well good afternoon everybody my name is Gwen hunt I’m from tripwire tripwire is a company based in Portland we do enterprise solutions for security namely things like voluntary monitoring database integrity vulnerability assessments dynamic threat analysis we don’t do any virus that kind of thing that’s not it’s not our job we’ve been around about 16 years and about 500 people so him Who am I well I’ve been cranking software for quite a bit of time C++ since 1994 currently the last four years have been with tripwire as a tech lead for new solutions for new generation security applications previously I was with I move a perpetual startup have you ever been in that world it’s a lot of fun you don’t get paid that much sometimes you don’t get paid at all but you do cool things like in one day reverse engineer a FireWire driver and then terminate fiber in the afternoon it’s but it did that for 10 years and then IBM C++ and Java and I will admit it I quoted COBOL a long time ago with ETS but I saw the light I’ve read my first kid in our book and I’ve been in that direction sense so why do we care about security almost every day we hear about another data breach and these are some of the big ones recently in North America target Home Depot JPMorgan Apple Google White House and OPM now I started two of these because I’m directly affected by these two breaches that I know up is maybe another one Home Depot bought some paint supplies quite some time ago and when I was back east last February because skiing here was horrible I was in Vermont someone was using an exact replica of my card which I had in my pocket in Brooklyn checking parking meters and making charges and but according to my bank they suspect that it came from the Home Depot data breach the last one if you’ve ever filled out a sf-86 that’s as for a security clearance with federal government since 2000 it’s all electronic and there was over 21 million records that were leaked we think a nation state to be named did this and so things like they just also released yesterday that over five million people had their fingerprints so somebody somewhere has got my fingerprints and got my whole history everything about my brothers and sisters my mom and dad cats dogs everything I knew so anyway some statistics these are overlapping categories but from the online trust Alliance eighty-nine percent of all these data breaches four consider preventable they can identify a single event or a single couple events that if they were properly taken care of the breach probably wouldn’t have happened thirty-one percent are due to inside threats that doesn’t mean disgruntled employees it could be an employee it leaves a cell phone that has the LastPass master password in it and has all the corporate passwords at a bar somewhere so it’s you know dumb things like that weak or stolen credentials social engineering just little things like oh I forgot my elevator pass can I ride up with you and somebody gets on sees an open terminal gathers enough information that’s that’s used for another attack down the road and eventually ends up become a data breach 37 percent in 2014 were analyzed to be direct attacks that people were going specifically for a particular bank or a particular government facility and then lost or stolen devices 2013 a couple other of these organizations that eight hundred twenty three million personal records were exposed you can imagine what it was in the last couple of years okay gotta be smarter than the clicker okay types of threats obviously crime organized crime there are big syndicates especially in Eastern Europe that like to steal money from us still money from everybody state-sponsored insiders script kiddies people they read about a script on the internet and they get on and they they run a war script trying to break get into any particular boxing and find breach this often starts small weak or stolen credentials or lost or stolen

