Bestand wählen
Merken

How risky is the software you use?

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
it's and
and and what next told is about how risky itself to use so you may be heard at on trunk versus the the Russian security company the I we want to jobs this we want commence this part and we dislike that pre-judgements of this case 2 courses and pocket Thomson will tell you a little bit more about how risky to software is used but a consensus us details acting director and pocket Thomson is jails lead engineer peace will come with a very very warm applause 10 and Parker thank you thank you know the the very so money Mr. MCA since I'm the acting director of the cyber independent testing lab for words there will talk about all for today specially cyber but I with me today as our lead engineer Parker Thompson and not on stage or other collaborators uh Patrick stack a series echo and present in the room but not on stage much but so today we're gonna be talking about our work over the leader in the introduction that was given is the freeze in terms of Kaspersky and all that and I can be speaking about his spear sky and I guarantee you I'm not gonna be speaking about my president right now program thank you provides so when we go ahead and off and I'll mention now some parts of this presentation are going to be quite technical not most of it and I will always include analogies in all these other things if you were here insecurity what's not say the Twitter and but if you do want to be able to review some of the technical material life go through too fast you like to read it's pure mathematician or if your computer scientist of our slides are already available for download at this site here and we think about our partners how of reading a set of Brussels with started on the real material here right us so we're
CIT on nonprofit organization based in the United States of founded by our Chief Scientist errors Sacco and our board share of much into our mission is a public good mission and we are hackers but the mission here is actually to look out for people who do not know very much about machines are as much as the other hackers to specifically I we seek to improve the state of software security by providing the public with accurate porting on the security of popular software right so there's a mouthful for but so no doubt no doubt every single 1 of you is received questions of the form but were run on my phone but already with this what I would do it that thought I protect myself all these other things lots of people in the general public looking for agency in computing know and offering it to them and so we're trying to go ahead and provide a forcing function on the software field by order to you know again be able to enable consumers and users and all these things from our social good work is funded largely by cultural monies from the Ford Foundation whom we think a great deal of a we also have a major partnerships with the Consumer Reports is a major organization in the United States that generally broadly looks a consumer goods for safety in performance of but also partners with the digital standard which probably we would be of great interest to many people here Congress as it is a whole list extended for protecting user rights will talk about some of the work that goes into those things here in a bit from the but 1st I wanna give the big picture of what it is we're really trying to do in 1 1 short little
sentence something like this but for up for security rights what are the important facts how does a great you know is it easy to consumers it easy to go ahead and look and say that thing is good this thing is not good at something like this but for software security sounds hot doesn't it from so
uh I wanna talk a little bit about what I mean by something like this uh there are lots of consumer outlook and watched organ protection groups are both some private some government uh which are looking to do this for various things that are not software for security from and you see some examples here the big in the United States I happen to not like these as much as some of the newer consumer labels coming out from the EU but nonetheless they are examples of the kinds of things people done in other fields fields that are not Security try to achieve that same and and when these things work well it is for 3 reasons 1 has to contain the relevant information to it has to be based in fact we're not talking opinions this is not a book club or something like that but in 3 has to be actionable has to be actionable we have to be able to know how to make a decision based on how do you do that for so security how do you do that for
software security so the rest of the talk is going to go it in 3 parts the 1st we're going to give a bit of an overview for a morally consumer-facing side of things for the we do have a look at some data that we reported on early and in all these other kinds of things that were then going to go ahead and get terrifyingly the terrifyingly technical and then after that we will talk about tools to actually implement all the stuff the technical part comes before the tools so it shows you how terrifyingly technical organ gets anything right I didn't suffer security a consumer version so if you set
forth to the task of trying to measure software security right many people you probably do work in the security field practice consultants going reviews certainly I used to have and probably what you're thinking to yourself right now is that there are lots and lots and lots and lots of things that affect the security of a piece of software some of which are moons going to see them if you go reversing and some of which are just you kicking around on the ground waiting for notice right so our talk about both of those kinds of things you might measure but here you see are these giant charts that basically go through on the left uh on the left is that we have microsoft excel on OSX on the right but Google Chrome for sex this is a a couple years old at this point maybe 1 and a half years old but over here we are not expecting you to be able to read the the real point is to say look at all of the different things you can measure very easily How do you distillate how you boil it down right so this is the opposite of a good consumer safety Waibel this is just a mn you ever done any consulting this is the kind of report you had a client to tell them how good the software is right the opposite of consumer grade and but the reason I'm showing it here is because you know on the call out some things and maybe you can't process all of this because too much material you know but I'm appalled something's call Mt just like NP you're going to recognize them instantly so for example excel at the time of this review will look at this colored dots was this Dutch telling you it's telling you look at all these libraries all of them are 32 bit only not 64 bits the 64 bit take a look at Crown exact opposite the exact opposite 64 bit binary right what are some other things I Excel again on OSX maybe you can see these danger warning planes the ghost triple think this is the absence of major he protection of flags are in in the binary headers will talk about some what that means exactly in the bits and but also if you have over here you'll see like 0 yeah yeah yeah like Rome has all the different he protections a binary might enable but 1 with sex it is but it also has more dots in this column here off to the right and where those sorts represent those dots represent um functions functions that historically have been the source of uh enough to call these functions are very vertical correctly if you're a C programmer the gets function is a good example but all of them and you can see here the crime doesn't mind it uses them all bunch and Excel not so much and if you know the history of Microsoft and the trusted computing initiative in the STL and all that you will know that a very long time ago Microsoft made a decision and they said they were gonna stop urging some of these other risky functions