Sunday, February 12, 2017

Must Have Data-Driven Software Defense Strategy to Identify Vulnerable Code


“Security mitigation planning is the process of developing options and actions to enhance experience and reduce threats to the project objectives.”  Although Security Bulletins and Exploitability Indexes help customers to assess potential risks but these reactive measures are not enough. With every security mitigation shipped there is an investment associated to increase the cost to exploit the same vulnerability. Hence, root cause analysis of vulnerability plays a vital role in defining a security mitigation, this is where data analytics on historical vulnerability reports and evaluation of Exploits/POCs/Zero Days becomes critical.
In this talk I will elaborate Multi-Level Exploit Analysis process; organizations must have and use before planning any security mitigation in application code or custom memory managers. These strategies are well thought of and are manifestation of suggestions from chief organizations such as Microsoft. Incorporating this strategy is a great value addition and following actions can help organizations and individuals significantly reduce the risk they face from Zero day exploits.

Keywords:  Multi-Level Exploit Analysis, Vulnerability Analysis, Data Analytics on Security Mitigation, Data-Driven Strategy, Mitigation Progress Monitoring
Must Have Data-Driven Software Defense Strategy to Identify Vulnerable Code:
Security is always relative to the information and services being protected, the skills and resources of adversaries, and the costs of potential assurance remedies via mitigation technique. In Modern era where the profit motive underlies most malicious exploitation activity, effective risk management becomes fundamental. Although 99% of the bugs are caught using functional, Blackbox testing and advanced techniques such as fuzzing and static code analysis, it is this 1% which are difficult to discover for testers and extremely valuable for exploits.

 

Multi-Dimensional Exploit Analysis:

At Blackhat 2016 (USA), Microsoft Presented Data-Driven Software Defense Process illustrating an overview on what strategy organizations should use to identify root cause and perform data analytics on historical data.


 

Security Mitigation Planning, Implementation and Progress Monitoring:

Security mitigation planning, implementation, and monitoring has been represented below in fig.i is a manifestation of Data-Driven Software Defense Process as a flow diagram.



 Exploit Identification is extremely important, involves collecting:
1.     Crashes reported collected by Platforms using:
a.     Microsoft WER (Windows Error Reporting)
b.     Apple BugReport
c.     Mozilla Crash-Stats
d.     Google Error Reporting
2.     Threat Intelligence Report from Security Partners
a.     Responsibly disclosed security incidences/researches
b.     Zero day exploits
c.     Open Source/Social Media


b.    Exploit Impact:
Exploit Impact is the crucial Step where we perform the following activities:
1.     Bucketizing similar crashes to form a list of unique crash stacks and number of crashes observed in the live application state to remove duplicity.
crash_data_table:
bucket_id
crash_stack
crash_count

2.     Collating responsibly disclosed security incidences/researches and Zero day exploits to assign vulnerability type, criticality.
exploit_data_table:
exploit_id
vulnerability_type
stack_trace
criticality

Now that we have the raw-data collated for real-time crashes observed on the application and historical data on responsibly disclosed security incidences we can now work on making sense out of this data. The next steps can be:
1.     After manual evaluation and filtering, list of all vulnerable APIs reported can be collated into one table with exploit_id associated and bucket_id(s) to define susceptibility of an API. Crashing_api_table:
api_id
api_name
exploit_ids
bucket_ids
Possible Scenarios can be summarized into these three primary cases in Figures i,ii,iii:

 
fig(i): describes point of intersection between bucket crash stack and exploit crash stack trace

Figure(ii): describes point of deviation between bucket crash stack and exploit crash stack trace



Figure(iiI): describes point of conjunction between bucket crash stack and exploit crash stack trace

c.     Exploit Criticality:
Criticality for every security incidence reported depends on the type of vulnerability and area impacted by it, unless it’s not a Zero day which needs to get fixed and shipped immediately, and now that we have the health status of every crashing API for every mitigation the decisions become easier with
Crashing_api_table:
api_id
api_name
exploit_ids
bucket_ids
build_id

Priority = Function(Sum_of_all_priorities(exploit_id(s)), crash_count(bucket_id(s)) and,
Vulnerability Popularity Trend in the market shared as research by Threat Intelligence organization.
d.    Security Mitigation:
Mitigation will depend on what strategy to follow and is an organizational decision on how to tackle a type of exploit and what possible measures can be introduced to increase the cost of an attack.

e.     Mitigation Impact & Tracking:

For every mitigation shipped into the market there is an investment associated to increase the cost of generating another exploit in the same code using advanced approaches as described earlier. Thus impact of a mitigation becomes vital to evaluate the quality of the mitigation shipped into the market. Impact of a mitigation starts internally when all the reported security incidences become inoperable followed by tracking new crashes and incidences reported for an api_id inside Crashing_api_table for the latest build(build_id) in the market.

