• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case
 

Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case

on

  • 134 views

 

Statistics

Views

Total Views
134
Views on SlideShare
134
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case Presentation Transcript

    • www.egi.euEGI-InSPIRE RI-261323EGI-InSPIREwww.egi.euEGI-InSPIRE RI-261323Vulnerability Assessment ofMiddleware Packages Supplied byEMI: VOMS Core CaseManuel Brugnoli, Elisa HeymannUAB
    • www.egi.euEGI-InSPIRE RI-261323Outline• First Principles Vulnerability Assessment(FPVA)• VOMS Core• VOMS Core assessment using FPVA• ConclusionsContents
    • www.egi.euEGI-InSPIRE RI-261323“Is a primarily analyst-centric (manual)approach to assessment, whose aim is to focusthe analyst’s attention on the parts of thesoftware system and its resources that aremostly likely to contain vulnerabilities thatwould provide access to high-value assets”** James A. Kupsch, Barton P. Miller, Eduardo César, and Elisa Heymann, "First Principles VulnerabilityAssessment" (extended version), MIST Project Technical Report, September 2009.First Principles VulnerabilityAssessment (FPVA)
    • www.egi.euEGI-InSPIRE RI-261323ArchitectureResourcesPrivilegesComponentsDisseminationto identify the major structural componentsof the system, including modules, threads,processes, and hosts.to identify the key resources accessed byeach component, and the operationssupported on those resources.identifies the trust assumptions about eachcomponent, answering such questions ashow are they protected and who canaccess them?is to examine each component in depth. Akey aspect is that this step is guided byinformation obtained in the first three steps,helping to prioritize the work so thathighvalue targets are evaluated first.artifacts produced by this step arevulnerability reports, perhaps withsuggested fixes, to be provided to themiddleware developers.First Principles VulnerabilityAssessment (FPVA)
    • www.egi.euEGI-InSPIRE RI-261323Virtual Organization Membership Service (VOMS) servesas a central repository for user authorization information,providing support for sorting users into a general grouphierarchy, keeping track of their roles, etc.VOMS Core is the server that receives requests from aVOMS client and returns information about the user.We worked with VOMS Core 2.0.2.VOMS Core assessment usingFPVA
    • www.egi.euEGI-InSPIRE RI-261323VOMS Server HostDBVOMS Admin(Tomcat)VOMSdaemonUser HostWebBrowserVOMSClientVOMS AdminClientHTTPSSOAP over SSLAncillaryUtilitiesGSI ConnectionOS privilegesuser daemon rootDB privilegesVO_ServerCommand LineCommand LineWebCommand LineStep 1: VOMS 2.0.2 ArchitectureAnalysis
    • www.egi.euEGI-InSPIRE RI-261323Step 1: VOMS Client-ServerInteraction
    • www.egi.euEGI-InSPIRE RI-261323Step 2: VOMS Core 2.0.2 ResourceAnalysis
    • www.egi.euEGI-InSPIRE RI-261323Step 2: VOMS Core 2.0.2 ResourceAnalysis
    • www.egi.euEGI-InSPIRE RI-261323Step 3: VOMS Core 2.0.2 PrivilegeAnalysis
    • www.egi.euEGI-InSPIRE RI-261323• Resource permissions:• Evaluated the permissions of files that have ahigh security value (certificate private keys,database and configuration files).• The permissions of these files appeared to becorrect.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323• User privileges:• Client side:• No privilege problems in the client commands.• Server side:• The voms daemon runs with root operating system privileges.• Evaluated the source code looking for flaws that maycompromise the server.• No privilege problems were found.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323• Dangerous functions:• Evaluated the use of functions that commonlyresult in security problems, such as system orexec family functions.• No vulnerabilities related to dangerousfunctions were found.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323• Authentication Issues:• Mutual authentication is performed betweenthe client and server.• VOMS design makes the system quite strong,and reduces many possible threats.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323• Network Layer Security:• VOMS server creates a secure communicationchannel via Globus GSI with the VOMSClients.• The use of a encrypted channel providesstrong end-to-end data encryption andintegrity.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323• Injection Attacks:• Evaluated the source code to ensure VOMScorrectly parses and checks the argumentspassed through the command line.• Appropriate parsing is performed to protectagainst command injection vulnerabilities.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323• Buffer overflows:• VOMS Core is written in C/C++ → Checked forpotential buffer overflow problems.• No dangerous behavior was detected.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323• Denial of Service Attacks:• A DoS vulnerability was discovered andreported to the VOMS developers.• This vulnerability is caused by lack of limits onthe number of simultaneous connections.• Full details about this were reported in thevulnerability report VOMS-CORE-2011-0001.Step 4: VOMS Core 2.0.2Component Analysis
    • www.egi.euEGI-InSPIRE RI-261323ConclusionsConclusionsNo serious security problems in VOMS Core 2.0.2was found:• The attack surface in VOMS Core is very small.• VOMS Core correctly parses and checks the arguments sent from theclient.• The VOMS server uses a forking server model to handle all requests fromVOMS clients.• The recommended operational configuration of a VOMS server node is ahighly secured host with limited local user access and other services.• All communication between the VOMS server and VOMS clients is secure.• A DoS vulnerability was found.
    • www.egi.euEGI-InSPIRE RI-261323¿Questions?Thank you!!!