from our code bases because we think it's easier to ban them in teachers have to use them correctly and you see that reverberating out in the software Google on the other hand says yeah yeah yeah those functions can be dangerous to use but if you know how to use and they can be very good and so the permitted the points all of this is building to is that if you start by just measuring every Whittle thing that like your static analyzes can detect a piece of software 2 things 1 you went up with way more data than you can show on a slide and to the engineering process this offer Bellman life cycle that went into the software will leave behind artifacts that tell you something about the decisions that went into designing that engineering process and so uh you know google for example quite rigorous as far as hitting you know GCC dash and enable all the compiler protections Microsoft maybe was good at that but so much more rigid and things that were very popular ideas when introduced trusted computing right so on the big take away from this material is that again the suffering during process results in artifacts in the software that people can can confined OK so that's that's a whole bunch of data and certainly not a consumer-friendly label
so how do you start to get and towards the consumer zone well the main defect of DP reports that we just saw is that it's too much information is very dense on data but some is very hard to distill it to the so what of it right and so this year is the 1 of our earlier attempts to go ahead and do that distillation what these charts had we come up with things well it on the previous slide when with all these different factors that you can analyze and software basically use use you so we arrive at this for each of those things pick a weight go ahead and compute score average against the weights to Don I you have some number you can have richer libraries in the piece of software and if you do that free to libraries in the software you can then go ahead and produce these histograms the show you know are like this percentage of the DL wells had a score in this range so there's a bomb right so how do you pick those weights we'll talk about that in a sec as very technical but the the take away the 0 is you know that you wanna put these charts now I've obscured to the labels of obscure the labels and the reason I've done that is because I don't really care that much about the actual counts I wanna talk about the shapes of the shapes of these charts to qualitative thing so here good scores appear on the right bad scores appear on the left by the histone measuring all the libraries and components and so very secure piece of software in this model manifests as a whole bar far to the right and you can see a clear example of that In our custom gen to build a new 1 year's agentive and those famine once all this thing I become legal hand turn on every single 1 of those flags and lo and behold if you do that yeah you 1 up with Paul bar for the right user which 16 about 1604 but you recall exactly 16 LTs are here you see a lot of tall bars to the right not quite as consolidated as a custom gen to build but that makes sense doesn't it strike is and you know you do your whole homework to build now I wonna contrast owner contrasted so over here on the right we see in the same model and analysis of the firmware obtained from 2 smart televisions uh last year's models from Samsung and LG in your model numbers we did this work in concert with Consumer Reports and what you notice about these histograms are the bars tall and to the right know they almost normal and not quite but that doesn't really matter the main thing that matters is that this is the shape you'd expect to get if you're playing a random game basically to decide what security features to enable in your software this is the shape of not having a security program is my that that's my that uh and so what you see you see heavy concentration here in the middle right a seems fair in like a tails off on the same Samsung nothing scored all that great same on the algae and that both of them were you know running their respective operating systems and their basically disinheriting whatever security came from whatever open-source thing before right from so this is this is the kind of message this for years the kind of thing that we serve to exist for this is this is also bruising charts showing that the current practices in the not so consumer-friendly space of running your own Linux distros far exceeded the products being delivered by certainly in this case in the smart TV market but I think you might agree with me much worse than the fat yeah so the let's begin to that a
little bit more from other from point I wanna make about that same data set so this table here this table is again looking at the LG Samsung and so into when x installations and on this table or just pulling out some of the easy to identify a security features you might enable a binary right as so low percentage of binaries would address space layout randomization right like what's what about that on to build is over 99 % that also holds for the Amazon Linux amine holds in going to bias the law is incredibly common in modern Linux and despite that fewer than 70 per cent of the binaries on the algae television had enabled through the 70 per cent in the Samsung was going you know better than that I guess but 80 per cent is a pretty disappointing when a default Linux install you know mainstream Linux distros gonna get you 99 right and it only gets worse and how he gets worse right uh you know well rose support uh you know what that is that's OK but if you look at this abysmal coverage with this abysmal coverage of communities that devices a very steady easier over over over again I'm showing this because some people in this room we're watching the video ship software and have a message I have a message for those people who should software who working on the chroma any of the other big name upon own kinds of targets and look at this you can be leading the pack by mastering the fundamentals you the would in the path by mastering fundamentals but this is the point that really the security field we really need to be driving home and you know 1 of the things that we're seeing here in our data is that if you're the vendor who is shipping the product everyone has heard of in the security field and maybe your game is pretty decent right you're shipping the Windows after shipping Firefox whatever but if you're if you're going 1 of these things people kind of beating you up for default passwords then now you problems await further than just default passwords right like the house the house is messy it means the between the speaker and yeah so
but on the rest the talk like I said we're gonna be discussing a lot of other things that amount to getting you know a peek behind the curtain and were some of these things come from getting very specific about how this business works but if you're interested in um the high-level material especially if you're interested in interesting results and insights some of which women have your later but I really encourage you to take a look at the top from this past summer a buyer Chief Scientist errors echo which is predominantly on the topic of a surprising results in the data
