Loading…
September 11-14, 2017 - Los Angeles, CA
Click Here For Information & Registration
View analytic
Wednesday, September 13 • 11:50am - 12:30pm
What's in Your Containers? Tracing the Origin of Binaries - Philippe Ombredanne, AboutCode.org and nexB Inc.

Sign up or log in to save this to your schedule and see who's attending!

We are all building containers from base images with possibly questionable pre-built binaries every day. Why? We do not know what is in our own containers.
Modern software is routinely assembled from a combo of 1000's open source and vendor-provided packages that we reuse as pre-built binaries (and sometimes build from sources). A unknown, buggy or vulnerable package will sneak in easily in such a large quantity of third-party code packages where most of them are FOSS/open source.

Join me to dive in advanced techniques to identify which known packages are built into Elfs binaries either libraries or static exes.

We will first review some basic approaches to identify distro and application packages using static analyzers (without running a container!) and existing techniques for binary analysis using symbols and content-defined fingerprints with locality sensitive hashing. We will then review a new approach to determine the origin the code in binaries based on shared or unique binary information sets to build efficient indexes of the minimal signatures needed to identify packages and versions of packages (such as OpenSSL) that may be statically linked in arbitrary binaries.

Finally we will show how this approach can be used for automated detection by subverting anti-virus scanners for known binary identification. And relate the collected origin information to actual known vulnerabilities.

Speakers
PO

Philippe Ombredanne

maintainer and CTO, AboutCode.org and nexB Inc.
Philippe is a passionate FOSS developer, contributor to several FOSS projects including strace and AboutCode.org and a long time GSoC mentor. He is the CTO of nexB, a software company on a quest to find what is in your code offering both FOSS tools and commercial solutions


Wednesday September 13, 2017 11:50am - 12:30pm
Diamond Ballroom 7
Feedback form isn't open yet.

Attendees (6)