Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Security Technology Arms Race 2021 - Medal Event
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Security was not a primary design concern at the outset • Unsigned code was the default mode of operation • Devices do not have open and attestable codebases • We rely on legacy design decisions ofte…
- 3 Security boundaries were sometimes ill defined and/or moved as technology progressed • Lock screens • Admin loading a kernel driver • Windows desktops
- 4 A lot of security science was in its infancy • Vulnerability patterns + attack strategies • Static analysis and decompilation • Fuzzing methodologies • Best programming practices
- 5 Defensive ecosystem started small • Difficulty of patch management / updating Third party libraries especially • Difficulty of detecting (sophisticated) attacks and compromise
- 6 Technology breakthroughs sometimes undermines defensive strategies and assumptions • Encryption and hashing breakthroughs (MD5)
- 7 The perfect storm for offense • Motivation • Relatively low cost
- 8 Discovery cost is rarely linear • Large start cost to find first bug, following bugs much quicker Same with development cost • Develop a technique or bypass, reuse Halvar Flake discussed this concept…
- 9 Major discovery costs: • Improved vendor bug discovery
- 10 Major development costs
- 11 Maintenance as an ongoing cost is rarely discussed • Software releases are frequent (4-6 weeks cyde) • Keeping an exploit operational is a lot of work "Stockpiling" is largely a myth specifically bec…
- 12 Isolation has been the primary cause of dramatically increased cost Multiplier effect: Each link in the chain requires a new discovery + development cost
- 13 Example: There is no market for stolen iPhones (And: if you lose your iPhone, the chances of a stranger being able to unlock it are practically zero) Even LEO might have trouble
- 14 Modern iPhone browser chain limitations • Cannot inject into other processes without PPL bypass • Retaining access on reboot is very challenging
- 15 Detection has historically been very poor . Figure out a signature, work around it Vendors have the advantage of scale to detect anomalies • Microsoft Defender for Endpoint
- 16 Sandboxing is effective • Constrained to limited privileges • Might be able to break it periodically, but not continuously
- 17 CFI is increasingly effective to prevent execution
- 18 Data Pointer Integrity (DPI) has landed* • MTE will likely follow on multiple platforms
- 19 Most early stage mitigations are limited to 1 or 2 bug classes • Render some vulnerabilities useless Data PAC and MTE are game changers Early stage mitigation that potentially applies to everything
- 20 Defensive Advantage: Detection of compromise becomes easier • If telemetry runs with more privileges that offensive tooling can obtain, it is harder to evade
- 21 Historically, memory corruption is the favoured technique • Applicable to most technologies and attack vectors • Often most powerful (unfettered access to function and data) • Difficult to detect and…
- 22 Cryptography Flaws • Cryptography underpins nearly all current security technology in one form or another in every layer of the technology stack
- 23 Potential to: • Eavesdropping and payload delivery (browser/chat) Bypassing code signing and trusted boot
- 24 Protocol Attacks • Revisiting and examining new network protocol attacks has potential, particularly when coupled with other flaws
- 25 One of offense's initial advantages was the reliance on legacy design principles for secure computing Is offense starting to incur a similar cost?
- 26 Offensive tools are often written to be deployed based on various assumptions Most interesting traffic is on an open and distributed internet
- 27 1 Memory.corruption is still the most effective strategy for offense, but it's advantages are eroding 2 Increasingly, offense will replace memory corruption components with other lógic flaws 3 Defens…