but today though are this being our 1st time presenting here in Europe we figured we would take 1 over arching kind of you know what we're doing and why we're excited about and where it's headed and so about to move into a little bit of the underlying theory of you know why do I think it's reasonable but even try to measure the security of software from a technical perspective but before we can get into that need to talk a little bit about our goals so that the decisions in the theory or the motivation is clear right Argles a really simple of the uh it's very easy organization to run because it had full number 1 remain independent of vendor influence we're not the 1st organization to purport to be looking out for the consumer but but unlike many of our predecessors we're not taking money from the people we review right seems like some basic stuff uh have seems like some basic stuff right thank you I have to automated comparible quantitative analysis why automated well we need our test results to be reproducible lands Tim goes and opens up yourself for an idle and finds a bunch of stuff that makes them all stoked but this sort of a repeatable so high a kind of a standard for things and so were interested in things which are automated will talk about maybe a few hackers in you know how hard that is will talk about that other than lastly also were all acting as a watchdog or protecting the interests of the user of the consumer however you would like to look at it from the wheels with 3 non 3 on both the equally important 1 and we have a non goal of finding and disclosing vulnerabilities I reserve the right to find an disclose vulnerabilities but that's not my goal some Michael another non goal is to sell software vendors what to do if a vendor asked me how to remediate the terrible score I will tell them what we're measuring but they're not there to help the remediated is on them to be able to ship a secure product without me holding the hand the hand will see and 3 non-goal outperform free security testing for vendors our testing happens after you release because when you release your software you were telling people it is ready to be used is it really that what is it really the paint that thank you yeah so we are not there to give you a preview of what your score will be out there is no sum of money you can hand me that wall due to an early preview of what your score is you can try I mean you can try me there's a fever trying me this is the for trying me but I'm not gonna look at your stuff until I'm ready to drop it right thing at yeah bits yeah it
so are moving into this theory territory of 3 big questions 3 big questions that need to be addressed if you wanna do our work efficiently what works what works for improving security what are the things that need or that you really want to see in software to how do you recognize 1 it's being done i it's no good if someone and you piece of software in says I've done all the latest things and it's a complete back black box if you can check the claim the claim is as good as false in practical terms period right so has to be reviewable or a priori but I I think your full of it have an 3 of who's doing it of all the things that work that you can recognize who's actually doing it but you know what's go ahead our field is famous for ruining people's holidays and weekends over Friday of disclosure so you know on New Year's Eve but disclosures I would like us to also be famous for calling out of those teams and those offer organizations which our being as good as the bad guys are being bad yeah so provide someone an incentive to be uh be happy to see us for a change right rights how so good thank you yes parts
so how do we actually call these things off the basic idea so on only get into
some deeper theory is another theorist I want you to focus on this slide on and bring it back from theory from here on out after this but it's not a theory of limited focus on this slide so the basic motivation the basic motivation behind what we're doing the technical motivation why we think it's possible to measure and report on security it all boils down to this right so we start with a thought experiment to get that kind of right I Given a piece of software we can ask the yeah overall how secure is it's kind of a vague question but you can imagine you know this versions of that question when 2 of whatever tone abilities um so maybe 1 and with me about what the word vulnerability means but broadly you know there's a much more specific questions right arm and here is here's enticing thing the 1st question appears task for less information then the 2nd question and do maybe of we were taking bets I would put my money on yes it actually does ask for us information what I mean by that what we mean by that well let's say someone told you all of the vulnerabilities in the system right before they I got a long break your iterate school school and someone asks you may have secure is the system you can give them a very precise answer you can say it has and vulnerabilities and of this kind of like all the stuff like certainly the 2nd question is enough to answer the 1st but but is the reverse true namely if someone were to tell you for example here this piece of software has exactly 32 vulnerabilities in it is that make it easier to find any of them right uh there's room for 2 maybe do that using some algorithms that are not yet in existence uh certainly the computer scientists and you're saying well you know um yeah maybe counting number fast solutions doesn't help you practically find solution but might and we just don't know OK fine fine fine maybe these things are the same but so be my experience in security and the experience of many others perhaps is that they probably aren't the same question and this motivates uh uh what I'm calling here is that cos question which is basically asking for an algorithm that demonstrates that the 1st question is easier than the 2nd question right so that was question developer heuristic which can assist officially answer 1 but not necessarily to if you're looking for metaphor if you wanna know why I care about this distinction I want you to think about some certain controversial technologies maybe think about say nuclear technology right in that answers 1 but not to so very safe algorithm the published very survival Washington and quot Shannon would
like more information happy to oblige was take a
look at this question from a different perspective maybe more hands on perspective the hacker perspective rights but your hat during your watching me up here and waving my hands around I'm showing you charts maybe of thinking yourself you avoid what you got right how does this actually go and may a way of thinking yourself is that you know finding that bones at an artisan craft right here in IDA you know your reversing always doing all these things are hidden com I don't know all the stuff and like you know this kind a clever game provenance is not like this thing that the silvery automatable but but should know on the other hand the and there are a lot of tools that do automate things and so is not completely not amenable and if your the fuzzing then perhaps you aware of this very simple observation which is that if your harnesses perfect you really know what you're doing here with these and other than in principle was confined every single problem if ability for yet we'll harness for but in principle it will right so that a perspective on 2nd question is may be of 2 minds on the 1 hand and assessing security is a game of cleverness and only other hand were kind of right now at the cost of having some game-changing tack really go media saying like for that the cost a promise adjusted the cuts we haven't seen all the funding as offered by so maybe there's room maybe there is room for a some automation be possible in pursuit of Zacarias question course there are many challenges still
in them you know using existing hacker technology are mostly of the form of various open questions of for example from the frozen you know they identify many crashes there's an open question will talk about some of those the talk about the the for another perspective here but so maybe you're
