides in the corporate headquarters and is relatively secure.
The servers need to:
The clients need to:
High level design of the client software:
GUARDS ARE NOT USED BECAUSE THEY ARE INCOMPATIBLE WITH ENCRYPTED EXECUTABLE CODE
If we can not trust the operating system, then the DRM client software can easily be undercut by attacks on the OS.
Software Development: Ross Anderson
|Standard approach to software development:
penetrate and patch
It is cheaper and easier to let customers do the testing.
Software is open to the users. You would think that the more "eyeballs", the more security flaws would be found. The book though thinks that these "eyeballs" do not look for security flaws.
Microsoft get more attention from Hackers. No one can look at the code.