Case Study: The Secure Development Lifecycle and Internet Explorer 7

About This Presentation

Title:

Case Study: The Secure Development Lifecycle and Internet Explorer 7

Description:

Aggressive Fuzz testing. Static analysis tools. Enhanced domain restrictions on script protocols ... Fuzz test against code that accepts input ... – PowerPoint PPT presentation

Number of Views:61

Avg rating:3.0/5.0

Slides: 35

Provided by: imam9

Category:

more less

Transcript and Presenter's Notes

Title: Case Study: The Secure Development Lifecycle and Internet Explorer 7

1
Case Study The Secure Development Lifecycle and
Internet Explorer 7

Tony Chor
Group Program Manager
Internet Explorer

2
(No Transcript)
3
Todays Presentation

Case study of a mock attack
Security Development Lifecycle
SDL impact on IE6
SDL impact on IE7

4
Past Before XP SP2

Compatibility, features, and user experience
trumped security
Security seen as a servicing problem
Adversarial relationship with community

5
Result
I suggest dumping Microsofts Internet Explorer
web browser, which has a history of security
breaches.
Walt Mossberg Wall Street Journal September 2004
6
Demo
7
Mock Attack Breakdown

A successful attack might require
URL parsing error
Cross-domain write access to another page
Victim page running with access to objects not
marked safe for scripting (SFS)

8
The Security Development Lifecycle
9
Microsoft Security Development Lifecycle
10
Secure Design Using Data Flow Diagrams

Outbound
URLs
HTTP requests
Auth cookie data
Inbound
URLs
HTML
Script
Non-IE files

11
IE Architecture
IEFrame
Browser Helper Objects
ActiveX
Toolbars
MSHTML
Script Engine
Binary Behaviors
URLMon
Mimefilters
WinINet
12
Threats in Mock Attack
Data Flow for Page Rendering Layer

URL parsing error
Cross-domain write access to another page
Victim page running with access to objects not
marked safe for scripting (SFS)

13
SDL in IE So Far

Security Updates
Timeliness
Code quality
Block variations

IE6 in XP SP2
Protect the Machine
Defense in Depth
Local Machine Zone Lockdown
Code Quality
Object caching
Protect the User
ActiveX blocking

14
SDL IN IE7Protect the Machine
15
Protect the Machine
16
Protect the Machine

Attack surface reduction ex ActiveX Opt-in

17
Protect the Machine

Attack surface reduction ex ActiveX Opt-in
2) Code quality
ex Unified URL parsing

18
Protect the Machine

Attack surface reduction ex ActiveX Opt-in
2) Code quality
ex Unified URL parsing
3) Defense in Depth
ex Protected Mode

19
Protect the Machine

Attack surface reduction ex ActiveX Opt-in
2) Code quality
ex Unified URL parsing
3) Defense in Depth
ex Protected Mode

20
IE Running as Admin on XP
IExplore.exe
Admin-Rights Access
HKLM Program Files
User-Rights Access
HKCU My Documents Startup Folder
Temp Internet Files
Untrusted files settings
21
IE Running in Protected Mode on Vista
Protected Mode IE
Integrity Control
Broker Process
Admin-Rights Access
HKLM HKCR Program Files
Broker Process
User-Rights Access
HKCU My Documents Startup Folder
Temp Internet Files
Untrusted files settings
22
Demo
23
Protect the Machine More...

Attack Surface Reduction
ActiveX Opt-in
Remove Channels
Remove Gopher and Telnet protocols
Disable status bar scripting
Disable Intranet Zone settings for home users
Disable SSL v2
Code Quality
Unify URL parsing Secure Defaults for IDN
Aggressive Fuzz testing
Static analysis tools
Enhanced domain restrictions on script protocols
Redirect-aware cross-domain checks
Defense in Depth
Protected Mode IE on Windows Vista

24
SDL IN IE7Protect the User
25
Protect the User
26
Protect the User
FREE STUFF!
27
Phishing A Growing Threat
Source Anti-Phishing Working Group
28
Phishing Putting the Brakes on E-Commerce
Source Consumer Reports, Fall 2005
29
Protect the User

Phishing Filter
High Assurance SSL
Fix My Settings

30
Demo
31
Result
Im just starting to read about the new security
features in Internet Explorer 7. So far, I like
what Im reading.
Bruce Schneier Counterpane Internet
Security February 9, 2006
32
IE7 in Final Security Review