SECURITY ASPECTS OF OPEN SOURCE

Transcription

5 OPEN SOURCE SECURITY LANDSCAPE Open Source is increasingly pervasive Vulnerabilities accompany wide development and deployment Recent vulnerabilities in last 18 months have raised questions about the OSS security model Heartbleed Shellshock Poodle Ghost Black Duck Software, Inc. All Rights Reserved.

6 HEARTBLEED A serious vulnerability in the popular OpenSSL cryptographic software library. Allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, , instant messaging (IM) and some virtual private networks (VPNs). Allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. Names and passwords of the users and the actual content. Eavesdrop on communications Steal data directly from the services used Black Duck Software, Inc. All Rights Reserved.

7 SHELLSHOCK BASH (BASHDOOR) Shellshock is a vulnerability in GNU's bash shell Allows attackers access to run remote commands on a vulnerable system. Executing Bash with a chosen value in its environment variable list, an attacker can execute arbitrary commands or exploit other bugs that may exist in Bash's command interpreter Black Duck Software, Inc. All Rights Reserved.

8 POODLE Padding Oracle On Downgraded Legacy Encryption (POODLE) is a flaw in how browsers handle encryption. Attackers, as man-in-the-middle, can change data in a way that forces a leak of data in a block called cipher. Many of the cipher suites in SSL v3.0 are already not being used due to insecure and small key sizes. POODLE vulnerability allows attackers to use the design of SSL v3.0 to decrypt sensitive information secret session cookies which give the attacker the ability to hijack sessions for users accounts. Because the protocol is too old, the flaw can t be patched, but it s hastening the death of SSL v3.0 as a standard Black Duck Software, Inc. All Rights Reserved.

9 GHOST "GHOST" is the name of a vulnerability recently found in one of the key components of Linux systems. The component is the Linux GNU C Library that is used by all Linux programs. The vulnerability has been found in a function of this library that is used to convert Internet host names to Internet addresses. If an attacker found vulnerable software and a way to transfer a properly crafted host name up to this function then theoretically the attacker could take over the control of the system Black Duck Software, Inc. All Rights Reserved.

11 OPEN SOURCE DEVELOPMENT MODEL User Community & Ecosystem Developer Community Core Developers Code Core project developers create, maintain, curate code base Vet contributions from larger communities Focus on project goals features, performance, etc Black Duck Software, Inc. All Rights Reserved.

12 OPEN SOURCE CODE CURATION MODEL User Community & Ecosystem Developer Community Core Developers Code v1 Code v2 Code vn CONTINUOUS INCREMENTAL IMPROVEMENT Black Duck Software, Inc. All Rights Reserved.

13 OPEN SOURCE CODE QUALITY ASSURANCE Linus Law: Many eyes make all bugs shallow -- Eric Raymond COMMUNITY unterminated strings Indices out of bounds back doors memory leaks CODE faulty logic privilege violations race conditions stray pointers priority inversion debug code regressions incorrect permissions unchecked function returns parameter reversal unitialized variables deprecated versions misconfiguration improper type casts Black Duck Software, Inc. All Rights Reserved. Maintainers, developers, users exercise, debug & improve code

15 OPEN SOURCE CODE SECURITY GAP Majority of eyes occupied elsewhere Minority of community is security-savvy COMMUNITY unterminated strings Indices out of bounds memory leaks back doors stray pointers CODE faulty logic privilege violations race conditions priority inversion debug code regressions parameter reversal unitialized variables deprecated versions misconfiguration incorrect permissions improper type casts unchecked function returns Black Duck Software, Inc. All Rights Reserved.

16 THREATS RESISTANT TO COMMUNITY OVERSIGHT Use-case specific errors Local misconfiguration LAN-based vulnerabilities Deployed deprecated s/w versions Weak encryption Bad authentication Stolen credentials Viruses, Trojans & other malware Denial of service attacks Weak passwords Unenforced security policy Phishing Man-in-the-middle attacks Forged certificates Spoofed MACs and IP addresses Latent zero-day exploits Brute force decryption Black Duck Software, Inc. All Rights Reserved.

