Security Tip of the Month – October 2009

See other Security Tips of the Month

by Jeremy Dallman, Security Program Manager, Microsoft Security Engineering Center

In September, the Microsoft SDL team released two new security test tools. I wanted to take you inside one of these tools to show you how easy it is to use them to improve the security of your software. BinScope Binary Analyzer is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with the requirements and recommendations of the Microsoft Security Development Lifecycle (SDL). At Microsoft, use of BinScope is a requirement of the Verification Phase of the SDL.

By using BinScope, developers and testers will be able to easily and quickly verify that they have built their code using the compiler/linker protections required by the Microsoft SDL.  BinScope installs in two forms - as a standalone executable or as a Visual Studio add-on In addition, BinScope integrates with Microsoft Team Foundation Server (TFS) to output results into work items. If your project is using the Microsoft SDL Process Template for VSTS, BinScope will seamlessly integrate with your security work items and SDL Final Security Review reporting.

Why use BinScope?

Each of the BinScope checks addresses a weakness commonly exploited by attackers. These individual safeguards should not be considered effective by themselves, but should be adopted together. Since these weaknesses are all well known, leaving any one of them exposed could potentially leave a system insecure and susceptible to attack. BinScope is a single tool that you can use to verify you are using all of these checks in your software before you release it to customers.

Some of the checks performed by BinScope include confirmations that:

• /GS flag
• /SafeSEH flag
• /NXCOMPAT flag
• /DYNAMICBASE flag
• .NET Strong-Named Assemblies
• Known good are being used
• Up-to-date compiler and linker versions are being used (minimum Visual Studio 2005 SP2)

 BinScope also points out dangerous constructs that are prohibited or discouraged by SDL, including:

• Non /GS friendly initialization
• R/W shared sections
• Use of APTCA (allow partially trusted caller attribute) with Strong-named assemblies
• Global function pointers
• ATLVulnCheck for classes implementing that have potentially vulnerable property map entries.
• How to use BinScope

How to Use BinScope

Using the Standalone Version

Once you have downloaded BinScope and installed it, you can launch the standalone version from the Start Menu. BinScope will open on the Configure tab.

Configuration is completed in four steps:

1. Enter the target path
2. Modify the default Output Log path if desired
3. Enter the directory or symbol server containing your project’s private symbols.
4. Select which checks you want to perform in Checks pane

BinScope begins a scan by clicking the Run button.

The Run screen will display and the progress of your scan will be shown. Failures and scanning errors will display onscreen as they occur.

Once BinScope has completed the scan, it will automatically display a Results Report which you can save for further investigation.

Using BinScope in Visual Studio

If you use Visual Studio 2008, BinScope will by default install as an add-in for Visual Studio. You can launch BinScope within the Visual Studio IDE and run it directly against your built project. If you want to adjust the settings for BinScope, you can navigate to Tools->Options->Security.

Launching BinScope from the Tools menu or from within Solution Explorer will immediately start a scan and begin generating output in the Error and Output panes. Below is a screenshot of BinScope output in the Error List pane.

You can right-click on any of these errors and get more information from the included BinScope help documentation that provides details on both the errors and mitigations.

Integrated with Team Foundation Server (TFS)

If you are using BinScope on a project that is connected to TFS, you can configure the tool to output to TFS. If you are already connected to a TFS project, when an error is right-clicked and Create BinScope Workitems is selected, a default work item for Team Foundation Server will automatically appear pre-populated with the information in the error message.

If you are using the SDL Process Template for VSTS, the “Bug” work item type with security fields will be automatically pre-populated and enable SDL-specific reporting.

In Conclusion

At Microsoft, BinScope is a required tool that has been used for several years to help protect our own software and customers from some of the most common coding security errors. As software becomes more vulnerable to attacks, it is important that your team is equipped with tools that effectively help them write more secure code. We believe the Security Development Lifecycle combined with tools like BinScope will enable your teams to adopt security best practices more quickly and make writing secure code easier.

For more information, view the demo videos of both BinScope Binary Analyzer and MiniFuzz File Fuzzer.