1 / 12

Secure Programming

Secure Programming. CSIS 5857: Encoding and Encryption. Secure Programming. Writing code resistant to attacks Buffer overflows Access control SQL injection … Main goal for encryption: Make sure secrets kept Keys Plaintext, etc. Keeping Secrets.

juro
Download Presentation

Secure Programming

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Programming CSIS 5857: Encoding and Encryption

  2. Secure Programming • Writing code resistant to attacks • Buffer overflows • Access control • SQL injection • … • Main goal for encryption: Make sure secrets kept • Keys • Plaintext, etc.

  3. Keeping Secrets • Cipher keys must exist in memory at some point • Even if encrypted for storage, must be unencrypted to perform encryption/decryption Computer memory Code for Encryption program P C Read in from long term storage (should be encrypted)

  4. Keeping Secrets • Must make sure that memory erased when key no longer needed! • Otherwise, potentially vulnerable to anyone who can later access that memory • Stolen laptop • Access to multiuser system (such a server) • … Computer memory I have you now!

  5. Dynamic Memory • Local memory deallocated when function completed • Must make sure same true for dynamically allocated memory on heap • Objects allocated with new in C, C++, Java… Computer memory Code for Encryption program Object pointer deallocate

  6. Deallocation in C/C++ • Easiest solution: manual deallocation • memset in C • delete in C++ • Problem: C/C++ has other flaws • Easy to create buffer overflow attacks with dynamic pointers/lack of array bounds checking KeyObject k = new KeyObject(decrypt(key));… delete k;

  7. Deallocation in Java • No manual deallocation in Java • Unused memory garbage collected instead • Java memory regularly scanned for memory not used by any active reference • Can manually invoke garbage collection • System.gc(); Method constructs dynamic objects containing key plaintext = decrypt(ciphertext); System.gc(); Clean up those objects when done

  8. Deallocation and Optimization • Problem: Compilers often optimize away this kind of code! • Turn off option in compiler • Test to make sure secrets actually destroyed (print contents of memory location) KeyObject k = new KeyObject(decrypt(key));… delete k; Compiler “This code doesn’t do anything useful, so I’ll skip it”

  9. Swap Files in Virtual Memory • Most OS use virtual memory to run programs • Some program data kept in swap files outside local memory for fast access if local memory full • Even if local memory destroyed, may still exist as copy in swap file! swap file local memory Code for Encryption program deallocate

  10. Swap Files in Virtual Memory • Some OS allow “locking” to prevent specific data from being copied • Some OS encrypt swapped data • May not be default – must specify swap file local memory Code for Encryption program deallocate

  11. Data Retention by Hardware • Data stored in same location in memory for long time can persist even after computer shut down • Keys often stored in same location for entire session • Potentially vulnerable to cold boot attack • Data stored for long time in SRAM becomes preferred startup state • Data stored for long time in DRAM can create magnetic patterns

  12. Data Retention by Hardware • “Boojum” Solution (Furguson, Schneier, Kohno) • Don’t store key directly • Store as components in different locations k1 = R (random number) k2 = h(R)  k (hash of random number  key) • To recover key: k = h(k1)  k2 • Generate new Rfrequently (every second) to avoid long-term patterns in memory k

More Related