mirror of https://github.com/CIRCL/PyCIRCLean
131 lines
4.6 KiB
TeX
131 lines
4.6 KiB
TeX
% DO NOT COMPILE THIS FILE DIRECTLY!
|
|
% This is included by the other .tex files.
|
|
|
|
\begin{frame}[t,plain]
|
|
\titlepage
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Overview}
|
|
\begin{itemize}
|
|
\item Aims to be used in dedicated security applications to sanitize documents from hostile to trusted environments.
|
|
\item Generic way to handle large collections of files
|
|
\item Generate audit logs
|
|
\item Comes with many helpers
|
|
\item Defensive programming
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Implementation}
|
|
\begin{itemize}
|
|
\item Copies files from a directory (source) to an other one (destination)
|
|
\item Computes hashes (sha256) of all the files in the source
|
|
\item Creates a directory tree on the destination directory
|
|
\item Gets the mime type of each file
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Logging and reporting}
|
|
\begin{itemize}
|
|
\item Every processing is logged
|
|
\item Medatata (filetype, size, name, extension, ...) are kept
|
|
\item Any error occurring during the processing is stored
|
|
\item WiP: generating a human readable report (Markdown, HTML)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Action of the main script}
|
|
\begin{itemize}
|
|
\item Discard known extensions with active content
|
|
\item Verifies if the extension corresponds to the mimetype (polyglot files)
|
|
\item Force extension on supposedly text files
|
|
\item Discards windows executables
|
|
\item Discard Office (Libreoffice and Windows Office) document with active content
|
|
\item Discard PDFs with active content
|
|
\item Unpack archives and process content
|
|
\item Extract metadata from images
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Plus / Minus}
|
|
\begin{itemize}
|
|
\item Plus
|
|
\begin{itemize}
|
|
\item (almost) Pure python
|
|
\item Reliable
|
|
\item Fast
|
|
\end{itemize}
|
|
\item Minus
|
|
\begin{itemize}
|
|
\item Does not block a 0 day in a non-active content
|
|
\item Medium level of false positive (non-malicious active content)
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Implement your own module - FileBase}
|
|
\begin{itemize}
|
|
\item The default constructors gets the mime type of the file and initialize the log of the file
|
|
\item Surcharge the constructor accordingly to your needs
|
|
\item Has helpers to get and set information on the file being processed
|
|
\item Can force the extension of the file when copied
|
|
\item All those functions have to be used in order to handle the files accordingly to your requirements
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Implement your own module - KittenGroomerBase}
|
|
\begin{itemize}
|
|
\item The default constructor cleans the destination directory
|
|
\item Starts the general logging
|
|
\item Iterate through all the files on the src key
|
|
\item Has helpers to handle safely the file management
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Implement your own module - GroomerLogger}
|
|
\begin{itemize}
|
|
\item The default constructor initialize the log files
|
|
\item Creates a tree representation of the content, computes the hashes
|
|
\item Stores the logs for each processed file
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Hardware implementation - RaspberryPi}
|
|
\begin{itemize}
|
|
\item Standalone device
|
|
\item Easy to carry around
|
|
\item Not used for anything else
|
|
\item Cheap and easy to setup
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Security considerations}
|
|
\begin{itemize}
|
|
\item Assuming the content might be malicious
|
|
\item Parsing is very vulnerable to exploits
|
|
\item Unpacking archives and recursion need to stop (halting problem)
|
|
\item KISS, default features and ease to update
|
|
\item Distrust everything (your code, and other people's code)
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Defensive programing - Questions}
|
|
\begin{itemize}
|
|
\item How can an attacker interact with the code? With the device?
|
|
\item What are the most critical part of the project?
|
|
\item How to handle unexpected behavior?
|
|
\item What happen if there is an unpatched vulnerability?
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}[fragile]{Defensive programming - Remediations}
|
|
\begin{itemize}
|
|
\item Bare Debian for Raspberry
|
|
\item Few dependencies
|
|
\item Image read only
|
|
\item Code runs as user
|
|
\item Small code base
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
|