Author Topic: Enhanced Security: Add HEASLR and CFG  (Read 3791 times)

Offline cj6415

  • New
  • *
  • Posts: 3
Enhanced Security: Add HEASLR and CFG
« on: November 27, 2015, 08:01:20 AM »
Hello,

I hope you are well today.

I would like to request the addition of High Entropy ASLR (ASLR) and Control Flow Guard (CFG) to future versions of Process Lasso.

=================
HEASLR is discussed in more detail in these links:

http://blogs.technet.com/b/srd/archive/2013/12/11/software-defense-mitigating-common-exploitation-techniques.aspx

http://blogs.msdn.com/b/ie/archive/2012/03/12/enhanced-memory-protections-in-ie10.aspx

CFG is discussed here:
http://blogs.msdn.com/b/vcblog/archive/2014/12/08/visual-studio-2015-preview-work-in-progress-security-feature.aspx
=================

I recall that versions of Lasso within the last year had HEASLR but the current version (8.9.0.0 and recent versions) don’t.

I’m requesting these features since Lasso runs with administrative rights and controls the general responsiveness of a computer. If an attacker could somehow exploit a security vulnerability within it, they could potentially obtain administrative access to the computer and affect it’s responsiveness in any way they choose.

I’m aware that CFG can be bypassed (as linked to below) but adding it would still make it more difficult for any attacker to compromise this excellent program.

https://blog.coresecurity.com/2015/03/25/exploiting-cve-2015-0311-part-ii-bypassing-control-flow-guard-on-windows-8-1-update-3/

I realize that these features requests may require you to upgrade to Visual Studio 2015 (I know that you are now using Visual Studio 2012 Update 5) so I'm not sure how viable these feature requests are.

Thank you very much for your time. Have a great day. :)



Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5261
  • Gender: Male
  • The Lasso
    • Bitsum
Re: Enhanced Security: Add HEASLR and CFG
« Reply #1 on: November 27, 2015, 06:02:45 PM »
Funny you posted this. Our MSDN OS + Visual Studio 2015 Professional subscription was renewed just the other day. I am writing all new code using VS2015 as the dev platform (sometimes build tools are from a prior VC version, depending on project compatibility needs).

I will audit and amend all binary security measures. As I have news, I'll post it here.

Thanks!
« Last Edit: December 12, 2015, 04:25:23 PM by Jeremy Collake »
Software Engineer. Bitsum LLC.

Offline cj6415

  • New
  • *
  • Posts: 3
Re: Enhanced Security: Add HEASLR and CFG
« Reply #2 on: November 28, 2015, 02:42:53 PM »
Hello Jeremy,

Many thanks for your response. I really appreciate you taking the time to respond and for so positively taking on-board these suggestions.

By the way, I realize that High Entropy ASLR (ASLR) only applies to 64 bit executables and not 32 bit; I omitted to mention this in my original post.

I very much look forward to any further news that you can provide. Thanks again for creating Process Lasso! :)

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5261
  • Gender: Male
  • The Lasso
    • Bitsum
Re: Enhanced Security: Add HEASLR and CFG
« Reply #3 on: December 12, 2015, 04:41:39 PM »
We have begun a binary security audit. We'll make sure:

1. ASLR is enabled for ALL modules Bitsum publishes (should be already, but that's what an audit is for)
2. HEASLR is enabled for all 64-bit binaries ASAP (may have to wait for migration of legacy code to VS2015)
3. CFG is enabled ASAP.

As a side note, we're also dual-signing all future binaries with SHA1 and SHA2 signatures.

While I like to think that it's unlikely a security breach is ever found within any Bitsum component, due to my careful bounds checking and such, with years old legacy code there is always some inherent risk, so we are taking this matter very seriously.

Thank you for bringing it up! I'll update everyone with the results of our audit, and any changes we make, as we proceed.
Software Engineer. Bitsum LLC.

Offline cj6415

  • New
  • *
  • Posts: 3
Re: Enhanced Security: Add HEASLR and CFG
« Reply #4 on: December 13, 2015, 04:05:05 PM »
Hello Jeremy,

This is amazing. Thank you very much for all of your efforts :) I noticed the dual signing of binaries in the new 8.9.1.4 version of Process Lasso.

You have gone far beyond what I requested but it's to the benefit of all of your customers. I really appreciate this and I look forward to any other news that you have in the future.

Thanks again. 8)