devices can start a cascade of events small compromises eventually leading to the data breach but sometimes they happen really quick the target breach according to Krebs on security in September 2015 once in the network attackers had full access to all store POS in the hole all of target no partitioning whatsoever in their network the initial breach was compromised VPN credentials for an HVAC firm interesting point to the black POS malware that was found on all the car readers in target an updated version was found at Home Depot and it was altered a little bit the made to look like a part of the antivirus package I was on the Home Depot systems so what are we gonna talk about well we’re not gonna try to solve the big macro problem we’re gonna focus a little bit on what developers can directly access and specifically in our world in the C++ world and I’m gonna go through a little bit about talk about some references that are out there some books and a website talk about some integer Bowl and abilities I’m not going to get into strings or arrays there we just don’t have the time for that but there are great sources for that talk a little bit about a programmers toolbox and some processes and then I’m going to go into a detailed scenario of applying some some security rules okay three books that I highly recommend this first one secure coding yeah it’s a little bit old but what I really like about this it doesn’t try to be a cookbook like you see this follow this solution what it does it sets up kind of the total holistic view of how to approach security that security is not something he just bolt on to an application throw a couple of flags and release mode and it passes that and send it out the door no you need to start from the very beginning what the application is supposed to do and figure out what things you could do to protect it I like this book a lot this book it’s I saw its for sale outside highly recommend it both in print and also in kindle form it’s actually very readable in Kindle this is a second revised book from Robert Secord if you want the nitty-gritty detail about stack smashing the Canaries and all that good stuff go to this book there’s page after page of really good information and this last one it’s also a little bit older but I liked it because it john vega talks a lot about interfacing OpenSSL it is an earlier version but talking to all the different api so if you ever have to deal with open ssl this is one of the good places to start from and then though it’s website this is put on by cert robert Secord is heavily involved with it and we’ll take a quick gander of what that site looks like this is the SEI cert coding standards there’s a bunch for android c c++ and java first i want to take a look at let’s take a look at c++ and look at this introduction first talk about priority and levels every vulnerability or issue here is is classified using the standard of vulnerability likelihood in a remediation cost so when we get a little farther into your little taken example C++ declarations initialization will start right from the beginning goes in excruciating detail basically don’t use the old C stuff there is the the C variable very attic interface and it talks about the rational B why this is non-compliant and then offers compliant solutions so every category it’s here that they listen to site follows the same pattern some are a little stale but most of them that I’ve seen are real current a a lot of folks are spending some really good time in this ok ok I’m gonna start with integers I in homework for you all take a look at the strings

and arrays and particularly the C chord book let’s take a look at integers unsigned integer app sign integer overflow and conversion issues ok we’re going to look at some code ok this is a real simple program I’m taking a unsigned 32-bit int I’m setting it to max value for 32 bit int increment in it and then I’m setting it to the min value and decrement it and I take a look at what it does so it’s as we expect no it’s good to be reminded that we’re at the top end of a 32 bit int we increment it we’re going to go we’re going to rap to zero okay no surprises there what about integer overflow sign in overflow so this is similar but this is with signed int and we’re going to go to the max value we’re going to increment and they’ve got to the min value and decrement no surprises here right then we got we’re at the the high end of the 32 but we’re going to wrap all the way to the negative value let’s take a look at conversions issues we’ve got a couple conversions here I’ve got a 32 bit int I got a unsigned int I’m assigning the value of a 32 bit at max value to a 32 that sign 32 bit int we expect some loss of data there and I’m going from an unsigned 32-bit into a unsigned 16 bit int let’s go see what that looks like okay so you can imagine that if you’re not doing any kind of range checking and you’re doing converting back and forth from signed and unsigned you can easily get into problems and I’m going to have a simple application I’m just going to call bad app bad application and this guy’s purpose it’s got a little worker class and in it it’s got a work thread and this guy all this is consumed a large buffer and sleeps but you can equate this to a worker thread and then based on argument input or use some program options we set the thread count and we’re off and running the default is 3 on this so and so ok so I’m running at 3 threads I’m gonna switch to a VM I guess I don’t want to crash my Mac sorry ok I’m gonna run this with 400 threads take a look at this screen right here this memory utilization well I basically do s my box it’s because I’ve got unbounded I’m not checking at all on the inputs and why did I bring out this scenario this is actually a fairly common scenario you can imagine that you’ve got a package of applications maybe you got a little daemon that sits on a UDP socket does some utility but nobody’s really touched it in five years but it’s always distributed with the new software somebody gets on a new box Systems Administrator touches the file system all of a sudden it’s world readable somebody gets on the Box they there at least they have an account they’re looking for a ways to compromise it and so they’re going to look for let’s go to opt and see if we can find an application copy it over into a temp directory play with the command interface and see what they get and right and they got gold here they can shut the box down whenever they want all unused to space without having root access so a way to mitigate this a little bit I’ve got a better app this is

pretty calm complex but I surgically removed a bunch of code from stuff I wrote four years ago with the equivalent of using a weed whacker but it’s it what this is is give strong type safety to arguments and so I have this properties class that I add a 32 bit int property I give it a this is what the actual argument is online a default value and a description and I set a range on it so right off the bat I’m setting the maximum it could between 1 and 3 and so when I try to run this application and I’ll run this on a Mac every day of the week okay default to 3 then let’s say I do a and we get an exception right off the bat so the behavior of this it just throws an exception we typically what we do is log that there is an out of range and then we use a default because our systems have to come up but this is this is also a decent behavior maybe in that you just log it and exit and if we go the other way we go to 0 look at the same thing we’re out of range it didn’t take a lot to add this capability and we’ll take one more look at the code for it it’s all based on a bunch of templates but to have this thing called the basic property basic property has a name description default value of I a string value and it has some setters and some getters and the ability to set range and then subclass that and I have a numeric property here as template for that and you can imagine you could do one for Strings they could do one for booze file paths you could do it for time durations there’s all kinds of different properties but you can follow the same pattern okay I’m going to show you one more thing Robert Ramey if your folks have met him he has introduced a library into the booths incubator called safe numerix and I like it a lot I haven’t used it much but I think it’s got some good application and here’s to just Google boost library incubator then look for safe numerix you will find this and the problem is that often as I showed earlier mathematical operations don’t do what you think they’re gonna do and and he builds a case for it and then his mechanism is a set of header only templates that introduce this idea of a safe integer for example and if you tried to set this integer outside or use a different value outside the range an exception gets thrown immediately people ask what does this have to do with business and that sort of thing I would say that almost any system you can think of a value flight control systems ABS brake control systems in a car anything to do with money that ranges they’re very important and so you want range checking and this kind of facility could be very helpful Robert Secord in his book goes in to give us a couple of nice tables of all the different conditions and operators that can cause wrapping of an unsigned integer and you said there are a lot of a lot of these operators maybe you don’t think it’s going to happen but there’s good chance it will and then with sign integer overflow and he also has a similar chart for truncation so when you go by the book outside there you can dump through these excuse me conversions generally always safe to go from small and sign into the large and sign ends but potentially not safe and the programmer has to step in for these other cases particularly when truncation is a possibility okay you don’t talk a

little bit about programmers toolbox first thing I like using as multiple compiler it’s this is the set of compilers I use because powers even different versions of the same compiler give you different warnings and errors I saw you routinely always code on GCC for eight and clang Xcode first and then go to the others I have a lot of code that runs on Windows XP embedded so I’m still stuck to Visual Studio 2010 but I will be moving to 2015 as soon as I can get that running because it has a tool chain that allows cross-compile to XP targets but a lot of value in like if you’re not quite sure and one compiler we’re going to bring it up in another compiler intel core powers are also very good they’re not as compliant with C++ 11 or 14 as the others but they get in there quickly the thing about the into Atul’s they’ve got a wonderful profiler called be tuned amplifier if you haven’t used it I think it’s one of the most user friendly out there other other things put this in your toolbox these are a list of flags that are that will get you discover warnings and problems that you won’t get when you just run it in debug maybe debug mode all of these are GCC and clang except for the sanitize that’s clang only on Xcode it only supports address yeah thank you I’ll make that change it’s good to know okay this is probably very stale but Visual Studio 2010 these are the additional flags I’m sure 2015 has some other ones I’ll update that when I able to bring up visual studio 2015 other flags that help mitigate attacks these do things like make prevent or help reduce buffer overflows on the stack eliminate execution capability not all these are visible and clang or usable on clang and identified those in blue that are GCC only also memory real oak relocation or ASL are in the windows world P ie in the kind of GCC world all very useful and before I get back to code I’m going to just breeze through some of this secure programming processes this first one may seem like all this is just another architect filling up slides but I think it’s pretty important as an organization that wants to build up a capability a secure capability you need to kind of define the framework that you work within and we we use principles of mechanisms and one principle may be although internet domain sockets connections have to be encrypted and the mechanism we use TLS one too high string cipher Suites x.509 peak pkix compliant with RFC 6120 five for identity verification I’ll get into more detail but what that means principle we authenticate the message source and a mechanism as we use hospit hash-based message authentication codes across the whole message and so we could tell if they’re tampered and we know who signed it principle all applications must bill with no warnings now they’re gonna be cases where a new you’re gonna have to locally suppress a particular item but generally like one of our principles is that no warnings force common coding standards I know it’s going to hurt someone’s mellow but people that like the code anyway they want but when he was the best pattern matcher on a planet is probably the human and the ability to see common recognized shapes and patterns well pickup errors so quick and pickup problems so quickly but it also makes the code more readable when you see somebody else some other colleague haven’t worked with them and our code is looks the same or is formatted the same it helps a lot in understanding there are a lot of good examples people point to Google’s C++ coding standards we use a lot of it we don’t use the portion of it because our code is a lot newer we use exceptions all through our code base so we deviate from that plus my companies mostly historically been a Java shop and so we came a case everything so we don’t use underscores