not in the business of going suffer reviews within a little computer science and maybe that computer science has you wondering what's this guy talking about right now I'm here to acknowledge that have uh so so whatever you think the word security means about was the questions of your what everything toward security means probably some of these questions are relevant your definition right of the cell for ever hidden backdoor any kind of hidden functionality does on the proper material quickly and so forth uh anyone in your nose and computability theory knows that every single 1 of these questions and many others like them are undecidable due to reasons essentially no different than the reason the halting problem is undecidable which is to say 2 2 reasons essentially 1st identified and studied by Alan Turing a long time before we had microarchitectures only have things things in so the computability perspective says that you know what every definition of security is ultimately you have this recognizability problem fancy way of saying that algorithms will be able to recognize secure software because of the underside of these issues the take away the takeaway is that the computability angle on all this says anyone who's in the business that were and the past to use heuristics you have to you have to of right this guy gets
it right so on the tech side
of our last technical perspective that we're gonna take now is certainly the most abstract which is the bayesian perspective right so if you're frequentist immediate with the times have to uh you know it's everything be easier now are so it was thought about this for a bit is why the map promise which you so I would say that I have some corpus of software perhaps as a collection of all modern browsers practice the collection of all the packages in Debian repository perhaps everything on get help to build on the system perhaps it's hard drive full where is the some guy mailed you right value of some corpus of software and for random soft program in that corpus we can consider this probability the probability distribution of which suffer securities which is not there for reasons described on the computability perspective but this number is not a computable number for any reasonable definition of security and sector needs alone and so at the practical terms so if you wanna do some probabilistic reasoning you need some surrogate for that and so we consider this year uh so instead of considering the probability that a piece of software secure and non-computable non-verifiable point we take a look here at this indexed collections of probabilities this is an infinite countable family of probability distributions are basically piece of Hk is the probability that for a random piece of suffer the corpus H work units of thing will find no more than k unique crashes right and why is this relevance well at the bottom we have this analytic observation which is that in the limit as h goes to infinity you're basically saying 5 was this thing for infinity times you know well what's that look like in and essentially here we have analytically that this should converge the piece of each someone uh from 1 should converge to the probability that this suffered simply cannot be made to crash not the same thing as being secure but certainly not a small concern relevant to security so now let's stuff actually was
based and yet as we need to get there and so on here we go alright so the previous slide is that the probability distribution measured based on focusing on but forcing is expensive and it is also not an answer the 2nd question to find vulnerabilities it as a measure of security in a general sense and so here's where we make the jump to conditional probabilities let M be some observable property of software as a has rel Roque call these functions of the call those functions take your pick on freedom SNS we now consider these conditional probability distributions and this is the same kind of probability as we had on the previous slide but conditioned on this observable being true and this leads to the refined this it'll variant of 2nd question which observable properties of software by satisfy that so when the software has property m the probability of fuzzing being hard is very high that's what this version of this question phrases and here we say no in large log h over k in other words the exponentially more fuzzing and you expect to find bugs so this is the technical version of or after from all of this can be explored you can brute-force away to finding all this stuff that's
exactly what we're doing now so were
looking for all kinds of things were looking for all kinds of things the correlate with of forcing having low yield on a piece of software and there's a lot of ways in which they can happen and I could be that you're looking at features offer that literally prevents crashes and maybe it's the Never Crash flag I don't know right but some the most of the things of talked about this a la railroad cetera don't prevent crashes in fact can take crashing programs and make them crashing is number 1 reason vendors don't enable it right so why am I talking about a us along why my talk about real why what are all these things have nothing to do with stopping crashes anime's claiming a measuring pressures this because the bayesian perspective the correlation is not the same thing as conservation rights correlation is not the same thing as causation it could be that OEMs presence literally prevents crashes but it could also be that by some underlying coincidence but things were looking for are mostly only found in suffer that's robust against crashing through looking for security I submit to you that the difference doesn't matter OK and my math
bunker uh I will now go ahead and do this like a really nice analogy of all those things that I just described right so were looking for indicators of a piece of software being secure enough to be good for consumers right so here's an analogy with say you're geologist use study minerals and all that you're looking for diamonds who isn't right for those diamonds and like how do you find diamonds whom even in places that are rich in diamonds diamonds are not common you know just go walking around in your boots kick in until your stowed tugs on a diamond right don't do that instead you look for other minerals that are mostly only found in your diamonds but are much more abundant in the locations then the diamonds strains of this and Mineral Science 101 a yes or no so efforts everyone of fine diamond put on your bulletin go kick in until you find some chromite look for some outside you know look for some Garnett none of these things turn into diamonds none of these things cause the but if you're finding good concentrations of these things then statistically this probably diamonds nearby that's what we're going 1 or looking for the things that cause good security per say rather were working for the indicators that you'll put the effort in your software print as a work out for us
as a working out for us well were still blowing studies our it's you know really to say exactly but we do have the following interesting coincidence and so by here presented there I have a collection of prices the somebody gave my JFA uh so called the underhand exploits from and I can tell you the phrases are room maybe a little low these days but you need to work in that business if you notice I skin if you do that kind of stuff maybe you know that this is the says ballpark ballpark right and just a coincidence maybe means run right track I don't know but it's an encouraging sign when we run these programs through our analysis our rankings more was correspond to the actual prices that you encounter in the wild are for access the these applications of above I have 1 of our histogram shots but you can see here that Chrome an edge in this particular model scored very close to the same and a test model so with the the basically the same as of Firefox you know some you know behind their little bits i don't of Safari on this chart because this oral Windows applications but a safari score falls in between so a lot of theory what theory with the theory and then now we have this so uh we're gonna go ahead now on and off
to where are we in Junior Parker was going to talk about some of the concrete stuff the non chalkboard stuff the software for stuff that actually makes this work yes itself on talk about the process of actually doing it building a that's required to collect these observables effectively how do you go mining for indicators and indicator minerals yeah but
