Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
ATC-2015 Software Protection and Current Developments in Cyber Security Serhat Toktamışoğlu [email protected] “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 1 MilSOFT Ø Company Name Ø Established Ø Main in Work Area : MilSOFT Yazılım Teknolojileri A.Ş. : 1998 : System Integration & Software Development Ø Facility : METU Technopolis / ANKARA Teknopark Istanbul / ISTANBUL MilSOFT-USA (Washington/D.C.-USA) Ø Expertise: Command & Control (C2) Tactical Data Links and Messaging Intelligence Surveillance & Reconnaissance (ISR) Electronic Warfare Embedded Systems ICT Solutions Cyber Security 100% Private Turkish Company Ø Certications : § CMMI Level-5 (first one in Europe & only one in Turkey) § ISO 9001:2008 § ISO 27001:2013 § AQAP-2110 & 2210 Ø Clearances : § NATO Secret § National Secret “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 2 Customer Profile (International) “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 3 Cyber Security/Warfare and Public & Private Partnership q Cyber security is the collection of tool, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and Technologies that can be used to protect the cyber environment and organization and user’s assets.* q Cyber warfare is politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare** q «Arms Race» is now «Digital Arms Race» *ITU (International Telecommunication Union) ** DOD - Cyberspace “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 4 Common and Different Security Needs for Different Levels q What we watched in the movies, series and read in the novels became reality now q A cyber attack to the nation’s critical weaponry system may have catastrophic results q If a cyber attacker who compromises a critical infrastructure or a financial system which effects several nations may have a global impact “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 5 Common and Different Security Needs for Different Levels-2 q Critical Organizations (or their partners) are under attack with different motives q Individuals are more under threat than yesterday, Planes, Refrigerators, Cars, Health Care Devices etc. q For sure at the «Internet of The Things» era they will feel they need more and more security in digital life “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 6 Common and Different Security Needs for Different Levels-3 q A striking example of increasing Cyber Security needs for an average individual is Jeep Cherokee hacking announced this summer q They used a zero-day exploit, the code used lets hackers send commands through the Jeep’s entertainment system to vital car components (steering, brakes, transmission etc.) q In another attack, researchers plant a remote-access Trojan on the Tesla Model S’ network while they had physical access. Tesla has already released a patch q Even a Botnet made by cars are possible q Top Security Officers are getting hired by the top manufacturers. q Be prepared to see «Security Usta» in your local garage J “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 7 Need for Specialization q Firewalls, IPS/IDS, antivirus applications, Security Applications, Software Protection Applications and so on. q Different domains need different requirements. For example avionic software need specific security along with safety described in DO-178 q Difficult to specialize in all security fields even for the big multi-national entrprises q "Do One Thing and Do It Well." “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 8 Our Specilization is «Software Protection» q Software Protection can be defined as last line of Cyber Security. q Started from MilSOFT internal needs and now a TÜBİTAK funded project q Main purpose: When firewall, IPS/IDS, antivirus applications are bypassed or there is no such protection in the system, applications should protect themselves. q After using Software Protection Product on your software, it will be harder to reverse-engineer or tamper your software, since your program will protect itself. “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 9 Software Reverse Engineering q Software reverse engineering, or “reversing,” is a collection of techniques for deciphering and analyzing how a program operates. q Reversing is a common, often benign practice among software developers that can be used to enable software from different companies to interoperate or to identify security vulnerabilities before they can be exploited by third parties q «Translated from machine-readable to human-readable form so that its functions and vulnerabilities can be analyzed more easily» GCHQ “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 10 Software Reverse Engineering-2 q Software makers, fearing piracy, hacking and intellectual property theft, often forbid the practice in licensing agreements. q Governments have passed laws, with digital media in mind, that strictly circumscribe tampering with the encryption. q Governments also do reversing «legally» as seen GCHQ activities revealed by Intercept Online q Wassenaar Agreement is an issue within reversing community q «When you outlaw reverse engineering, only outlaws will reverse engineer» D.Litchfield “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 11 Software Protection Usage q Protect Against q Tampering q IP Theft q Copyright Violations q Vulnerability Finding q Malware also uses software protection techniques not surprisingly. You have a backdoor in your system, you may like to hide its activities to gain sometime q It is also essential to stop copycatted by average attackers q Not working against fuzzing q Not for hardware components “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 12 How to protect it q Obfuscation: To harden reverseengineering and critical data stealing q Tamperproofing: To harden changing software behavior and function q Anti-Debug: To prevent the software to be run under any debugger “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 13 Software Protection Program Examples q «The Software Protection Initiative (SPI) offers a novel approach to protecting high value computer programs. It doesn’t secure the computer or the network. Instead it empowers a single computer program to secure itself.» *DoD q «These SPI products are currently being deployed to selected HPC centers and are in use at over 150 DoD government and contractor sites.» *DoD q Microsoft Windows x64 bit Operating Systems kernel have similar protection technology called «Kernel Patch Protection» informally known as PatchGuard “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 14 Essential Software Protection Scenarios q If your aircraft is down on a hostile teritory, critical software should protect themselves against reverse-engineering and prevent stealing of critical implementation details. Hainan Island or RQ-170 Incidents are good examples q Simply a printer driver may be patched to bypass chip control q Curious story of emission “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 15 MilSOFT Software Protection Product q Using techniques from literature and developed own techniques and algorithms (2 patent apllications are on the way) q Prototyping is completed. q Demo with limited capabilities will be ready at the end of 2015. q First release: First half of 2016 for Linux OS then later for Windows OS “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 16 THANK YOU “This document contains confidential and/or proprietary information of MilSOFT and may not be reproduced, copied, disclosed to other parties or used in anyway in whole or in part without prior written consent of MilSOFT” 17