Hardening The Attack Surface - UEFI

presented byHardening The Attack SurfaceUEFI Winter Plugfest – February 21-23, 2012Presented byDouglas MacIverPrincipal Test Engineer, Microsoft Corp.Updated 2011-06-01UEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface1

UEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface2

HardenAttackSurfaceUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface3

How to Harden an Attack Surface• Threat Modeling• Secure Coding• Security Code Audits• Fuzz Testing• Software Security DefensesUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface4

Media Player Threat ModelUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface5

UEFI Threat ModelUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface6

Secure Coding (one aspect)Validation of untrusted input!Poor validation of untrusted input may result in:– Buffer overflows– Integer and pointer corruption– Memory overwrites– …Leading to:– Compromised runtime integrity of authenticated components– …UEFI Plugfest – February2012www.uefi.org Hardening The Attack Surface7

Security Code AuditsUINT32 FindJamInBlob(BLOB* Blob, size_t BlobSize){UINT32 JamOffset;JamOffset = Blob->Start + Blob->Hdr.Size;}return JamOffset;First, ask questionsSecond, identify vulnerabilitiesUEFI Plugfest – February2012www.uefi.org Hardening The Attack Surface8

Venn and the Art of Security Testingcustomer wants/needssadnessgood designbad impllucky?designbad designbad implbad designgood implbad designbad implimplementationUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface9

EffortFuzz TestingFormat AwareFix-up InstrumentedFeedback InformedDumbApplying malformed data against the attack surfaceUEFI Plugfest – February2012www.uefi.org Hardening The Attack Surface10

Software Security Defenses• Writing Secure Code• Stack Buffer Overrun Detection (GS)• Data Execution Prevention (DEP/NX)• Address Space Layout Randomization (ASLR)• Heap Corruption Detection• Migration to Safer FunctionsHardening The Attack Surface

How to Harden and Attack Surface• Secure Coding: helps to avoid problemsGuidelines for Writing Secure Code: http://msdn.microsoft.com/en-us/library/ms182020.aspxWriting Secure Code: http://msdn.microsoft.com/en-us/security/aa570401Safe Integer Arithmetic in C: http://blogs.msdn.com/b/michael_howard/archive/2006/02/02/523392.aspx• Threat Modeling: helps to define trust boundaries and potentially malicious datainput pointshttp://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx• Security Code Audits: helps identify vulnerabilities through manual codeinspectionhttp://technet.microsoft.com/en-us/library/cc723542.aspxhttp://blogs.msdn.com/b/sdl/archive/2011/10/19/code-analysis-for-all.aspx• Fuzz Testing: helps find input parsing and other vulnerabilitieshttp://msdn.microsoft.com/en-us/testing/cc162782.aspx• Software Security Defenses: helps provide blanket protection against somethreatshttp://msdn.microsoft.com/en-us/library/bb430720.aspxUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface12

HardenAttackSurfaceUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface13

Thanks for attending theUEFI Winter Plugfest 2012For more information onthe Unified EFI Forum andUEFI Specifications, visithttp://www.uefi.orgpresented byUEFI Plugfest – February 2012 www.uefi.org Hardening The Attack Surface14

Hardening The Attack Surface - UEFI

Create successful ePaper yourself

Delete template?

Save as template?