This event has ended. Visit the official site or create your own event on Sched.
September 11-14, 2017 - Los Angeles, CA
Click Here For Information & Registration
Wednesday, September 13 • 11:50am - 12:30pm
What's in Your Containers? Tracing the Origin of Binaries - Philippe Ombredanne, AboutCode.org and nexB Inc.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
We are all building containers from base images with possibly questionable pre-built binaries every day. Why? We do not know what is in our own containers.
Modern software is routinely assembled from a combo of 1000's open source and vendor-provided packages that we reuse as pre-built binaries (and sometimes build from sources). A unknown, buggy or vulnerable package will sneak in easily in such a large quantity of third-party code packages where most of them are FOSS/open source.

Join me to dive in advanced techniques to identify which known packages are built into Elfs binaries either libraries or static exes.

We will first review some basic approaches to identify distro and application packages using static analyzers (without running a container!) and existing techniques for binary analysis using symbols and content-defined fingerprints with locality sensitive hashing. We will then review a new approach to determine the origin the code in binaries based on shared or unique binary information sets to build efficient indexes of the minimal signatures needed to identify packages and versions of packages (such as OpenSSL) that may be statically linked in arbitrary binaries.

Finally we will show how this approach can be used for automated detection by subverting anti-virus scanners for known binary identification. And relate the collected origin information to actual known vulnerabilities.

avatar for Philippe Ombredanne

Philippe Ombredanne

ScanCode maintainer, AboutCode.org and nexB Inc.
Philippe Ombredanne is a passionate FOSS hacker, lead maintainer of the ScanCode toolkit and on a mission to enable easier and safer to reuse FOSS code with best in class open source Software Composition Analysis tools for open source discovery, license & security compliance at https://aboutcode.org... Read More →

Wednesday September 13, 2017 11:50am - 12:30pm PDT
Diamond Ballroom 7