Secure Coding Praktikum

Pre-course Meeting

Secure Coding (IN2106)

Master Praktikum (Lab)

Chair 22, Prof. Dr. Alexander Pretschner

IT IS ABOUT:

• Software protection / Code hardening

• Code analysis / Reverse engineering

• Tampering with program code

IT IS NOT ABOUT:

• Exploiting vulnerabilities in software

• Sniffing info from network packets

2 Secure Coding (IN2106) - Sebastian Banescu

What is Secure Coding?

• Lecturer/Instructor: Sebastian Banescu

• ECTS: 10 (1 ECTS ≈ 30 hours)

• Language: English

• Maximum number of participants: 20

• Prerequisites: C programming

• Recommended:

• X86 Assembly language

• Linux

• Docker

• screen-casting

• Registration: TUMonline matching system https://matching.in.tum.de (starting 1st of July)

Important Details


https://matching.in.tum.de/

Secure Communication

• Attack: Read or modify message

Software Security

• Attack: Exploit bug, take control

Software Protection

• Attack: Extract hidden information

• Attack: Modify code

Attacker Models


Real-world Examples:

1. Intellectual property theft

2. Cracking licenses

3. Cheating in games

4. Browser hijacking

Man-At-The-End (MATE) Attacker


Software vendor not the only

victim of MATE attackers

1. Software Developer distributes

software “X” to all end-users

2. Some end-users are MATE

attackers

3. MATE reverse engineers “X”

and builds a hijacker of “X”

4. MATE distributes hijacker to

other end-users of “X”

Software Developer is Not The Only Victim


What can we do to protect victims?

• Give everyone a different version

Questions:

• Will this deter MATE attackers?

• How can we automatically

generate the different versions?

• Is this used in practice?

Software Diversity


Example of Software Diversity in Real-World


Software developer always good?

MATE attackers always bad?

• Software dev: malware writer

• MATE attackers: Virus analysts

• Software protection scenarios

• Software protection tools and techniques

• Reverse engineering and cracking techniques

• Static and dynamic program analysis

• Code obfuscation and diversity

• Tamper-proofing

• …

Topics Covered


Project Phases (in groups of 2 students)


1. App Protection

Assets to protect: license check, IP address, control-flow graph, code, etc.

Attacker capabilities: read and modify code

2. Reverse Engineering

Recover assets from protected apps automatically

Use state-of-the-art binary analysis frameworks: angr, radare2, Triton, etc.

3. Verifying Findings

Learn what others did in phase 2

See if you can improve what they did (optional)

4. App Hardening

Apply what you learned in phases 2 and 3 to protect the assets from phase 1

5. Verifying Hardening

Check if the attacks from phases 2 and 3 can be used to break the hardened apps

See if you can create attacks that can break them (optional)

• Code and documents developed in groups for ALL 5 phases: 80%

𝑃𝑟𝑜𝑗 = 0.65 ∗(𝑃1+𝑃2+𝑃4

3)+0.35 ∗ (

𝑃3+𝑃5

2)

• Individual presentation: 20%

• Grade bonus for solving obfuscation challenges: up to 10%

𝐹 = 0.8 ∗ 𝑃𝑟𝑜𝑗 + 0.2 ∗ 𝑃𝑟𝑒𝑠𝑒𝑛𝑡𝑎𝑡𝑖𝑜𝑛 + 0.1 ∗ 𝐵𝑜𝑛𝑢𝑠

Assessment

Phase Code Docs Screen

Casts Grade

1. App Protection 60% 40% 𝑃1 = 0.6 ∗ 𝐶 + 0.4 ∗ 𝐷

2. Reverse Engineering 50% 20% 30% 𝑃2 = 0.5 ∗ 𝐶 + 0.2 ∗ 𝐷 + 0.3 ∗ 𝑆

3. Verify Findings 50% (bonus) 40% 60% 𝑃3 = 0.5 ∗ 𝐶 + 0.4 ∗ 𝐷 + 0.6 ∗ 𝑆

4. App Hardening 60% 40% 𝑃4 = 0.6 ∗ 𝐶 + 0.4 ∗ 𝐷

5. Verify Hardening 50% (bonus) 60% 40% 𝑃5 = 0.5 ∗ 𝐶 + 0.6 ∗ 𝐷 + 0.4 ∗ 𝑆


1. Surreptitious Software: Obfuscation, Watermarking, and

Tamperproofing for Software Protection, Jasvir Nagra, Christian

Collberg, Pearson Education, Jul 24, 2009

2. The Ida Pro Book: The Unofficial Guide to the World's Most Popular

Disassembler, Chris Eagle No Starch Press, Incorporated, 2011

3. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel,

Reversing Tools, and Obfuscation, Bruce Dang, Alexandre Gazet,

Elias Bachaalany, John Wiley & Sons 2014

Recommended Reading


Thank you for your attention!

Questions?

Secure Coding (IN2106) - Sebastian Banescu 13

Documents

Secure Coding Praktikum