Software, Security, and the Public Good

Transcript

1. Software, Security, and
   The Public Good
   Samantha Quiñones
   php[tek] 2017
   

   View Slide

2. View Slide

3. View Slide

4. We are a community of
   Qualified Engineers
   

   View Slide

5. Time for...
   Audience participation
   

   View Slide

6. Therac-25
   

   View Slide

7. Therac-25: What Went Wrong?
   The software contained an integer overflow bug (CWE-190)
   When an operator provided input during an overflow condition, the interlock failed
   This failure could allow the 25 MeV beam to activate without the target and collimator
   Patients received 100x the intended dose of radiation
   Patients suffered severe radiation burns and poisoning
   Three patients died
   

   View Slide

8. Therac-25: What Could Have Helped?
   Code review
   Review of code reused from earlier models to test assumptions
   Unit testing
   Integration testing
   Hardware interlocks
   

   View Slide

9. Mars Climate Orbiter
   

   View Slide

10. Mars Climate Orbiter: What Went Wrong?
    Launched 11 December 1998
    On 15 September 1999, an orbital insertion maneuver was performed
    Navigators had reported discrepancies between the reported and measured position
    Approach would bring the probe to 150-170km altitude, possibly lower, than expected 226km
    On 23 September 1999, the probe occulted Mars and lost radio contact. Contact was never
    reestablished.
    Postmortem found that one piece of ground software produced thrust values in pound-seconds
    (US Customary) rather than newton-seconds (SI)
    

    View Slide

11. Mars Climate Orbiter: What Could Have Helped?
    Specification review
    Integration testing
    Commitment to investigate error reports
    

    View Slide

12. Volkswagen Emissions Scandal
    

    View Slide

13. Volkswagen: What Went Wrong?
    Engineers at VW developed code to detect emissions tests and alter engine behavior
    This code was intentionally hidden and referred to as “acoustic condition”
    

    View Slide

14. Volkswagen: What Could Have Helped?
    Whistleblower-supporting culture
    Personal engineering ethics
    

    View Slide

15. Heartbleed
    

    View Slide

16. Heartbleed: What Went Wrong?
    Improper input validation bug allows out-of-bounds memory access (CWE-135)
    Exploitation of the heartbeat mechanism allows extracting secure information from
    vulnerable servers without authorization.
    

    View Slide

17. Heartbleed: What Could Have Helped?
    Code review
    Security review
    Adequate funding of open-source projects
    

    View Slide

18. Security is a guarantee that
    software will perform predictably
    regardless of input.
    

    View Slide

19. View Slide

20. View Slide

21. View Slide

22. Software is Everywhere
    

    View Slide

23. Ethics & Engineering
    (inspired by the ACM)
    

    View Slide

24. Obligations to the Public
    To take responsibility for our work.
    To balance our interests with those of our clients, employers, and users.
    To ship code we believe to be safe, tested, and built according to specifications.
    To disclose actual or potential dangers to the user, the public, or the environment.
    To avoid deception.
    To consider the abilities of users and conditions of users.
    To volunteer our skills to good causes and contribute to public education.
    

    View Slide

25. Obligations to our Clients & Employers
    To be honest about our areas of competence.
    To honor software licenses.
    To honor the property and secrets of the client or employer.
    To disclose the likelihood of failure, cost overrun, violation of law, or damage.
    To identify and disclose issues of social concern.
    To not work against the interests of the client or employer, unless ethics are being
    compromised.
    

    View Slide

26. Obligations to the Product
    To balance quality, cost, and schedule while clearly communicating trade-offs.
    To identify and disclose economic, ethical, cultural, environmental, and legal issues.
    To employ methods appropriate to the task at hand.
    To understand the specifications of the product.
    To test, debug, review, and document all code.
    To collect, store, and use only data that has been derived by ethical means.
    To maintain what we build.
    

    View Slide

27. Obligations to Our Colleagues
    To develop a professional environment and culture that encourages acting ethically.
    To promote public knowledge and education of software engineering.
    To participate in professional organizations, meetings, conferences, and publications.
    To communicate one’s obligations to one’s employers and clients.
    To assist others in their professional development.
    To give credit to the work of others.
    

    View Slide

28. Obligations to Ourselves
    To develop our technical, management, and interpersonal skills continuously.
    To advocate for our users in an honest and thoughtful way.
    To share our knowledge and experience freely.
    To recognize our prejudices and not give unfair treatment because of them.
    

    View Slide

29. Let’s Get Practical
    Commit the OWASP Top 10 to heart (https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet)
    Embrace the CWE (https://cwe.mitre.org/index.html)
    Give better code reviews
    Demand better code reviews
    Become the local expert on compliance/security/testing/debugging
    Discover and honor your ethical boundaries
    

    View Slide

30. We are responsible for the
    work we put into the world.
    

    View Slide