and our names code review system we use reviewed board it’s one example I like a better than a pull request it has to get a thumbs up by people on the team before we commit version control system probably real simple but if you don’t have if you’re not using one your code isn’t that important you really need this for a team of developers especially distributed we we use bizarre for a long time and it’s good but no one’s doing anything with bizarre so we all went to get and we got the github and for the most part it works good but it can be really frustrating at times last thing the fact or one of the last things to affect a defect tracking system particularly when it’s integrated with the version control and your code review system and makes everything seem ‘less there’s no you don’t lose information and everybody has contacts to a particular problem and uh an automated continuous integration these are things that we we do every night I’ve got 30-some odd platforms my main code runs static analysis runs automated fuzzing daily integration tests all target platforms and it’s a big deal of something breaks and we’ve got the best to get all Faiers and that includes testing failures because they may mask some other failure so it’s it we treat a testing a test problem just as important as an application problem okay penetration testing if you’re large enough grow some ethical hackers some people that could break our code I wish I could say who our third party but we use a lot of third party and I specifically will go in with the full code and I’ll say break this I want you to break this point I want you to bring that point and they’ve been very helpful in helping us harden our code very very expensive but very worthwhile ok now we’re going to get back into some more code and I got a scenario here imagine a company that does call consolidated services that provides web back in a web processing engines for a bunch of virtual stores these stores are all visible from the internet you’ve got a bunch of customers worldwide and then he got fulfillment houses that when a product gets ordered one of the processing engines sense of fulfillment order to the appropriate fulfillment house so we’re focusing on the yellow here and this cat this connection and as consolidate services we we want our partners to do it right we don’t want them to lose information about customers we we want any issues so we’re gonna help them by building a library and its libraries going to do some message handling parsing and civilization and it’s going to do encryption and decryption this security considerations that we’re going to protect the session with TLS one – we’re gonna thinik eight the message source and we’re going to encrypt the fulfillment order so there’s this is security and depth and then layers first TLS one – if you’re not using it you’re vulnerable if you use them 1:1 you’re wrong using 100 you’re wrong SSL 3 go dig ditches or something you’re on gap high string ciphers this is an example the elliptical curve ephemeral diffie-hellman and I broke down what the the different pieces mean for the of the algorithm but this is a relatively efficient but very strong cipher suite 6125 I put this here because there’s a lot of confusion and there isn’t a lot of information that’s easily digestible but 6125 basically you’re using items that you surgically place in a subject alternate name of your certificate chain that help you verify that you’re not communicating with somebody that’s acting as a man-in-the-middle in an attack and part of that mechanism is to use service IDs that effo server that is represents a service message represents a protocol and then the rest of it is a domain and then it got the same for the client-side also additional fields that are set in

