logging in or signing up Security Engineering In Vista Clown Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 103 Category: Product Traini.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 30, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript How the Security Development Lifecycle (SDL) Improved Windows Vista: How the Security Development Lifecycle (SDL) Improved Windows Vista Michael Howard mikehow@microsoft.com Senior Security Program Manager Microsoft Corp. 1 Who is this Guy?: Who is this Guy? mikehow@microsoft.com Microsoft employee for 14 years Always in security A pragmatist! Windows Vista Engineering Process (from 35,000ft!): Windows Vista Engineering Process (from 35,000ft!) 3 Why All This Security Work?: Why All This Security Work? 4 Guidance and Education: Guidance and Education 5 “Quality Gates”: 'Quality Gates' 6 Hang on … What’s SAL?: Hang on … What’s SAL? 7 Standard Annotation Language: 8 Standard Annotation Language SAL at Work: 9 SAL at Work void FillString( TCHAR* buf, size_t cchBuf, TCHAR ch) { for (size_t i = 0; i andlt; cchBuf; i++) { buf[i] = ch; } } These two arguments are related, but the compiler does not know! SAL at Work: 10 SAL at Work void FillString( __out_ecount(cchBuf) TCHAR* buf, size_t cchBuf, TCHAR ch) { for (size_t i = 0; i andlt; cchBuf; i++) { buf[i] = ch; } } SAL at Work: 11 SAL at Work __out_ecount(cchBuf) Out buffer, function will write to the buffer. Other examples include __in and __inout Element count. Other example includes bcount, byte count. SAL at Work: 12 SAL at Work Warning C6386: Buffer overrun: accessing 'argument 1', the writable size is ‘200*2' bytes, but '420' bytes might be written: Lines: 33, 34 Warning C6387: 'argument 1' might be '0': this does not adhere to the specification for the function 'FillString': Lines: 33, 34 void FillString( __out_ecount(cchBuf) TCHAR* buf, size_t cchBuf, TCHAR ch) { for (size_t i = 0; i andlt; cchBuf; i++) { buf[i] = ch; } } void main() { TCHAR *buff = malloc(200 * sizeof(TCHAR)); FillString(buff,210,_T(’x’)); } Central Analysis (1 of 2): Central Analysis (1 of 2) 13 char buf[32]; strcpy(buf,src); char buf[32]; strcpy_s(buf,src,32); Central Analysis (2 of 2): Central Analysis (2 of 2) 14 A Note About Tools: A Note About Tools 15 Tools DO NOT MAKE SOFTWARE SECURE! They help scale the process and they help enforce policy Threat Analysis: Threat Analysis 16 External Review: External Review 17 If all the upfront engineering fails…Windows Vista Defenses: If all the upfront engineering fails… Windows Vista Defenses 18 Windows Vista Defenses: Windows Vista Defenses 19 Windows Vista DefensesSecurity Features (1 of 2): Windows Vista Defenses Security Features (1 of 2) 20 Windows Vista DefensesSecurity Features (2 of 2): Windows Vista Defenses Security Features (2 of 2) 21 Windows Vista DefensesService Hardening (1 of 2): Windows Vista Defenses Service Hardening (1 of 2) 22 Windows Vista DefensesService Hardening (2 of 2): Windows Vista Defenses Service Hardening (2 of 2) 23 Windows Vista Defenses Isolation: Windows Vista Defenses Isolation 24 Windows Vista DefensesMemory defenses (1 of many): Windows Vista Defenses Memory defenses (1 of many) 25 Windows Vista DefensesMemory defenses (2 of many): Windows Vista Defenses Memory defenses (2 of many) 26 Windows Vista DefensesMemory defenses (3 of many): Windows Vista Defenses Memory defenses (3 of many) 27 Windows Vista DefensesMemory defenses (4 of many): Windows Vista Defenses Memory defenses (4 of many) 28 Default Exploit Mitigations on Popular Client Operating Systems: Default Exploit Mitigations on Popular Client Operating Systems 29 Software Security Science: Software Security Science 30 Summary: Summary 31 Slide32: 32 Backup Slides: Backup Slides 33 Banned APIs: Banned APIs strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW alloca, _alloca wnsprintf, wnsprintfA, wnsprintfW, sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf, _snwprintf, _snprintf, _sntprintf, wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, vswprintf, _vsnprintf, _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW strtok, _tcstok, wcstok, _mbstok makepath, _tmakepath, _makepath, _wmakepath, _splitpath, _tsplitpath, _wsplitpath scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf _itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow gets, _getts, _gettws IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen No Weak Crypto: No Weak Crypto No new code must use: MD4, MD5, SHA1 (use SHA2 suite) DES (use AES) RC4 (without crypto review) No symmetric keys andlt;128 bits No RSA keys andlt; 1024 bits No weak random number generation No embedded ‘secrets’ Be 'crypt agile' You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Security Engineering In Vista Clown Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 103 Category: Product Traini.