Importance of secure coding in operating systems

Importance of secure coding in operating systems

Bringing in more security, demands for more complexity, whatever the scenario may be. To secure your house, you put multiple locks and fix a camera in the premises. To secure your cell phone, you put a screen lock, fingerprint scanning and multiple levels of authentication. To secure your documents on your computer, you encrypt them. Even for operating systems, this holds true.

In an operating system, there’s a huge volume of code, which is written by the developers, compiled and tested multiple times, checking for its effectiveness and performance. Though there’s a lengthy testing process being carried out before the OS launch (even using the static and dynamic testing tools), there could be some bugs(vulnerabilities) which could not be caught by the tool/the tester. These bugs are not errors as such and would not raise an exception at runtime, but they have a potential to get exploited, and open a backdoor in the system.

The operating system is guaranteed to start at boot and since it has administrator privileges, an attacker who pushes a malicious code is guaranteed access into the system. Assuming that most users are aware of the application level flaws, this article is written more from an OS kernel perspective. But the secure coding practices to be followed, are applicable to the applications on the OS as well.

As the famous saying goes, security is as strong as its weakest link. This weakest link could be because of a bad coding practice of the programmer or an irrelevant line of code, which could have resulted in the successful exploit. Let me give you a scenario for a better understanding.

A developer needs to copy the contents of a string to another. An in-built library function used for the same is strcpy(). The syntax of strcpy() goes like this:

                           strcpy(string1,string2)

which copies the contents of string2 into string1.

Case 1: Suppose string1 and string2 are character arrays of length 10. Contents of string2 would be copied to string1, as expected.

Case 2: Suppose string1 and string2 are character arrays of length 10 and 6 respectively. Contents of string2 would be copied to string1, as expected.

Case 3: The real exploit ! Here comes the twist. Suppose string1 and string2 are character arrays of length 6 and 10 respectively. Ever wondered what would happen?

The system would try to accommodate 10 characters of string2 into string1, which string1 can’t afford to. This results in a condition called buffer overflow. As we all know, every data variable is stored in a respective section in memory. In an attempt to write 10 characters in place of 6, the remaining 4 characters which string1 could not accommodate, overwrites the next 4 bytes of the memory address space, and the return address pointer will get overwritten. This could reveal memory address space details on the user terminal, which is a security flaw and could be used to pose another exploit!

Blunt code always lures attackers. This is a very basic example of how dangerous a small vulnerability could be. The developer should have looked for the length of both the strings and then given a copy command. The safest way to do this is to use an strncpy() function, which checks for the length of the strings to be copied, as well.

There is another attack named as Return Oriented Programming (ROP), wherein the clever attacker would enter his shellcode (malicious code crafted by him to pose an exploit) in the memory section called the buffer. After the buffer lies the region to store return addresses. The attacker carries out a buffer overflow exploit successfully which washes out the return address and the attacker makes the return address point to his shellcode in the buffer so that it gets executed. The results of this attack could be disastrous! The attack could go on and on, in a chained never ending manner.

The bottom-line of this article would be to adopt the secure coding practices always. It is always safe to stay updated by applying the patches regularly, because these patches are fixes for the OS’s vulnerabilities which are either found by the developers or reported to them and which were taken care of.

So, as developers and end users, let’s practice the art of secure coding, let’s stay updated on the latest bugs and fixes, and let’s be aware of why secure coding and other security methods are important.

Authored by Priyanka Shetti

TCS Enterprise Security and Risk Management

Rate this article: 
5
Average: 5 (2 votes)
Article category: