Hardening The Attack Surface - UEFI
Hardening The Attack Surface - UEFI
Hardening The Attack Surface - UEFI
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
presented by<strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong><strong>UEFI</strong> Winter Plugfest – February 21-23, 2012Presented byDouglas MacIverPrincipal Test Engineer, Microsoft Corp.Updated 2011-06-01<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>1
<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>2
Harden<strong>Attack</strong><strong>Surface</strong><strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>3
How to Harden an <strong>Attack</strong> <strong>Surface</strong>• Threat Modeling• Secure Coding• Security Code Audits• Fuzz Testing• Software Security Defenses<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>4
Media Player Threat Model<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>5
<strong>UEFI</strong> Threat Model<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>6
Secure Coding (one aspect)Validation of untrusted input!Poor validation of untrusted input may result in:– Buffer overflows– Integer and pointer corruption– Memory overwrites– …Leading to:– Compromised runtime integrity of authenticated components– …<strong>UEFI</strong> Plugfest – February2012www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>7
Security Code AuditsUINT32 FindJamInBlob(BLOB* Blob, size_t BlobSize){UINT32 JamOffset;JamOffset = Blob->Start + Blob->Hdr.Size;}return JamOffset;First, ask questionsSecond, identify vulnerabilities<strong>UEFI</strong> Plugfest – February2012www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>8
Venn and the Art of Security Testingcustomer wants/needssadnessgood designbad impllucky?designbad designbad implbad designgood implbad designbad implimplementation<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>9
EffortFuzz TestingFormat AwareFix-up InstrumentedFeedback InformedDumbApplying malformed data against the attack surface<strong>UEFI</strong> Plugfest – February2012www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>10
Software Security Defenses• Writing Secure Code• Stack Buffer Overrun Detection (GS)• Data Execution Prevention (DEP/NX)• Address Space Layout Randomization (ASLR)• Heap Corruption Detection• Migration to Safer Functions<strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>
How to Harden and <strong>Attack</strong> <strong>Surface</strong>• Secure Coding: helps to avoid problemsGuidelines for Writing Secure Code: http://msdn.microsoft.com/en-us/library/ms182020.aspxWriting Secure Code: http://msdn.microsoft.com/en-us/security/aa570401Safe Integer Arithmetic in C: http://blogs.msdn.com/b/michael_howard/archive/2006/02/02/523392.aspx• Threat Modeling: helps to define trust boundaries and potentially malicious datainput pointshttp://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx• Security Code Audits: helps identify vulnerabilities through manual codeinspectionhttp://technet.microsoft.com/en-us/library/cc723542.aspxhttp://blogs.msdn.com/b/sdl/archive/2011/10/19/code-analysis-for-all.aspx• Fuzz Testing: helps find input parsing and other vulnerabilitieshttp://msdn.microsoft.com/en-us/testing/cc162782.aspx• Software Security Defenses: helps provide blanket protection against somethreatshttp://msdn.microsoft.com/en-us/library/bb430720.aspx<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>12
Harden<strong>Attack</strong><strong>Surface</strong><strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>13
Thanks for attending the<strong>UEFI</strong> Winter Plugfest 2012For more information onthe Unified EFI Forum and<strong>UEFI</strong> Specifications, visithttp://www.uefi.orgpresented by<strong>UEFI</strong> Plugfest – February 2012 www.uefi.org <strong>Hardening</strong> <strong>The</strong> <strong>Attack</strong> <strong>Surface</strong>14