Monday, February 17, 2014

C: Create Binary Search Tree from a Array

Hi, Today we will create a Binary Search Tree, which is nothing but a Sorted Binary Tree. The methods which we have used here are:

  1. Create Tree to iterate the Tree to the length of the array, with a reference to the array and to the root of the Tree
  2. Create a Method to create a node and on the basis of the value at the index in the array and condition to put the node in the Tree should satisfy 
  3. Print theTree
#include <stdio.h>
#include <stdlib.h>

struct BST
{
    struct BST* left;
    int info;
    struct BST* right;
};

void createTree(struct BST*, int*, int);
void makeNode(struct BST*, int*);
void printTree(struct BST*);

int main()
{
    int arr[100] = {6,5,3,7,9,4,1,10};
    struct BST* root = (struct BST*) malloc(sizeof(struct BST));
    root->info = arr[0];
    root->left = root->right = NULL;
    
    createTree(root, arr, 7);
    printTree(root);
    return 0;
}

void createTree(struct BST* root, int* arr_ref, int arr_len)
{
    struct BST* temproot = root;
    
    while(arr_len > 0)
    {
        arr_ref++;
        makeNode(temproot, arr_ref);
        arr_len--;
    }
}

void makeNode(struct BST* root, int* arr_ref)
{
    struct BST* temp = root;
    
        if(temp->info > *arr_ref)
        {
            if(temp->left == NULL)
            {
                struct BST* newnode = (struct BST*) malloc(sizeof(struct BST));
                newnode->info = *arr_ref;
                newnode->left = newnode->right = NULL;
                temp->left = newnode;
            }
            else
                makeNode(temp->left, arr_ref);
        }
        else if(temp->info <= *arr_ref)
        {
            if(temp->right == NULL)
            {
                struct BST* newnode = (struct BST*) malloc(sizeof(struct BST));
                newnode->info = *arr_ref;
                newnode->left = newnode->right = NULL;
                temp->right = newnode;
            }
            else
                makeNode(temp->right, arr_ref);
        }
}

void printTree(struct BST* root)
{
    struct BST* temp = root;
    
    if(temp == NULL)
        return;
    else
    {
        printTree(temp->left);
        printf(" %d ",temp->info);
        printTree(temp->right);
    }
}

Monday, January 6, 2014

Given a Binary Tree, replace the data of each node by the sum of data of all its descendent nodes.(Leaf nodes will have 0)



The Solution for this problem is simple and recursive one. In this problem you have to traverse to the last parent node which has at least 1 child.

So the conditions possible are:

  1. Parent has only one leaf  node a) only Left Leaf Node or b) only Right Leaf Node
  2. Parent has both children, Left and Right Leaf Nodes.
Now the only thing left is to traverse recursively to the last parent and check wether it has one child or 2 children and store the value of its child or sum of children into its info and if the children do not have any further children then set their value to 0.


#include <stdio.h>
#include <stdlib.h>

struct BST
{
    struct BST* left;
    int info;
    struct BST* right;
};

struct BST* newNode(int);
void printTree(struct BST*);
void replaceParentWithSumOfChildren(struct BST*);

Wednesday, December 18, 2013

Adding 3 Linked Lists


Last Time we discussed the basics of Linked List Today we will try adding more more than 2 Linked Lists. Although in the program you will see that I have manually created Lists and then adding them in a very constrained manner which can be overcome by introducing dynamic looping as per the program requirements.


#include <stdio.h>
#include <stdlib.h>

struct Node
{
    int info;
    struct Node* next;
};

int lenghtOfLinkedList(struct Node*); // This method is count the number of elements in a list and on the basis of max count neutralize all other to bring them to the format of largest one.
void createLinkedListA(struct Node*); // create a sample linked list
void createLinkedListB(struct Node*); // create a sample linked list
void createLinkedListC(struct Node*); // create a sample linked list

Now we have linked lists
A = head->6->7->8->9
B = head->1->2->3
c = head->4->5

void neutralizeLinkedList(struct Node*, int, int); 


Now after neutralizing we have linked lists
A = head->6->7->8->9
B = head->0->1->2->3
C = head->0->0->4->5

Tuesday, December 10, 2013

Back To Primitive Code: Creating a Linked List


The below code explains procedure to how to create a Singly-Linked-List and Print Data in that List.

#include <stdio.h>

/*This part of the code is to create a structure in which we create the simplest entity in the List which is a Node
 <Code below is definition of single Node>
The Node consists of the internal Data which can be anything from primitive data to an array to another structure.
*/
struct Node
{
    int info;
    struct Node *next;
};

/*Now to create a linked list what we require is a HEAD to mark the beginning of the Linked-List followed by a TEMP to track the current node being processed, followed by a Temp Definition of NEWNODE which will be created at run-time*/

int main()
{
    int i = 0;
    struct Node *head = (struct Node*)malloc(sizeof(struct Node));
    struct Node *temp = NULL;  
    struct Node *newnode = NULL;  

Saturday, November 2, 2013

Most Optimized Code for Sorting


Hi,

All of you must have come across statements and questions online or technical exams or placement exams asking for the MOST OPTIMIZED Code for sorting. Below I have shared a code to do that.
The Code is easy to understand and implement.

#include <stdio.h>
#include <math.h>

void createArray(int *array_players, int nlenght);
void createTournament(int *arry_players, int nlenght);
int findNextMax(int arry_players[], int nlenght);


int main()
{
    int i, arry_players[100], nlenght, max_value, nextMax_value, sorted_array[100];

    printf("Enter Number of Elements in Array ");
    scanf("%d",&nlenght);

    createArray(arry_players, nlenght);