1st depression where we are and we're going we initially broke this out and the 3 major tracks of our technology we a static analysis engine which started as a prototype and we have now recently completed a much more mature and solid engine that's allowing us to be much more extensible and digging deeper into programs and provided much more deep observables then we have the data collection and data reporting Tim showed some of our early stabs at this form right now in the process of building the new engines to make the data more accessible and easy to work with no more that will be available soon the finally we have a flows attract we need to get some early did as we played with some existing off-the-shelf fuzzers greedy FL and while I was fun unfortunately is a lot of work to manually instrument a lot of others for hundreds of binaries so we then built an automated solution that started to get us closer to having a fuzzy harness 2nd order generate itself depending on the software itself this offers data brain now unfortunately that technology should as more deficiencies mentorship successes so we are now working on a much more mature fuzzer that will allow us to dig deeper into programs as running and collect very specific things that we need for our model in our analysis it but on an
analytic pipeline today this is 1 of the most concrete components of our engine and when the most fun we effectively they wanted some type of software Hopper freaky for programs installers and on the other and come reports of fully annotated and actionable information we can this and people so we went about the process of building a large scale engine it starts off with a simple REST API where we can push software and which then gets moved over to a computation cluster that effectively provides us a fabric to work with it makes it made up of what different software suites starting off with a data processing which is done by Apache Spark and then moves over on the data of data handling and analysis and in stock and then we have the common HDFS to revive a place for the data to be stored and the resource manager in your all of that is backed by our computer data nodes which scale linearly that then moves into our data science engine which is effectively spark with Apache's upward which provides a really fun interface for we can work that the data in an interactive manner but the ticking off large-scale jobs in the cluster and finally this goes into a report generation engine but this bias was the ability to linearly scale and make that Hopper bigger and bigger as we need but also provide us a way to process data that doesn't fit in a single machines around you can push the instance sizes you lot you want but we have datasets that blow away any single a single house ramps set so this allows us to work with really large collections of observables yeah the what did
died down now and to our actual static analysis the 1st we have to explore the problem space because it's a nasty 1 effectively in settles mission is to process is much software as possible hopefully all of it but hand on all the binaries that are out there the really is to look at the problem units there's a lot of the combinations there's a lot of CPU architectures there's a lot of operating systems there's a lot of file formats there's a lot of environments suffered its deployed into an every single 1 of them has their own aperture armory features and they can be specifically set for 1 combination but not another and you don't want penalize a developer for not turning out feature they had no access to ever turn on so effectively we need to solve this in a much more generic way and so what we did is our static analysis engine effectively looks
like a gigantic collection of abstract and libraries to handle binary programs the taken some type of input file the id l the Marco and then the pipeline splits it goes off into 2 major analyzer classes are form analyzes which look at the suffer much like how a linker loader will look at it I want understand how it's going to be loaded up whatever vomit features can be applied we can run analyzes of that in order to achieve that we need abstraction libraries can provide set abstract memory a symbol resolver generic section properties so that the and then we run over a collection of analyzes to collect data on observables next year code analyzes the the analyzes that run over the code itself I need to build a look at the eggs every possible executable path In order to do that we need you function discovery feed that into a control flow of recovery engine and then as a post-processing step dig through all of the possible metadata and this offer such as like a a a source table or something like that to get even deeper the software then this provides as a basic list the of basic blocks functions instruction ranges and as an efficient manners we can process a lot of sufferers it goes then all that gets that over into the mean of modular analyzes finally all this comes together and get put into a gigantic blob of observables and that up to the pipeline so you know I think how the Ford Foundation for supporting our work in this because it's a data pipeline and the static analysis has been a massive boon for a project and were only beginning down to really get our are engine running and running the time of the that so
digging into the observables themselves what are we looking at and this was breaking apart so the format structure components things like ASR depth railroad basic are following is going to go in the feature and the and in the in can be enabled the OS layer when it gets loaded up leg then we also collected other metadata about the program of such as like quot libraries are linked and was its dependency tree look like completely how did those off for headed those libraries score because I can affect your means after interesting sample on Linux if you link a library that requires a xt will stack guess what your software now has an executable stacking of you view the that we need to be honest understand what ecosystem this offers delivered the code structure analyzes look at things like functionality what to suffer doing How whatever the AP armouring is getting injected into the code that example of that is an inexact God's refortify source these are our main features that only really applying can be observed inside of the control flow or instead of the actual instructions themselves this is
why control folic acid key we played around with it a number of different ways of analyzing software that we can scale out and ultimately we had to come down to working with control photographs provided years ago a basic visualization of what I'm talking about the control flow graph provided by danger which has wonderful visualization tools of hence this photo and don't build very very many visualization engines but you basically have a function is broken up into basic blocks which is broken up into instructions and you have basic flow between them having this isn't erable structure that we can work with allows us to walk over there and walk every single instruction understand the references understand where the code and data is being the is being referenced and how is it being referenced whatever functionalizing this is a great way to find something like the whether or not your stack guards are being applied on every function that needs them how did the how deeper they been applied and is a compiler possibly introducing errors into your armory features which are interesting inside studies
also why we did this because we want a push the concept of what type of observables unified let's say take this and take this example you know the take instruction abstractions of state for all major architectures you can bring you can make break them up in the major categories the arithmetic instructions data-manipulation instructions like loads stores and then control flow instructions then with these basic fundamental building blocks you can make artifacts just think of them like in a unit of functionality has some type of inputs and have outputs provide some type of operation on it and then with the zillions of functionality you can link them together and think of these artifacts is maybe some basic block or crossing a few basic blocks but a different way to break up the sufferers of basic block is just a branch break but we will look at functionality breaks because these artifacts can provide the basic fundamental building blocks of the software itself so is more important when we wanna start doing symbolic listing so we can lift the entire software up into a generic of a generic representation that we can slice and dice as needed we even
