Automotive controls

How do you manage resource management errors and improper access controls?

on Nov 16, 15 • by Jeff Hildreth • with No Comments

These vulnerabilities are #5 & 6 of the top automotive security flaws of 2015. Covering close to 14% of the vulnerabilities studied, learn how to address these issues today ...

Home » Software Security » How do you manage resource management errors and improper access controls?

Continuing down our path of exploring the top ten automotive cybersecurity vulnerabilities of 2015, let’s examine two more vulnerabilities: resource management errors and improper access control.

#6 Resource management errors – (32:35 in the webinar)

These vulnerabilities can be a number of things. As an umbrella statement it’s easy to say that these happen anytime you aren’t handling resources properly. A few examples we provided are:

• Improper management of system resources
• Uncontrolled resource consumption
• Transmission of private resources into new sphere
• Improper resource release or shutdown
• Asymmetric resource consumption
• Resource locking
• Double-free, use after free
• Insufficient resource pool
• Free of non-heap memory
• Resource locking

Though these problems are much more common in languages like C and C++, it’s always important to keep them in mind. People coding in Python and Java often think they are immune to resource management errors, but that simply isn’t true. It’s very easy to get to a place where you exhaust on memory in these languages without realizing that it’s happening.

Example of resource management errors (33:56)

Privoxy example failThe example we chose for resource management errors is privoxy (web proxy). This particular vulnerability was found almost a year ago now, and was allowing remote attackers to cause a denial of service via unspecified vectors.

At 34 minutes and 20 seconds we take a look at this failure in a code snippet. As you can see there is a block of a piece of a function that is interpreting regular expressions. The problem with the code is that the ‘l’ in the first block may overflow the number of replacements that are allocated, and the error would end up setting the return code to an error and we’d start to gather errors that would never be freed.

Fix this privoxy (35:22)

Privoxy example fixLuckily this fix is fairly straightforward. First, don’t overflow you’re function. And be sure to free up any errors right away with command lines so that you don’t gather unnecessary errors in the program.

There are a lot of different ways to remediate resource management errors throughout the code development process. Static analysis, for example, will detect a lot of things that may be making it difficult for you to free any errors. Of course, manual analysis can also help by actively examining all the resources that you use. But keep in mind that this is time consuming and painful, so it’s best to use a tool.

And don’t forget about design elements. Consider adding C++ wrappers that prevent misused or dangling resources, and examine assumptions on resource limits and balances, and make corrections by simply constructing better code.

#5 Improper access control – (38:18)

This vulnerability is responsible for seven percent of vulnerabilities, making vulnerabilities 10-5 responsible for about 25 percent of all vulnerabilities.

This vulnerability is when software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. This includes things like:

• Improper privilege management
• Improper ownership management
• Improper authorization
• Incorrect user management
• Improper authentication
• Origin validation error
• Improper restriction of communication channel to intended endpoints

The last bullet point on the list is something we all likely remember because it was a part of the Miller/Valasek hack earlier this year. In that particular case the issues was that the D-Bus service was left open on the cellular data connection. Leaving the D-Bus service open from a cellular channel was a major oversite that would have been caught with a proper security plan in place.

Stunnel example failExample of improper access control (40:02)

We decided to look at stunnel (TLS proxy) as our example of improper access control. In this case, this is software you could be using to establish a VPN connection so you can have a secure connection to the backend. In this particular vulnerability, using a redirect option won’t actually redirect client connections to the expected server after the initial connection. This will allow for remote attackers to bypass authentication.

How can you ensure you have proper access control?

Stunnel example fixAt 40 minutes and 31 seconds we see an example of a stunnel failure. As you’ll see in this example the SSL function is calling a reused session but we’re failing to double-check this session to make sure it is secure. When we examine the fix (40:54) you can see why it’s important to test each session. If a session is accurate then we bail out of the command and don’t let an unwanted attacker into our secure connection. By adding this fix we’re able to verify that everyone logging into the system is in fact allowed to be there. This is a very good example of how we never want to be using short cuts in any of our code.

All improper access control problems can be handled by carefully controlling settings, management, and handling privileges, as well as using the principle of least privilege to decide when to drop system privileges. It’s also important to compartmentalize your system with safe areas that have unambiguous trust boundaries, to not allow sensitive data to leave trust boundaries, and to exercise caution when interfacing outside of trust boundaries. You may not always be able to stop the problem completely, but you can certainly make it extremely challenging for hackers to try and hop around within your system.

Conclusion

Come back in a few weeks for a summary on two more top vulnerabilities. And be sure to leave comments on this blog if you’d like to discuss resource management errors and improper access control.

Curious about other trends we’ve seen in 2015? Join us November 19th for a webinar on the top five OSS trends of 2015.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top