Finding Backdoors In Code presented at BruCON 2010

by Matias Madou (Ghent University),

Tags: Security Exploitation Network Penetration

Summary : Insiders who write code, whether they are developers working for an enterprise or contributors to an open source project, have an almost unlimited number of ways to put chinks in the armor of their software. Many times, these holes are put in place for seemingly good reasons—to facilitate easy debugging, make working from home easier, or as a failsafe in case other mechanisms for interfacing with the system fail. Worse still, malicious insiders can plant logic bombs or insert backdoors so that they can embezzle funds, steal private information, or exact revenge if they become disgruntled.

Whether unintentional or malicious, code that performs questionable behavior or permits unauthorized access can be introduced with relative ease and can persist in a code base almost indefinitely without being discovered. Until it's too late. In this talk, we discuss techniques for applying static analysis to program source code to assist auditors hunting for backdoors, logic bombs, and other threats introduced by insiders. We give detailed examples of insider threats that have been uncovered in real software systems, outline possible motives for malicious insiders, and discuss how external stimuli like layoffs are increasing the attention paid to insider threats. We conclude the talk with results of applying the detection techniques discussed in this talk to real-world software.

Matias Madou: Matias Madou is principal security researcher at Fortify's Security Research Group, which is responsible for building security knowledge into Fortify's products. His work focuses on developing new techniques to detect vulnerabilities. Matias holds a Ph.D. in computer engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application. During his Ph.D., he collaborated with top research and industry players in the field of program obfuscation.