there what i fuzzy in all the more funding is effectively at the heart of our project it provides us the rich dataset that we can use to derive a model it also provides or some other metadata on the side of but
why why do we care about Freising why is closing the metric you build an engine that we build a model you drive some type of uh tensors and have reason from so think of it the set of bugs vulnerabilities and exploitable vulnerabilities to an ideal world you want to just have a machine that pulls out exploitable vulnerabilities unfortunately this is exceedingly costly for a series of decision problems the go between the sets it's not considered a superset of bugs soft faults a Pfizer can easily recognize a other suffer can easily recognize faults but if you wanna move down the sets you unfortunately need to jump through a lot of decision hopes for example if you want more to evolvability of to understand as the attacker have some type of control is their transboundary being crossed is this offer configured in the right way for this to be vulnerable right now so the human factors that are not visible from the outside you then amplified this decision problem even worse kind exploitable vulnerabilities so if we collect the superset of blogs will know that there's some proportion of subsets in there and this provides us a datasets easily recognizable and we can collect a course in a cost-efficient manner
finally fuzzy is key and were investing a lot of our time right now working on a new fuzzing engine because there are some key things you wanna do we want to be able to understand the all of the different paths to suffer could be taken as a fuzzy effectively driving this offer down as many unique paths while referencing as many unique data meant manipulations as possible so if we save off every path annotate the ones the faulting we now have this beautiful rich dataset of exactly where the software when as we're driving in specific ways then we see that back into are static analysis engine and begin to generate those instruction art of this instruction abstractions those artifacts in with that emerge we have these gigantic traces of instruction abstractions From there we can then begin to train the model to explore around the fault location and begin to understand and try and study the fundamental building blocks of what a bug look like but looks like In abstract instruction agnostic way and this is my worst any alot of time our engine right now but hopefully soon will the talk about that more in attack tracking of the policy track yeah
so from then on anything went wrong with the computer with head but word what promised you a technical
during a promise to technical journey into the dark abyss of as deep as you wanna get with its as so it's going to bring it up what so it's rapid up and bring up a little bit here I will talk a great deal today about some theory we talk about development in our tooling and everything else and so I figured I should end with us some things that are not in progress but in fact which are done in yesterday's news I just go and make that shared here with Europe uh so uh in the midst of all of our development we have been discovering and reporting bugs again this is not our primary purpose really but you know you can't help but do it you know computers are these days you find budgets turning them on right so that we've been no disclosing all that's a little while ago at the right of and black cat are Chief Scientist Sara together with much but when I hadn't dropped this bombshell the Firefox team which is that for some period of time but they had a SLR disabled on OSX the when we 1st found it we assume it was about an hour tools uh when we 1st mentioned it in a talk they came to us and said it's definitely above that our tools or might be or some level of surprise and then people started looking into and in fact at 1 point it had been enabled and then temporarily disabled no 1 knew everyone thought it was on it take someone looking to notice that kind of stuff right a major shut out there they fix that immediately despite our of full disclosure on stage and everything so I'm very impressed uh but today in addition to popping surprises hunt people we've also been doing the usual process of submitting patches and bugs particularly to alluvium and Q when you and that you work suffer analysis public just why from incidentally if you're looking for a target the flows if you wanna go home from CCC and you wanna find a ton of findings uh alluvium comes with a bunch of purses you should them you should force them and I say that because I know for a fact you're going to get a bunch of findings and be really nice I would appreciate it if I didn't have to pay the people to fix them so if you want my disclosing the would help but to decide these bug reports and all these other things that we've also been working with lots of others are you know we give a talk earlier this summer sir give a talk earlier this summer about these things and she presented findings on comparing some of the basic laws of different Linux distributions and based on of those findings so there was a person on the Fedora king Jason Calloway we sat there and what I can't read his mind but I'm sure that he was thinking himself goalie would be nice to not you know be surprised but the next 1 of these talks are these score very well by the way they were reading in many in many of our metrics on any case or the left vagus inuit back home and him and his colleagues have been working on essentially reimplementing much of our tooling so that they can check the stuff that we check before they release before they release looking for before you release so that would be a good thing for others to do and I'm hoping that that idea really catches on the left that I have been I have been I have but but in addition to that in addition to that the our mission really used to get results up to the public and so in order to achieve that we have broad partnership with Consumer Reports in the digital standard of especially during the cyber policy a really encourage you take a look at the proposed but digital standard which is encompassing of the things we look for and and and so much more you was data traffic emotion in cryptography an update mechanism elected stuff so where we are and where we're
going after the big takeaways here if you're if you're looking for that so what 3 . 1 we are a building it when necessary to do larger and larger and larger studies regarding these are sorted securities cost of my hope is that in some period of the heart to distant future I would like to be able to uh with my colleagues publisher really nice findings about what are the things that you can observe in software which have a suspiciously high correlation with the sort for being good right so nobody really knows right now it's an empirical question as far as I know this that he hasn't been done we've been running on a small scale were building 2 1 to do it on a much larger scale we are hoping that this point of being a useful fueled by insecurity as the technology develops but in the meantime a static analyzer be already making surprising discoveries that you to and I take a look at offices actors recent talks at the con black cat out lots of fun findings in their what's of things that anyone who looks would have found it what that and lastly if you in the business of shipping software and you were thinking to yourself OK so these guys someone give them some money to mess of my day you're wondering what can I do not have my day messed up 1 simple piece of advice once simple piece of advice to make sure your software employs every exploit mitigation technique much has ever or will ever hear of any sort of a lot of them you going to you all that for all those things on and if you don't know anything about that stuff that nobody on your knows anything about that stuff uh and why why why I'm you know I'm saying this severe you about that stuff to do that you're not here then you should be here
