SecureODF

Tariq Rashid, @postenterprise

Stack Smashers Meetup, October 2015

who, why?

I've experienced security in environments where the impact is fairly high,

and the baddies are fairly determined and resourced.

 

I saw a problem - cost, complexity, bad UX.

 

I'm suggesting a fix.

 

I'd like ideas, challenges, suggestions, pointers .... before I really dive in!

the problem

document bourne malware is on the rise

the problem

and it costs a lot to manage

the solutions

are flawed

are complex, with bad UX

popular document formats are designed for

 

features...

 

... not security

ideal solution

verifiably secure

 

has momentum

 

good user experience

momentum?

don't invent a new format

 

Open Document Format

 

already works with LibreOffice, Microsoft Office, GoogleDocs, Apple, ....

 

​and increasingly mandated by governments

- incl UK Government (2014)

UX?

no new processes or steps for users

 

works with existing familiar software

 

no separate desktops, browse-downs, etc etc

 

default save, or save as

 

invisible network level validation ..

verifiably secure?

need your help!

 

100% predictable behaviour?

 

no Turning machine?

 

no execution or translation - only representation?

 

 

secure/ODF?

 

XML keys and values ONLY from known-good set

 

content range and values only from known good set - incl user generated content

 

strict order of XML tags and structure

 

complete - no missing bits allowed

 

no arbitrary execution - only representation of data

why not OOXML?

 

not truly open

 

execution paths obscured - e.g. Windows Metafile handling

think of a Tweet

max size 240

min size 1

ASCII 65-90 only

don't interpret content

no malware?

It's Not About Cryptography

Alice

Bob

It's about safely receiving docs from less trusted sources

OOXML

secureODF

next steps

1. define security objectives

 

2. define secureODF schema and assertions

 

3. validator, import/export

recap - the idea

1 - Every business needs to exchange documents - but common document formats were never designed to be secure.

 

2 - Documents carrying malware is a major method of cyber attack.

 

3 - Anti-malware scanning is not good enough to protect critical infrastructure like health, energy, government, transport, finance.

 

4 - But today's strong security is expensive and cumbersome.

 

The elegant solution is to develop verifiably secure variants of existing Open Document Format - free for all - for social good.