Title: Case Study: The Secure Development Lifecycle and Internet Explorer 7
1Case Study The Secure Development Lifecycle and
Internet Explorer 7
- Tony Chor
- Group Program Manager
- Internet Explorer
2(No Transcript)
3Todays Presentation
- Case study of a mock attack
- Security Development Lifecycle
- SDL impact on IE6
- SDL impact on IE7
4Past Before XP SP2
- Compatibility, features, and user experience
trumped security - Security seen as a servicing problem
- Adversarial relationship with community
5Result
I suggest dumping Microsofts Internet Explorer
web browser, which has a history of security
breaches.
Walt Mossberg Wall Street Journal September 2004
6Demo
7Mock Attack Breakdown
- A successful attack might require
- URL parsing error
- Cross-domain write access to another page
- Victim page running with access to objects not
marked safe for scripting (SFS)
8The Security Development Lifecycle
9Microsoft Security Development Lifecycle
10Secure Design Using Data Flow Diagrams
- Outbound
- URLs
- HTTP requests
- Auth cookie data
- Inbound
- URLs
- HTML
- Script
- Non-IE files
11IE Architecture
IEFrame
Browser Helper Objects
ActiveX
Toolbars
MSHTML
Script Engine
Binary Behaviors
URLMon
Mimefilters
WinINet
12Threats in Mock Attack
Data Flow for Page Rendering Layer
- URL parsing error
- Cross-domain write access to another page
- Victim page running with access to objects not
marked safe for scripting (SFS)
13SDL in IE So Far
- Security Updates
- Timeliness
- Code quality
- Block variations
- IE6 in XP SP2
- Protect the Machine
- Defense in Depth
- Local Machine Zone Lockdown
- Code Quality
- Object caching
- Protect the User
- ActiveX blocking
14SDL IN IE7Protect the Machine
15Protect the Machine
16Protect the Machine
- Attack surface reduction ex ActiveX Opt-in
17Protect the Machine
- Attack surface reduction ex ActiveX Opt-in
- 2) Code quality
- ex Unified URL parsing
18Protect the Machine
- Attack surface reduction ex ActiveX Opt-in
- 2) Code quality
- ex Unified URL parsing
- 3) Defense in Depth
- ex Protected Mode
19Protect the Machine
- Attack surface reduction ex ActiveX Opt-in
- 2) Code quality
- ex Unified URL parsing
- 3) Defense in Depth
- ex Protected Mode
20IE Running as Admin on XP
IExplore.exe
Admin-Rights Access
HKLM Program Files
User-Rights Access
HKCU My Documents Startup Folder
Temp Internet Files
Untrusted files settings
21IE Running in Protected Mode on Vista
Protected Mode IE
Integrity Control
Broker Process
Admin-Rights Access
HKLM HKCR Program Files
Broker Process
User-Rights Access
HKCU My Documents Startup Folder
Temp Internet Files
Untrusted files settings
22Demo
23Protect the Machine More...
- Attack Surface Reduction
- ActiveX Opt-in
- Remove Channels
- Remove Gopher and Telnet protocols
- Disable status bar scripting
- Disable Intranet Zone settings for home users
- Disable SSL v2
- Code Quality
- Unify URL parsing Secure Defaults for IDN
- Aggressive Fuzz testing
- Static analysis tools
- Enhanced domain restrictions on script protocols
- Redirect-aware cross-domain checks
- Defense in Depth
- Protected Mode IE on Windows Vista
24SDL IN IE7Protect the User
25Protect the User
26Protect the User
FREE STUFF!
27Phishing A Growing Threat
Source Anti-Phishing Working Group
28Phishing Putting the Brakes on E-Commerce
Source Consumer Reports, Fall 2005
29Protect the User
- Phishing Filter
- High Assurance SSL
- Fix My Settings
30Demo
31Result
Im just starting to read about the new security
features in Internet Explorer 7. So far, I like
what Im reading.
Bruce Schneier Counterpane Internet
Security February 9, 2006
32IE7 in Final Security Review
- Security test cases
- Test against threats
- Pentest against all features
- Fuzz test against code that accepts input
- External pentest partners reviewed the features
and code
33Conclusion
- The SDL is helping make IE safer
- Were not done yet
- Wed like your help
- Test IE7 for security and compatibility
- www.microsoft.com/ie/
- Final release Q4 2006
- Give us feedback
- blogs.msdn.com/ie/
- secure at microsoft dot com
34(No Transcript)