and the founder of the few thank you demand marker do we have any questions from the audience it's really hard to see where that bright lights in my face it I think the signal tool has a question yeah is in the as a general was addressed by the tools and models those and they're wondering what's going to happen that because you have funding from the most now and so on and so this and commercializing and the open source so how do we get our hands on this as an excellent question so that for the time being many the we're receiving is to develop the pooling of pay for the AWS US instances before the engineers and all that stuff about the direction as an organization we would like to take things I have no interest in running a monopoly that sounds like a fantastic amount of work and I really don't want to do it however I have a great deal of interest in taking the games that we are making the technology and releasing the data are so that other competent researchers can go through and find useful things that we may not have noticed ourselves so we're not at a point where we are releasing data in bulk just yet but that is simply a matter of engineering tools are still in flux eyes as we know when we do that we will make sure that it is corrected source offer has to have its own but council of things but ultimately for the scientific aspect of our mission go the science is not our primary mission of primary mission is to apply it to help consumers are at the same time it is our belief that no opaque model is as good as crap no 1 should trust in a pig model by if somebody is telling you that they have us some statistics and they cannot provide you with any underlying data and is not reproducible to more than consequently what we're working for with right now is getting to a point where we will be able to share all those findings the service cost the interesting correlations between observables and imposing all that the public as material comes on 1 thank you thank you thank you and microphone number 3 please I think and interesting work thinking and so there's something I and I try understand about the person taking on if you're evaluating security of sale library function or an invitation in our protocol for example uh you know the the precise specification attack against and techniques using would make sense to me on that it's not so clear since set the goal set itself is to advise iterative consumer software and it's not clearly whether it's fair to call these results security scores in the absence of a tract model since I question is has a meaningful to make a claim that pieces of security don't have a model for the next question and anyone who disagrees with the with the wrong this the security without a threat model was not a period of years of the point so the things that we're looking for almost the more things that are already find President of small and so for example we reporting on the presence of the data for a lot of other things that at the heart of excludability of piece of software so for example if we are reviewing a piece of software that has lower taxes this that is canonically not in the rat model and in that sense it makes no sense to report on its overall security on the other hand sort of of talking about software like say a word processor of browser or anything on your phone anything that talks on the network right those kinds of applications and I would argue that exploit litigation and the other thing that we are measuring almost certainly very right so there's a sense in which we are measuring is the lowest common denominator among what we imagine the dominant different models for the applications and the answer but I promise heuristics so there you and and you any questions no worries using hands the and then they can ask questions because I never can so the question is you I mentioned earlier the security labels and and for example what institutions could devote the security lives because it's obviously the vendor has no interest in ITC entity yes our is a very good question so our partnership with consumer reports so why don't the notably with them but I mean and the Consumer Reports is a major huge consumer watchdog organization of the test the safety of automobiles that the test you know what the work consumer appliances all kinds of things both to see if a function more or less as advertised most importantly the checking for quality reliability and safety or partnership with the Consumer Reports is all about us doing our work and them publishing that so for example the television that we presented on all that was collected and published in our partnership with Consumer Reports and thank you thank you any other questions for Austrian by you know well in this case people think you know they developed in part group all the analyzed or and this gives them a very very long all of the walls few few few B 2 B is
a ng yeah this if you might if is to
Cybersex
Bit
Web Site
Programm
Gefrieren
t-Test
Kombinatorische Gruppentheorie
Term
Softwaretest
Computerspiel
Prozess <Informatik>
Software
Informatik
Stochastische Abhängigkeit
Analogieschluss
Cybersex
Computersicherheit
sinc-Funktion
Reihe
Rechenschieber
Kollaboration <Informatik>
Software
Menge
Mereologie
Mathematikerin
Wort <Informatik>
Lesen <Datenverarbeitung>
Lineares Funktional
Bit
Selbst organisierendes System
Gemeinsamer Speicher
Computersicherheit
Güte der Anpassung
Mailing-Liste
Whiteboard
Virtuelle Maschine
Selbst organisierendes System
Software
Bildschirmmaske
Digitalsignal
Datenfeld
Standardabweichung
Software
Rechter Winkel
Computersicherheit
Ordnung <Mathematik>
Hacker
Verkehrsinformation
Aggregatzustand
Fehlermeldung
Standardabweichung
Bit
Selbst organisierendes System
Elektronischer Programmführer
Computersicherheit
Versionsverwaltung
Entscheidungstheorie
Software
Datenfeld
Software
Mereologie
Total <Mathematik>
Computersicherheit
Information
Gammafunktion
Resultante
Bit
Punkt
Prozess <Physik>
Compiler
Programm
Zählen
Binärcode
Raum-Zeit
Gradient
Client
Fahne <Mathematik>
Stützpunkt <Mathematik>
Kontrast <Statistik>
E-Mail
Einflussgröße
Lineares Funktional
Shape <Informatik>
Siedepunkt
Transitionssystem
Computersicherheit
Güte der Anpassung
Systemaufruf
Betriebssystem
Quellcode
Biprodukt
Zeitzone
Teilbarkeit
Entscheidungstheorie
Rechenschieber
Konzentrizität
Datenfeld
Histogramm
Datenverarbeitungssystem
Rechter Winkel
Information
Transitionssystem
Message-Passing
Ebene
Gewicht <Mathematik>
Existenzaussage
Zahlenbereich
EDV-Beratung
Code
Task
Histogramm
Spannweite <Stochastik>
Informationsmodellierung
Computerspiel
Mittelwert
Spieltheorie
Software
Produkt <Mathematik>
Programmbibliothek
Zusammenhängender Graph
Analysis
Quick-Sort
Chipkarte
Skalarprodukt
Dreiecksfreier Graph
Firmware
Steuerwerk
Verkehrsinformation
Binärdaten
Resultante
Fundamentalsatz der Algebra
Punkt
Computersicherheit
Adressraum
Information
Biprodukt
Gesetz <Physik>
Binärcode
Videokonferenz
Fundamentalsatz der Algebra
Datenfeld
Software
Rechter Winkel
Spieltheorie
Bildschirmfenster
Computersicherheit
Randomisierung
Passwort
Default
Message-Passing
Fehlermeldung
Tabelle <Informatik>
Resultante
Bit
Gewichtete Summe
Freeware
Selbst organisierendes System
Blackbox
Mathematisierung
Zahlenbereich
Term
Analysis
Physikalische Theorie
Softwaretest
Software
Computersicherheit
Hacker
Softwaretest
Computersicherheit
Biprodukt
Frequenz
Quick-Sort
Entscheidungstheorie
Software
Datenfeld
Rechter Winkel
Softwareschwachstelle
Mereologie
Standardabweichung
Ereignisdatenanalyse
Umwandlungsenthalpie
Siedepunkt
Computersicherheit
Versionsverwaltung
Zahlenbereich
Iteration
Physikalisches System
