mirror of https://github.com/CIRCL/PyCIRCLean
				
				
				
			
		
			
				
	
	
		
			131 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			TeX
		
	
	
			
		
		
	
	
			131 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			TeX
		
	
	
| % DO NOT COMPILE THIS FILE DIRECTLY!
 | |
| % This is included by the other .tex files.
 | |
| 
 | |
| \begin{frame}[t,plain]
 | |
|     \titlepage
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Overview}
 | |
|     \begin{itemize}
 | |
|         \item Aims to be used in dedicated security applications to sanitize documents from hostile to trusted environments.
 | |
|         \item Generic way to handle large collections of files
 | |
|         \item Generate audit logs
 | |
|         \item Comes with many helpers
 | |
|         \item Defensive programming
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Implementation}
 | |
|     \begin{itemize}
 | |
|         \item Copies files from a directory (source) to an other one (destination)
 | |
|         \item Computes hashes (sha256) of all the files in the source
 | |
|         \item Creates a directory tree on the destination directory
 | |
|         \item Gets the mime type of each file
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Logging and reporting}
 | |
|     \begin{itemize}
 | |
|         \item Every processing is logged
 | |
|         \item Medatata (filetype, size, name, extension, ...) are kept
 | |
|         \item Any error occurring during the processing is stored
 | |
|         \item WiP: generating a human readable report (Markdown, HTML)
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Action of the main script}
 | |
|     \begin{itemize}
 | |
|         \item Discard known extensions with active content
 | |
|         \item Verifies if the extension corresponds to the mimetype (polyglot files)
 | |
|         \item Force extension on supposedly text files
 | |
|         \item Discards windows executables
 | |
|         \item Discard Office (Libreoffice and Windows Office) document with active content
 | |
|         \item Discard PDFs with active content
 | |
|         \item Unpack archives and process content
 | |
|         \item Extract metadata from images
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Plus / Minus}
 | |
|     \begin{itemize}
 | |
|         \item Plus
 | |
|         \begin{itemize}
 | |
|             \item (almost) Pure python
 | |
|             \item Reliable
 | |
|             \item Fast
 | |
|         \end{itemize}
 | |
|         \item Minus
 | |
|         \begin{itemize}
 | |
|             \item Does not block a 0 day in a non-active content
 | |
|             \item Medium level of false positive (non-malicious active content)
 | |
|         \end{itemize}
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Implement your own module - FileBase}
 | |
|     \begin{itemize}
 | |
|         \item The default constructors gets the mime type of the file and initialize the log of the file
 | |
|         \item Surcharge the constructor accordingly to your needs
 | |
|         \item Has helpers to get and set information on the file being processed
 | |
|         \item Can force the extension of the file when copied
 | |
|         \item All those functions have to be used in order to handle the files accordingly to your requirements
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Implement your own module - KittenGroomerBase}
 | |
|     \begin{itemize}
 | |
|         \item The default constructor cleans the destination directory
 | |
|         \item Starts the general logging
 | |
|         \item Iterate through all the files on the src key
 | |
|         \item Has helpers to handle safely the file management
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Implement your own module - GroomerLogger}
 | |
|     \begin{itemize}
 | |
|         \item The default constructor initialize the log files
 | |
|         \item Creates a tree representation of the content, computes the hashes
 | |
|         \item Stores the logs for each processed file
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Hardware implementation - RaspberryPi}
 | |
|     \begin{itemize}
 | |
|         \item Standalone device
 | |
|         \item Easy to carry around
 | |
|         \item Not used for anything else
 | |
|         \item Cheap and easy to setup
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Security considerations}
 | |
|     \begin{itemize}
 | |
|         \item Assuming the content might be malicious
 | |
|         \item Parsing is very vulnerable to exploits
 | |
|         \item Unpacking archives and recursion need to stop (halting problem)
 | |
|         \item KISS, default features and ease to update
 | |
|         \item Distrust everything (your code, and other people's code)
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Defensive programing - Questions}
 | |
|     \begin{itemize}
 | |
|         \item How can an attacker interact with the code? With the device?
 | |
|         \item What are the most critical part of the project?
 | |
|         \item How to handle unexpected behavior?
 | |
|         \item What happen if there is an unpatched vulnerability?
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| \begin{frame}[fragile]{Defensive programming - Remediations}
 | |
|     \begin{itemize}
 | |
|         \item Bare Debian for Raspberry
 | |
|         \item Few dependencies
 | |
|         \item Image read only
 | |
|         \item Code runs as user
 | |
|         \item Small code base
 | |
|    \end{itemize}
 | |
| \end{frame}
 | |
| 
 | |
| 
 |