Last week I attended Blackhat USA as part of a trip to Las Vegas to participate in DEFCON CTF finals with the 0daysober team. Here is a summary of the talks I was able to attend.
“Why security data science matter and how it’s different: pitfalls and promises of data science based breach detection and threat intelligence”
Having followed this field during the past year, I was quite interested in the content of this presentation. The speaker reminded us of the core principles on which data science is based: data acquisition and storage, machine learning and visualization. I unfortunately did not attend the second session which focused more on real examples.
The presenter showed examples of data analysis mostly performed using python scikit-learn, which is one of the reference libraries in the domain and explains a high level view of concepts of clustering, classification, and regression models.
The first session concluded with a good explanation of why data science is different in the information security world. One of the biggest problems is that there is not a fixed set of attacks and attackers are trying to evade detection. As such the problem is less simple than a recommendation engine for books, for example. The second problem is the false positive rate, there are too many and the added value of ML is lost, too low and some attacks can be missed.
He also presented one of their projects at Invincea which consisted of crawling StackOverflow questions on how to implement features in order to build a knowledge database of functions. As such they are able to map functions called by potentially malicious application against this DB and infer actions performed by this application.
On this subject I recommend reading the research papers on covert.io.
“These are not your grand daddy’s CPU performance counters”
In this talk the speakers explained how performance counters can be used in order to detect exploitation techniques like ROP or attacks such as RowHammer. The idea to detect ROP based exploits has been covered by academic papers and was also presented in a patent written by Georg Wicherski.
The first part explained how to set the performance counters and read their values. The implementation done by the speakers uses various optimisations such as a limitation of the scope in which the counters are enabled.
In order to detect ROP-based exploits the number of RET_MISS is checked as the branch prediction performed by the CPU will fail multiple times due to the nature of this exploitation technique. RowHammer is detected using the LLC_MISS (cache misses) count during a short period of time as it will also be much higher than during standard operations.
Although quite interesting I doubt that this technique will make it in vastly deployed protection solutions but probably more in exploit analysis sandboxes. The overhead might be too big for a usage on workstations and reducing the scope might make it as vulnerable as coarse grained implementation of ROP detection techniques, such as the one implemented in Microsoft EMET (which is still a highly recommended protection to protect against of-the-shelf exploits).
“Remote exploitation of an unaltered passenger vehicle”
This talk might have been the most publicized one with the story in Wired and other media. The full paper details the research of this exploitation, which can be summarized in the following steps:
- D-BUS service with unauthenticated access listening on all the network interfaces of the mediacenter (OMAP)
- The mobile network operator used by the car to communicate over LTE did not prevent communication between devices
- Multiple code injection vulnerabilities were found in the methods published by D-BUS, as well as a more explicit one: execute :)
- From this point they were able to execute commands on the OMAP or modify its configuration (sound volume, radio station, …) but not access the CANBUS since the OMAP is not on this network
- Luckily the OMAP is connected through SPI to a v850 chip that is on the CANBUS
- The v850 allows unsigned firmware to be pushed over the OMAP, or can be exploited by several memory corruption vulnerabilities
- They crafted an exploit to flash the v850 while keeping access the OMAP in order to remotely generate CANBUS messages
From my point of view the scariest point is that the root causes of this attack is unauthenticated access, misconfigured service (should the D-BUS really listen to all interfaces?) and bad secure coding practices. This shouldn’t really exist in 2015 but gives a hint of the security awareness level in this industry.
“Battle of the SKM and IUM: how Windows 10 rewrites OS architecture”
For years Microsoft had to deal with the common security problem of having the credentials manager running at the same level than other services with SYSTEM privileges and not being able to protect its memory other than encrypting parts of it with more or less success. With Windows 10 a new concept based on Virtual Secure Machines was introduced.
Upon booting, a small-footprint hypervisor is runs and it is this component that will then start two virtual machines: the Secure Kernel Mode running at Virtual Trust Level 0 and the standard NT kernel. Userland also has an equivalent with the Isolated User Mode which runs at VTL-1. This secure model is enforced by Intel VTd (virtualisation technology present in CPU since around 2007 and used by most virtualisation solutions nowadays) and the IOMMU and prevent the NT kernel from accessing the SKM as well as secured applications running in the IUM as VTLs are more privileged than the core OS itself.
This new paradigm is now used by features such as DeviceGuard, vTPM, Guarded Fabric and Credential Guard. The last one provides protection for lsass by running it in a Trustlet in VTL-0. Access to Trustlets from userland is provided by specific libraries accessing a gateway in VTL-1.
The presentation detailed all the aspects of this architecture as well as the potentials attacks. Although really interesting (and probably my favorite talk), the subject was hard to follow in a 45 minute presentation. The slides however contain all the detailed explanations but have not been released yet.
“Return to where? You can’t exploit what you can’t find”
This presentation starts from the fact that most current vulnerabilities require a ROP-based exploit due to the prevalence of NX in today’s binaries. This exploit technique requires the knowledge of gadget offsets which are prevented by ASLR. A memory leak is as such required in order to circumvent ASLR. Instead of focusing on preventing memory leak vulnerabilities, the speaker proposed an approach where it is impossible to return meaningful data (most of the time you try to leak parts of the executable code to match its offset in the process, or a code pointer stored in the stack or the heap).
In order to do so they propose two modifications:
- set executable code memory page rights to execute-only
- replace code pointers in the stack/heap by call trampolines located in executable code
The first point requires the implementation of a small hypervisor in order to modify memory rights in the Extended Page Table. Future processors from Intel will support a feature called Protection Keys which allows one to set memory pages as execute-only without needing EPT. The call trampolines, on their side, required the development of a LLVM module to modify the process behaviour at compile time.
I think that the second part could be performed without the source code of the application by using a semantic representation in LLVM code through tools such as MCSema or BAP, as demonstrated by TrailofBits team during the Darpa Cyber Grand Challenge. This technique could however introduce some errors in translated binaries so real world implementation could become tricky.
As for the ROP detection technique using CPU performance counters, I think that the overhead is still too big to be implemented for a day-to-day usage but the idea is however worth following :)
Conclusion
This was a small subset of the talks I was able to attend. I discovered that at Blackhat it is quite difficult to see all the talks you want to due to the high number of parallels tracks (9), the others parts of the conference (vendors area, arsenal) and also taking time to talk with people and friends.
All slides can be found online on the conference website.
Kudelski Security Research 