This is the video of the presentation titled "Office Security Engineering
" given at BlueHat 09
Security researchers and zero day exploits continue to leverage fuzzing bugs in Microsoft products. What are we doing to defend our products? As presented during last year's Blue Hat, the more fuzzing iterations performed, the more likely you are to find bugs. The SDL now requires a clean fuzz run of half a million iterations in order to ship. Seems like a good idea and achievable, but what happens if your application parses more than 200 formats? Time to think like a black hat and leverage the power of a botnet to get your work done – complete with fuzzing commands and control servers to delegate work to the fuzzing bots.
This presentation covers a framework built by the Office team to efficiently fuzz any file format parser. This framework can be used by any internal product team that parses file input, and significantly reduces the pain around file fuzzing. This framework is not a fuzzer itself. You won't need to rewrite your fuzzers. Instead it allows existing fuzzers to plugin and run in a distributed fashion. The Office team is using this system to perform millions of iterations per day without purchasing any additional hardware. The Office team turned desktop machines and lab machines into a botnet for fuzzing during downtime. Other challenges that are solved by the distributed fuzzing framework and covered in this presentation include central run management, recurring job scheduling, duplicate detection across machines and runs, automated regression passes, and automated bug filing.
Even with millions of fuzz iterations and following the best practices of the Security Development Lifecycle (SDL), some bugs will be missed. The Office security team has engineered a series of layered defenses in addition, to strengthen the parsers themselves. This presentation also covers two of these layers. The first layer, Gatekeeper, helps validate if the data should be loaded by the target application. The Gatekeeper architecture allows it to be used by other applications and describe additional binary formats. The second layer discussed leverages Windows Integrity Levels and is known as Protected View. Even if malicious code runs inside of Protected View, it should not be able to alter the host machine. The presentation will demonstrate how recent MSRC cases are mitigated by Protected View and Gatekeeper.
Speaker Bios: Tom Gallagher
has been intrigued by both physical and computer security from a young age. He is currently the lead of the Microsoft Office Security Test team. Tom co-authored the Microsoft Press title Hunting Security Bugs, and has presented at the Open Web Application Security Project (OWASP) in Seattle, at Black Hat, and at the TechEd conferences.David Conger
started at Microsoft in 2005 after graduating from the University of Puget Sound. He is a Software Development Engineer in Test II on the Microsoft Access team and built the Distributed Fuzzing Framework as a way to better utilize his team's resources for fuzzing.
Tags: fun ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.