1 April 2014, All Rights Reserved. @CodenomiconLTD
. Heartbleed
How Heartbleed Was Discovered
What We All Need To Know
Codenomicon Ltd.
May 2, 2014
2 April 2014, All Rights Reserved. @CodenomiconLTD
. Codenomicon
• Company is a spinoff (2001) from PROTOS research project focused
on intelligent and systematic fuzzing techniques.
• Backed with 18 years of research in this field, the OUSPG team at the
University of Oulu started in 1996
• Codenomicon has grown into the largest commercial vendor
of fuzz testing tools globally.
• Still heavily involved in research and development
. New industry segments: automotive, medical, ICS,
and Electric Sector (SmartGrid)
. New testing techniques/analysis: e.g. Safeguard and AppCheck
3 April 2014, All Rights Reserved. @CodenomiconLTD
. Defensics and Safeguard
• Our Defensics fuzzing tools cover over 260 protocols and
file formats
• Safeguard is a feature we are developing as an extension
to test robustness testing and fuzzing, and will be deployed
to a number of protocol test suites
• Safeguard consists of extensive analysis of system behavior under
fuzztesting to detect weaknesses such as memory dumps and
amplification problems
• It was during testing of Safeguard functionality that we discovered the
Heartbleed flaw
4 April 2014, All Rights Reserved. @CodenomiconLTD
. This is Not Our First Big Discovery
• Among hundreds of cases, several have been multivendor cases
applying to wide range of services/devices:
. Numerous flaws in MIME in 1998
. Numerous flaws in ASN.1/SNMP in 2001/2002
. Apache IPv6URI flaw in 2004
. Numerous flaws in image formats in 2005
. Numerous flaws in XML libraries in 2009
. Several flaws in Linux Kernel IPv4 and SCTP in 2010
. RSA signature verification vulnerability in strongSwan in 2012
5
. Several OpenSSL and GnuTLS vulnerabilities in 2004,
April 2014, All Rights Reserved. @CodenomiconLTD
Xin lỗi bạn không thể down load tài liệu này. Bạn có thể xem tài liệu trực tuyến trên website hoặc liên hệ thư viện trường để được hướng dẫn. Cảm ơn bạn đã sử dụng dịch vụ của chúng tôi.
Bạn vui lòng tham khảo thỏa thuận sử dụng của thư viện số.