18 SECURITY TECHNOLOGIES Intrusion Detection Authentication Network Security Encryption End-point Security Code Quality Tools Patch/Update Management Auditing & Logging Hardware Mechanisms Configuration Management Policy Enforcement Physical Security Formal Verification Certifiable Systems Capabilities & Access Control Binary Obfuscation Black Duck Software, Inc. All Rights Reserved.

19 BLACK DUCK OSS SECURITY VULNERABILITY DETECTION AND REMEDIATION Intrusion Detection Authentication Network Security Encryption End-point Security Code Quality Tools Patch/Update Management Auditing & Logging Hardware Mechanisms Configuration Management Policy Enforcement Physical Security Formal Verification Certifiable Systems Capabilities & Access Control Binary Obfuscation Black Duck Software, Inc. All Rights Reserved.

22 VERSION PROLIFERATION IN SOFTWARE STACKS EIT or OEM Deployment Value-added Code Open Source Libraries, etc. Update-to-Date Versions Version N-1 Version N-2 Deprecated Versions of OSS Can contain Bugs fixed later Security vulnerabilities Add size & complexity Unneeded extra code Namespace conflicts Operational costs OSS Reality Check Modern apps contain Millions of lines of code Thousands of OSS s/w components & 3 rd party code Multiple versions of each Multiple points of ingress Developers take code from multiple sources Not all reliable, up-to-date Black Duck Software, Inc. All Rights Reserved.

23 BLACK DUCK HELPS KEEP OPEN SOURCE S/W CONTENT UP TO DATE AND VULNERABILITY-FREE EIT or OEM Deployment Value-added Code Open Source Libraries, etc. Update-to-Date Versions Black Duck Tools Help enforce sourcing polices Licenses Versioning Security Eliminate version proliferation Version N-1 Version N-2 Identify deprecated s/w versions Keep s/w up-to-date Root out known / possible vulnerabilities Black Duck Software, Inc. All Rights Reserved.

25 OPEN SOURCE PLATFORMS A CERTIFICATION CHALLENGE Linux, Android too large, too dynamic to certify Linux kernel now tops 20 MLoC Certification competency < 15 KLoC additional packages (libs, utils, etc.) all moving targets Certification regimes require comprehensive specification Documentation does not exist at requisite level Alternative Path Virtualization / Separation Kernels Put Linux into a certifiable box Black Duck Software, Inc. All Rights Reserved.

26 PRODUCT LIFE CYCLE ALIGNMENT WITH OSS AND CERTIFICATION Docs OS Docs OS Security Up dates Tools Security Up dates Tools M/W M/W OSS VERSION OSS VERSION OSS VERSION PRE-MARKET CERTIFY RE-CERTIFY Project Launch Code Freeze Product Release Maintenance Updates, etc. End of Life Black Duck Software, Inc. All Rights Reserved.

27 COMMERCIAL (3 RD PARTY) SERVICES TO SUPPORT DEVICE CERTIFICATION What is available to you? Dedicated Consulting Practices Security analysis, certification services Artifacts Generation Storyboarding, benchmarking, requirements capture Design for Verification and validation Safety, security, and standards compliance Development process review and risk planning Vulnerability analysis For software and hardware architectures On-going security alerts and remediation Black Duck Software, Inc. All Rights Reserved.

28 TECHNOLOGY STRATEGY RECOMMENDATIONS Choose embedded OSS platform carefully Be wary of informal supply of embedded Linux, Android by semiconductor manufacturers Consider working with commercial platform providers Gain access to services targeted at medical OEMs Treat embedded Linux as COTS s/w base Establish formal ingestion procedures Maintain platform code in isolation from value-added apps and other Gambro-specific software Certification-specific concerns Anticipate challenges/levels of concern by building artifact base around Linux platform early in life-cycle Construct or acquire secondary documentation, test plan and test harness to facilitate traceability Black Duck Software, Inc. All Rights Reserved.

29 MIGRATION RESOURCE - VIRTUALIZATION Rehost legacy apps, OS as a guest in a virtual machine Type I Hypervisor (bare metal) Native Linux Containers - LXC Commercial products GB Broadband (OK Labs) GreenHills (Padded Cell) Red Bend (VirtualLogix) VMware, et al. Wind River Strengths No porting, retain certification Smaller TCB Weaknesses Still requires legacy RTOS, stack, support Black Duck Software, Inc. All Rights Reserved.