where if you’re a server you never want client offset you never want to be set for 4 4 keys for key CR or crl signing you don’t want the kind of things it just needs these settings for a server and a client each to be for a client and because someone says the server off you should reject reject the conversation and the reason I put this here is because I don’t know of a fully compliant 6125 I had to write a lot of code to do this I use boost azo and I use exits out of open SSL callbacks to once open SSL that’s a certificate path verification then I iterate through all the certificates and look at the specific fields and match them up that they’re compliant okay almost almost a code again the second thing we’re doing is we’re we’re using message that we’re used in the H Mac code in front of it and H Mac or this is the message format it’s a sterilised protobuf message and has an H Mac field it has a UID field identifying a unique message a type time and then encrypted message bytes that H Mac field is is the across all other fields you could tell if anybody tampered with any component of the message so with that stuff done in advance we’ve got kind of an idea of what a structure might be and this is a candidate structure we’re building a library the l0 at the bottom that’s third party stuff we’re using open SSL and logically we’re using a bunch of stuff from Google protobuf even though it ends up in the bindings I just put that down there that’s saying we are using stuff from Google then I got a low-level layer which we’ll walk through some of these pieces that are open SSL but they’re not meant to be the public interface we want the third party to use and then we have l2 which is actual public interface we want the third party to use so they don’t have to get mixed up in the how am i doing for time half hour good good um we don’t want them to get lost in the nitty-gritty of open SSL okay last thing before we get the code or talk a little bit about the AES it’s pronounced again walk counter method jeonhwa gee al iOS there are a mysterious company in Portland about 50 people supposed to be really smart they have large foreheads which they do a lot of work for DARPA and that sort of thing but they came up with this years ago you have certain inputs you have a 256-bit symmetric key derived from a high-quality key derivation function the key is never sent with the encrypted message so this is a shared secret symmetric key one is on e your fulfillment house has it and then consolidated has the other there could be mechanisms to rotate these keys age them and replace them but not going to get into that the idea is the key is never sent with the message the initialization vector this is important because the very first block that gets encrypted needs some reference or a random material to do that encryption usually it’s about 128 bits but this particular algorithm it’s 96 bits then you’ve got your plaintext and in our case the plaintext is a serialized fulfillment order then the cripton outputs ciphertext and then 128 bit tag generated for tamper detection and then we concatenate the tag plus the IV plus the ciphertext and that’s what gets put in the the message block with a very important thing we don’t care if anybody sees what the IV is we just never ever use it more than once for that particular key and then that outputs the decryption inputs we’ve got the symmetric same symmetric key we’ve got the IV we’ve got the tag ciphertext and we get the plaintext output okay so let’s look at code so I go to stack overflow and I read and I have a cold brew coffee and in just in a few minutes I crank out no I don’t

want to get my chest I cranked out my very first wrapper around it I’ve got this is an equipped algorithm it’s still pretty see like and it’s got a decrypt algorithm I’m hinting that a lot of things that are wrong we’ll go through that a minute but let’s run a unit test so it’s going to compile the the unit test which is it’s a boost test here so pieces go with it and what we’ve done is we’ve taken a a key that I generated through an another random sequence generator function that it’s based on open SSL I created the IV and then I’ve got a plaintext which I just generated a bunch of sequences and concatenate it together then encrypt it and then and then going through the decryption I match the original to the to the decrypted and everything is happy so I’m done right I’ve got a working algorithm Oh anybody hazard a guess right off the bat some of the things that are wrong here pardon me yes yes yeah the comment was that the the decrypt exits without clean up and that’s very important which points out at this particular algorithm I’m actually doing a dynamic allocation of the context these four cipher this is a deprecated interface but OpenSSL being the way it is a lot of the old interfaces are still visible though they’re fixing in that now especially with version one one and a future versions there they’re letting this stuff die die or they’re making it make it disappear but this is a deprecated interface also all these functions almost all these functions have a return code and with this particular C interface you need to check the return code and like they’ve give a couple examples here but where I’m returning the value I’m thought of being slick I’m being like an old C programmer and returning negative numbers I’m leaking because I’m not cleaning up on this contacts okay so even though I’ve got a good algorithm if for some reason my tag value is wrong or something I’m gonna i’ma lose memory so I make another pass at it still a little see each I’m checking in return codes but I’m also I also got the leak problem okay so this really didn’t help much let’s go through a better code okay I changed from the char stars and link fields to standard vectors with unsigned chars they work really well with with this interface I also use the new context I have appropriate exceptions that are thrown in the same way with the decrypt and so let’s take a look at will make make sure our algorithm is still there I was still correct okay no errors detected we I’m using a much larger plain text field at 38 K but basically this this test is for is very similar to the previous one I am going to now since I’m pretty close I think I’ve got it where I want to I’m gonna change turn on the big heavy flags that’s in my C makes setup I’ve got this debug secure target and you noticed that all my C make my main C++ flags I’ve now turned on all the the ones that would help me find issues so when I compile this guy again which I’m going to do just the application is the algorithm 44 errors warnings which I didn’t get before so I was like going from debug turn on these flags and going through these kind of it and actually the first time I did this kind of made my heart sink is a lot of them have to do with boost format and boost format works