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 30, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript How the Security Development Lifecycle (SDL) Improved Windows Vista: How the Security Development Lifecycle (SDL) Improved Windows Vista Michael Howard mikehow@microsoft.com Senior Security Program Manager Microsoft Corp. 1 Who is this Guy?: Who is this Guy? mikehow@microsoft.com Microsoft employee for 14 years Always in security A pragmatist! Windows Vista Engineering Process (from 35,000ft!): Windows Vista Engineering Process (from 35,000ft!) 3 Why All This Security Work?: Why All This Security Work? 4 Guidance and Education: Guidance and Education 5 “Quality Gates”: 'Quality Gates' 6 Hang on … What’s SAL?: Hang on … What’s SAL? 7 Standard Annotation Language: 8 Standard Annotation Language SAL at Work: 9 SAL at Work void FillString( TCHAR* buf, size_t cchBuf, TCHAR ch) { for (size_t i = 0; i andlt; cchBuf; i++) { buf[i] = ch; } } These two arguments are related, but the compiler does not know! SAL at Work: 10 SAL at Work void FillString( __out_ecount(cchBuf) TCHAR* buf, size_t cchBuf, TCHAR ch) { for (size_t i = 0; i andlt; cchBuf; i++) { buf[i] = ch; } } SAL at Work: 11 SAL at Work __out_ecount(cchBuf) Out buffer, function will write to the buffer. Other examples include __in and __inout Element count. Other example includes bcount, byte count. SAL at Work: 12 SAL at Work Warning C6386: Buffer overrun: accessing 'argument 1', the writable size is ‘200*2' bytes, but '420' bytes might be written: Lines: 33, 34 Warning C6387: 'argument 1' might be '0': this does not adhere to the specification for the function 'FillString': Lines: 33, 34 void FillString( __out_ecount(cchBuf) TCHAR* buf, size_t cchBuf, TCHAR ch) { for (size_t i = 0; i andlt; cchBuf; i++) { buf[i] = ch; } } void main() { TCHAR *buff = malloc(200 * sizeof(TCHAR)); FillString(buff,210,_T(’x’)); } Central Analysis (1 of 2): Central Analysis (1 of 2) 13 char buf[32]; strcpy(buf,src); char buf[32]; strcpy_s(buf,src,32); Central Analysis (2 of 2): Central Analysis (2 of 2) 14 A Note About Tools: A Note About Tools 15 Tools DO NOT MAKE SOFTWARE SECURE! They help scale the process and they help enforce policy Threat Analysis: Threat Analysis 16 External Review: External Review 17 If all the upfront engineering fails…Windows Vista Defenses: If all the upfront engineering fails… Windows Vista Defenses 18 Windows Vista Defenses: Windows Vista Defenses 19 Windows Vista DefensesSecurity Features (1 of 2): Windows Vista Defenses Security Features (1 of 2) 20 Windows Vista DefensesSecurity Features (2 of 2): Windows Vista Defenses Security Features (2 of 2) 21 Windows Vista DefensesService Hardening (1 of 2): Windows Vista Defenses Service Hardening (1 of 2) 22 Windows Vista DefensesService Hardening (2 of 2): Windows Vista Defenses Service Hardening (2 of 2) 23 Windows Vista Defenses Isolation: Windows Vista Defenses Isolation 24 Windows Vista DefensesMemory defenses (1 of many): Windows Vista Defenses Memory defenses (1 of many) 25 Windows Vista DefensesMemory defenses (2 of many): Windows Vista Defenses Memory defenses (2 of many) 26 Windows Vista DefensesMemory defenses (3 of many): Windows Vista Defenses Memory defenses (3 of many) 27 Windows Vista DefensesMemory defenses (4 of many): Windows Vista Defenses Memory defenses (4 of many) 28 Default Exploit Mitigations on Popular Client Operating Systems: Default Exploit Mitigations on Popular Client Operating Systems 29 Software Security Science: Software Security Science 30 Summary: Summary 31 Slide32: 32 Backup Slides: Backup Slides 33 Banned APIs: Banned APIs strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW alloca, _alloca wnsprintf, wnsprintfA, wnsprintfW, sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf, _snwprintf, _snprintf, _sntprintf, wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, vswprintf, _vsnprintf, _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW strtok, _tcstok, wcstok, _mbstok makepath, _tmakepath, _makepath, _wmakepath, _splitpath, _tsplitpath, _wsplitpath scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf _itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow gets, _getts, _gettws IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr strlen, wcslen, _mbslen, _mbstrlen, StrLen, lstrlen No Weak Crypto: No Weak Crypto No new code must use: MD4, MD5, SHA1 (use SHA2 suite) DES (use AES) RC4 (without crypto review) No symmetric keys andlt;128 bits No RSA keys andlt; 1024 bits No weak random number generation No embedded ‘secrets’ Be 'crypt agile'