Information
Fokalpunkt
Physikalische Theorie
Rechenschieber
Task
Software
Algorithmus
Rechter Winkel
Software
Softwareschwachstelle
Reverse Engineering
Existenzsatz
Inverser Limes
Kontrollstruktur
Wort <Informatik>
Information
Softwareentwickler
Informatik
Hilfesystem
Computersicherheit
Einfache Genauigkeit
Information
Rechter Winkel
Perspektive
Datenverarbeitungssystem
Spieltheorie
Hypermedia
Softwareschwachstelle
Luenberger-Beobachter
Information
Hacker
Schnitt <Graphentheorie>
Hacker
Heuristik
Mikroarchitektur
Systemzusammenbruch
Zellularer Automat
Berechenbarkeit
ROM <Informatik>
Systemzusammenbruch
Bildschirmmaske
Algorithmus
Halteproblem
Perspektive
Code
Passwort
Hacker
Informatik
Lineares Funktional
Perspektive
Winkel
Computersicherheit
Heuristik
Software
Funktion <Mathematik>
Rechter Winkel
Offene Menge
Datenverarbeitungssystem
Berechnungstheorie
Hintertür <Informatik>
Wort <Informatik>
Bit
Punkt
Browser
Familie <Mathematik>
Programm
Systemzusammenbruch
Zahlenbereich
Systemzusammenbruch
Term
Festplattenlaufwerk
Einheit <Mathematik>
Software
Perspektive
Minimum
Computersicherheit
Randomisierung
Inverser Limes
Luenberger-Beobachter
Bayes-Netz
Diskrete Wahrscheinlichkeitsverteilung
Perspektive
Dokumentenserver
Computersicherheit
Eindeutigkeit
Physikalisches System
Bayes-Netz
Unendlichkeit
Mapping <Computergraphik>
Software
Einheit <Mathematik>
Rechter Winkel
Datenverarbeitungssystem
Eindeutigkeit
Distributionstheorie
Versionsverwaltung
Kolmogorov-Komplexität
Systemzusammenbruch
Multiplikationssatz
Wechselsprung
Software
Luenberger-Beobachter
Hacker
Einflussgröße
Diskrete Wahrscheinlichkeitsverteilung
Lineares Funktional
Perspektive
Kategorie <Mathematik>
Computersicherheit
Systemaufruf
Beanspruchung
Bayes-Netz
Programmfehler
Rechenschieber
Software
Softwareschwachstelle
Kategorie <Mathematik>
Wort <Informatik>
Eindeutigkeit
Subtraktion
Mathematisierung
Hochdruck
Systemzusammenbruch
Zahlenbereich
Systemzusammenbruch
Perspektive
Software
Rhombus <Mathematik>
Fahne <Mathematik>
Computersicherheit
Indexberechnung
Einflussgröße
Korrelationsfunktion
Analogieschluss
Physikalischer Effekt
Beobachtungsstudie
Perspektive
Booten
Physikalischer Effekt
Computersicherheit
Güte der Anpassung
p-V-Diagramm
Bayes-Netz
Rhombus <Mathematik>
Konzentrizität
Software
Druckverlauf
Rechter Winkel
Analogieschluss
Mailbox
Energieerhaltung
URL
Softwaretest
Beobachtungsstudie
Firefox <Programm>
Bit
Prozess <Physik>
Programm
Kartesische Koordinaten
Google Chrome
Physikalische Theorie
Data Mining
Informationsmodellierung
Weg <Topologie>
Histogramm
Rangstatistik
Software
Rechter Winkel
Vorzeichen <Mathematik>
Bildschirmfenster
Luenberger-Beobachter
Benutzerführung
Indexberechnung
Analysis
Explosion <Stochastik>
Subtraktion
Prozess <Physik>
Digital Rights Management
Programm
Analytische Menge
Binärcode
Hydrostatik
Virtuelle Maschine
Knotenmenge
Bildschirmmaske
Weg <Topologie>
Informationsmodellierung
Mehrrechnersystem
Prozess <Informatik>
Software
Datentyp
Datenverarbeitung
Luenberger-Beobachter
Zusammenhängender Graph
Installation <Informatik>
Greedy-Algorithmus
Schnittstelle
Analysis
Prototyping
Zentrische Streckung
Arithmetische Folge
Einfache Genauigkeit
Datenfluss
Generator <Informatik>
Fuzzy-Logik
Datenverarbeitungssystem
Analytische Menge
Information
Ordnung <Mathematik>
Verkehrsinformation
Prototyping
Fitnessfunktion
Instantiierung
Programmpaket
Hydrostatik
Prozess <Physik>
Programm
Binärcode
Raum-Zeit
Analysis
Metadaten
Einheit <Mathematik>
Code
Kontrollstruktur
Lineares Funktional
Oval
Kategorie <Mathematik>
Abstraktionsebene
p-Block
Quellcode
Ein-Ausgabe
Dateiformat
Arithmetisches Mittel
Festspeicher
Ein-Ausgabe
Dateiformat
Resolvente
Projektive Ebene
Garbentheorie
Ordnung <Mathematik>
Versionsverwaltung
Programmierumgebung
Tabelle <Informatik>
Metadaten
Klasse <Mathematik>
Schaltnetz
Zentraleinheit
Code
Hydrostatik
Systemprogrammierung
Methodenbank
Bildschirmmaske
Spannweite <Stochastik>
Software
Datentyp
Programmbibliothek
Luenberger-Beobachter
Softwareentwickler
Analysis
Binärcode
Architektur <Informatik>
Booten
Mailing-Liste
Symboltabelle
Physikalisches System
Binder <Informatik>
Elektronische Publikation
Generizität
Wiederherstellung <Informatik>
Hydrostatik
Subtraktion
Compiler
Programm
Zahlenbereich
Analysis
Code
Netzwerktopologie
Open Source
Metadaten
Software
Digitale Photographie
Endlicher Graph
Code
Stichprobenumfang
Programmbibliothek
Visualisierung
Luenberger-Beobachter
Kontrollstruktur
Zusammenhängender Graph
Kontrollfluss
Datenstruktur
Beobachtungsstudie
Lineares Funktional
p-Block
Quellcode
Dateiformat
Datenfluss
Arithmetisches Mittel
Funktion <Mathematik>
Datenstruktur
Kontrollflussdiagramm
Grundsätze ordnungsmäßiger Datenverarbeitung
Gamecontroller
Dateiformat
Schlüsselverwaltung
Fehlermeldung
Hydrostatik
Kontrollstruktur
Selbstrepräsentation
Abstraktionsebene
Metadaten
Informationsmodellierung
Einheit <Mathematik>
Software
Datentyp
Computersicherheit
Widget
Luenberger-Beobachter
Kontrollstruktur
Next Generation <Programm>
Speicher <Informatik>
Funktion <Mathematik>
Nichtlinearer Operator
Lineares Funktional
Fundamentalsatz der Algebra
Kategorie <Mathematik>
Abstraktionsebene
Gebäude <Mathematik>
Datenmodell
Verzweigendes Programm
Mailing-Liste
p-Block
Ein-Ausgabe
Funktion <Mathematik>
Einheit <Mathematik>
Last
Projektive Ebene
Computerarchitektur
Modelltheorie
Aggregatzustand
Verzweigendes Programm
Web log
Eins
Hydrostatik
Virtuelle Maschine
Last
Informationsmodellierung
Weg <Topologie>
Tensor
Software
Datentyp
Analysis
Umwandlungsenthalpie
Fundamentalsatz der Algebra
Abstraktionsebene
Gebäude <Mathematik>
Reihe
p-Block
Exploit
Teilbarkeit
Programmfehler
Entscheidungstheorie
Teilmenge
Menge
Fuzzy-Logik
Softwareschwachstelle
Gamecontroller
URL
Ablaufverfolgung
Resultante
Distributionstheorie
Domain <Netzwerk>
Bit
Subtraktion
Prozess <Physik>
Punkt
Patch <Software>
Gesetz <Physik>
Physikalische Theorie
Übergang
Digitalsignal
Arithmetische Folge
Standardabweichung
Datenverarbeitungssystem
Kryptologie
Softwareentwickler
Hilfesystem
Analysis
Schreib-Lese-Kopf
Addition
Kraftfahrzeugmechatroniker
Linienelement
Cybersex
Güte der Anpassung
Turbo-Code
Frequenz
Datenfluss
Programmfehler
Patch <Software>
Datenverarbeitungssystem
Rechter Winkel
Wort <Informatik>
Ordnung <Mathematik>
Verkehrsinformation
Standardabweichung
Resultante
Hydrostatik
Cybersex
Punkt
Selbst organisierendes System
Browser
Gruppenkeim
Iteration
Zahlenbereich
Fluss <Mathematik>
Kartesische Koordinaten
Richtung
Informationsmodellierung
Softwaretest
Maßstab
Spieltheorie
Software
Computersicherheit
Programmbibliothek
Luenberger-Beobachter
Stochastische Abhängigkeit
Korrelationsfunktion
Umwandlungsenthalpie
Beobachtungsstudie
Softwaretest
Zentrische Streckung
Lineares Funktional
Bruchrechnung
Statistik
Protokoll <Datenverarbeitungssystem>
Computersicherheit
Open Source
Gebäude <Mathematik>
Güte der Anpassung
Heuristik
Turbo-Code
Quellcode
Frequenz
Quick-Sort
Office-Paket
Software
Dienst <Informatik>
Exploit
Rechter Winkel
Mereologie
Textverarbeitung
Verkehrsinformation
Instantiierung
Hypermedia
Medianwert
Systemprogrammierung

Metadaten

Formale Metadaten

Titel How risky is the software you use?
Untertitel CITL: Quantitative, Comparable Software Risk Reporting
Serientitel 34th Chaos Communication Congress
Autor Thompson, Tim Carstens
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/34897
Herausgeber Chaos Computer Club e.V.
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Software vendors like to claim that their software is secure, but the effort and techniques applied to this end vary significantly across the industry. From an end-user's perspective, how do you identify those vendors who are effective at securing their software? From a vendor's perspective, how do you identify those techniques which are effective at improving security? Presenting joint work with Sarah Zatko, mudge, Patrick Stach, and Parker Thompson.
Schlagwörter Ethics, Society & Politics

Zugehöriges Material

Folgende Ressource ist Begleitmaterial zum Video
Video wird in der folgenden Ressource zitiert

Ähnliche Filme

Loading...
Feedback