Advertisement

Exploiting Trust in Deterministic Builds

  • Christopher JämthagenEmail author
  • Patrik LantzEmail author
  • Martin Hell
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9922)

Abstract

Deterministic builds, where the compile and build processes are reproducible, can be used to achieve increased trust in distributed binaries. As the trust can be distributed across a set of builders, where all provide their own signature of a byte-to-byte identical binary, all have to cooperate in order to introduce unwanted code in the binary. On the other hand, if an attacker manages to incorporate malicious code in the source, and make this remain undetected during code reviews, the deterministic build provides additional opportunities to introduce e.g., a backdoor. The impact of such a successful attack would be serious since the actual trust model is exploited. In this paper, the problem of crafting such hidden code that is difficult to detect, both during code reviews of the source code as well as static analysis of the binary executable is addressed. It is shown that the displacement and immediate fields of an instruction can be used the embed hidden code directly from the C programming language.

Keywords

Backdoor Overlapping code Deterministic builds Malware 

References

  1. 1.
    Edge, J.: A backdoor in UnrealIRCd (2010). https://lwn.net/Articles/392201/
  2. 2.
    Posted by corbet. An attempt to backdoor the kernel (2003). https://lwn.net/Articles/57135/
  3. 3.
  4. 4.
    SecurityFocus.com. ProFTPD Backdoor Unauthorized Access Vulnerability (2010). http://www.securityfocus.com/bid/45150
  5. 5.
    welivesecurity.com. Linux/SSHDoor.A Backdoored SSH daemon that steals passwords (2013). http://www.welivesecurity.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords/
  6. 6.
    Coverity: Software Testing and Static Analysis Tools. http://www.coverity.com/
  7. 7.
  8. 8.
  9. 9.
    Howard, M.A.: A process for performing security code reviews. IEEE Secur. Priv. 4(4), 74–79 (2006)CrossRefGoogle Scholar
  10. 10.
    Asundi, J., Jayant, R.: Patch review processes in open source software development communities: a comparative case study. In: Proceedings of the 40th Annual Hawaii International Conference on System Sciences, HICSS 2007, p. 166c. IEEE Computer Society, Washington, DC (2007)Google Scholar
  11. 11.
    Rigby, P.C., Storey, M.-A.: Understanding broadcast based peer review on open source software projects. In: Proceedings of the 33rd International Conference on Software Engineering, ICSE 2011, pp. 541–550. ACM, New York (2011)Google Scholar
  12. 12.
    Bosu, A., Carver, J.C.: Impact of developer reputation on code review outcomes in OSS projects: an empirical investigation. In: Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM 2014, pp. 33:1–33:10. ACM, New York (2014)Google Scholar
  13. 13.
    Bosu, A., Carver, J.C.: Peer code review to prevent security vulnerabilities: an empirical evaluation. In: 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), pp. 229–230, June 2013Google Scholar
  14. 14.
    Wang, Z., Ming, J., Jia, C., Gao, D.: Linear obfuscation to combat symbolic execution. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 210–226. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS) (2008)Google Scholar
  16. 16.
    Schuster, F., Holz, T.: Towards reducing the attack surface of software backdoors. In: Proceedings of the ACM SIGSAC Conference on Computer Communications Security, CCS 2013, pp. 851–862. ACM, New York (2013)Google Scholar
  17. 17.
    Andriesse, D., Bos, H.: Instruction-level steganography for covert trigger-based malware. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 41–50. Springer, Heidelberg (2014)Google Scholar
  18. 18.
  19. 19.
    Debian: Reproducible builds. https://wiki.debian.org/ReproducibleBuilds
  20. 20.
  21. 21.
  22. 22.
  23. 23.
    Lagarias, J.C., Rains, E., Vanderbei, R.J.: The Kruskal Count (2001). http://arxiv.org/abs/math/0110143
  24. 24.
    Jamthagen, C., Lantz, P., Hell, M.: A new instruction overlapping technique for anti-disassembly and obfuscation of x86 binaries. In: 2013 Workshop on Anti-malware Testing Research (WATeR), pp. 1–9, October 2013Google Scholar
  25. 25.
    Hiding code in deterministically built binaries - Proof-of-Concept - Linux/x86. https://github.com/cjamthagen/backdoor_deterministic_code
  26. 26.
  27. 27.
    Wang, T., Lu, K., Lu, L., Chung, S., Lee, W.: Jekyll on iOS: when benign apps become evil. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 559–572. USENIX Association, Berkeley (2013)Google Scholar
  28. 28.
    Jamthagen, C., Karlsson, L., Stankovski, P., Hell, M.: eavesROP: listening for ROP Payloads in data streams. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 413–424. Springer International Publishing, Heidelberg (2014)Google Scholar
  29. 29.
    Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 552–561. ACM, New York (2007)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of Electrical and Information TechnologyLund UniversityLundSweden
  2. 2.Ericsson ResearchLundSweden

Personalised recommendations