really well I don’t that it’s it unless you set type sometimes I have to set create temporaries you’re going to get these constant conversion warnings it’s more importantly for me to use the the flags than it is the use boost format okay so I got to fix that so let’s look at of a 4x version I’ll roll back up there in a second but D so I replaced boost format with just a couple of helper functions standard stream no big surprises there but I did introduce something here because I wasn’t sure I was going to get cleaned up correctly and so I created an RA III wrapper around tax in this context I’m calling safe contacts in the constructor I’m knitting it and four just so we could see it that it’s actually being called context I’ve got a little text messages here and then I’m doing cleanup this is one of the rare OpenSSL functions to wear a cleanup routine has a return code a lot of them don’t if this doesn’t clean up that means something really bad and that applications got to die and so in this my simple log program I passed out of fatal and the application should just go away so the way that works is I create the safe contact see and so where I use the reference or the address operator on the context I just it’s just a little bit different but C dot whatever but I don’t have to worry about doing a cleanup in the end because I know when the safe context goes out of scope it’s going to get cleaned up for me I also introduced something those I pushed up into a null namespace and the actual functions that the third-party will use burning up in the public namespace do some size checking because and we don’t want to know right off the bat at the keys incorrect over the IV’s incorrect or the plain text is zero I mean there’s no reason to encrypt so I added some additional checks for that so with the high-level lags on compiled into the compiles clean well that’s the end of my coming down that’s it and this that that’s the end are there any questions sorry for being so abrupt oh yes yeah I got a lot of boost there yeah because some of this is harvested from a block of C + + o3 the question was why am i using some instead of a certs that’s our pattern that’s that’s our preferred usage I guess we we there are very few exceptions we can’t handle and recover from is I guess it’s our approach any other questions yes yeah actually there is some valgrind mentioned so I found someone today yeah yeah there may be certainly better places I know that the search site is actively supported when I could repeat the question why was a statement that I you that I talked about the search site and the search site is doesn’t provide some information that other sites do in particularly with memory

analysis I’d I think the search side is very actively maintained or appears to be now and you could sign up and you can add to it if you want they’ve just moved at the confluence I’ve signed up I haven’t added anything to it yet but you do have that capability yeah it seems to be getting that way any other questions yes sir I’m sorry I don’t understand stack cannery yeah a canary we haven’t overtly used it we’ve turned or just now turn it on the flags and for the compilers to create that for us and some of those flags that that I showed in the mitigation will turn those on oh we don’t do anything overtly in the in the code for it black hat yeah what is the question was whether what are some good resources or tools for people that are interested in become an ethical hat hackers and black hat we have people that go there and speak and and win competitions and there’s supposed to be a lot of fun I haven’t got there because I’m I’m enslaved writing code yes it is any other questions yes we and our automated stuff we actually have a lot ematic continuous integration is a ruby r-spec framework that that works with our art of artifactory and our repository and pulls out all the different pieces and test it and there are some fuzzing engines with Ruby that we use to inject into our C++ code we haven’t spun up I spun up live fuzz when I was at C++ now in May and that looked really cool I was able to replicate finding the heartbleed bug in minutes that’s on our path we’re just since our other buzzer works really well we haven’t introduced it yet any other questions you have ten minutes well I don’t have anything else to add so thank you for coming I hope this was useful you

You Want To Have Your Favorite Car?

We have a big list of modern & classic cars in both used and new categories.