Tool-based Approaches to Software Security. Prof. Dr. Eric Bodden Andreas Follner

Transcription

1 Tool-based Approaches to Software Security Prof. Dr. Eric Bodden Andreas Follner

2 Outline General Information Timeline Term Paper / Review / Talk Grading Next Steps Topics

3 General Information Purpose of this seminar Introduce students to the core techniques of scientific work Give a scientific talk Process of writing and publishing research papers Review a paper

4 Timeline Topics assigned April 22 Paper submission May 29 Review submission June 5 Feedback meetings June 8-19 Camera ready June 26 Talks July 2

5 Term Paper Find further references Explain technologies using your own words Use your own example throughout About 6 pages (not a lot don t waste much space on basics) 8 pages / 2 students; 10 pages / 3 students

6 Review Summary of the paper(s) To show that you understood it Suggestions for the author, regarding content and presentation Be realistic and concrete List positive and negative points Be honest and critical! Used to grade YOU, not the person who wrote the paper.

7 Talk Blockseminar 15 minutes / person (+ 10 minutes for each additional person)

8 Grading 40% talk 40% paper 20% reviews Participation in the discussion following the talks will also be considered

9 Next Steps Choose topics Write a list of your 3 favourite topics (ordered by preference) Send me an (andreas.follner@ec-spride.de) including the list and your name Deadline: April 19 Check the details on the course website Topics will be assigned We provide you some references as a starting point

10 Topics

11 Inspecting Google Android for Work Advisor: Stephan Huber

12 Android for Work Google smartphone enterprise solution: BYOD solution, private and work isolation System integration and container solution Special application store Research and sum up information about Android for Work New programing guidelines and policy rules Collect information (and examine) system integration Give an overview of the Administration and Service system

13 Android for Work Main site for customers: and Developer Guide: Organisation-specific "instances" of Google Play:

14 Android Malware Evolution Advisor: Siegfried Rasthofer

15 EASY -> Highly Sophisticated

16 Requirements: Good Security Background, good knowledge about malware engineering in general Identify the evolution of Android Malware Development What will be added in the future?

17 An Evaluation of Anti-Analysis Techniques in Android Applications Advisor: Siegfried Rasthofer

18

19 Requirements: Good Security Background, good knowledge about malware engineering in general 1. Identify all the popular anti-analysis techniques 2. Think about possible metrics for evaluating the effectiveness of such techniques 3. Apply the metrics to the popular anti-analysis techniques

20 An Evaluation of Android Reverse Engineering Frameworks Advisor: Siegfried Rasthofer

21

22 Requirements: Android Development + Security Background Includes practical hands-on 1. Get familiar with open-source and commercial Reverse Engineering Frameworks 2. Come up with a feature list 3. Evaluate the frameworks based on the feature list

23 Enemy Beyond the Gates: A Study on Intrusion Detection and Honeypots Advisor: Kevin Falzon

24 A study on intrusion detection and honeypots

25 A study on intrusion detection and honeypots

26 A study on intrusion detection and honeypots Look into the various techniques used in detecting and fingerprinting attacks Both deployed and experimental Compare effectiveness, efficiency, strengths and weaknesses Write down findings

27 Automatic Exploit Generation Advisor: Mauro Baluda

28 Automated Exploit Generation Automated Exploit Generation promises to reduce the cost of assessing software security. Goal: Exhibit program inputs that trigger vulnerabilities (exploitability witnesses). Approach: Combine techniques from security analysis with automatic test case generation.

29 Automated Exploit Generation Review the state of the research: Assumptions, Strengths, Limitations Propose a classification Evaluate the related tools when available Suggest future research directions

30 Automated Exploit Generation Starting points:

31 Defense Mechanisms Against Collusion Attacks Advisor: Alexandre Bartel

32 Defense Mechanisms Against Collusion Attacks

33 Collusion Attack

34 Your Job Search for, describe and evaluate existing solutions to detect and/or prevent application collusion. A solution could be, for example, a tool to analyze Android applications or a modification of the Android framework. Suggested number of students: 1-3

35 CFI vs ROP Advisor: Andreas Follner

36 CFI vs ROP Control-flow integrity (CFI) seemed to be the solution against return-oriented programming (ROP) attacks CFI Compute control-flow graph ahead of time (binaries, no source code, debugging symbols, etc.) Instrument vulnerable program (statically or dynamically) to force it to stay on precomputed paths

37 CFI vs ROP Problem: approaches sacrifice security for performance less gadgets but still enough for ROP Aim: compare current approaches, find vulnerable points, make suggestions for improvement

38 ROP vs ARM Advisor: Andreas Follner

39 ROP vs ARM Return-oriented programming (ROP) #1 exploitation technique on Windows/x86 What s the situation on Android/ARM?

40 ROP vs ARM What s the situation on Android/ARM? Real-world exploits in real malware or rather academic? Are there any mitigation techniques? (except for ASLR)

41 Evaluating ROP Gadget Finders Advisor: Andreas Follner

42 Evaluating ROP Gadget Finders Differences of various gadget finders regarding Performance Configurability Automatic payload-creation In-depth knowledge about ROP essential!

43 Questions? Contact: Course information: Dates Paper submission May 29 Review submission June 5 Feedback meetings June 8-19 Camera ready June 26 Talks July 2