Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
security and privacy

Security and Privacy Jens Mller, Fabian Ising, Christian Mainka, - PowerPoint PPT Presentation

Feb 09, 2024 •239 likes •631 views

Office Document Security and Privacy Jens Mller, Fabian Ising, Christian Mainka, Vladislav Mladenov, Sebastian Schinzel, Jrg Schwenk Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy 4. Information Disclosure

  1. Office Document Security and Privacy Jens Müller, Fabian Ising, Christian Mainka, Vladislav Mladenov, Sebastian Schinzel, Jörg Schwenk

  2. Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy 4. Information Disclosure 5. Data Manipulation 6. Code Execution 7. Evaluation 2

  3. History: Office Wars • 1990: MS Office 1.0 • 2002: Star Office → OpenOffice.org • 2006: OOXML + ODF standardization • 2010: OpenOffice.org → LibreOffice 3

  4. Two competing standards OOXML (ISO/IEC 29500) ODF (ISO/IEC 26300) Office Open XML Open Document Format 6500 pages 800 pages (some) MS proprietary formats re-use of SVG, MathML, XForms , … .docx, .xlsx, .pptx , … .odt, .ods, .odp , … XML-based, Zip container XML-based, Zip container 4

  5. OOXML Directory Structure 5

  6. OOXML Example 6

  7. ODF Directory Structure 7

  8. ODF Example 8

  9. Attacker Model • Victim opens malicious office document • “Bad things” happen (attack -dependent) 9

  10. Overview 1. OOXML/ODF Basics 2. Denial of Service  Deflate Bomb 3. Invasion of Privacy 4. Information Disclosure 5. Data Manipulation 6. Code Execution 7. Evaluation 10

  11. Deflate Bomb max. compression ratio: 1:1023 11

  12. Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy  URL Invocation, Evitable Metadata 4. Information Disclosure 5. Data Manipulation 6. Code Execution 7. Evaluation 12

  13. URL Invocation • Goal: “phone home” to attacker’s server once document is opened 13

  14. URL Invocation CVE-2020-12802 14

  15. URL Invocation 15

  16. Evitable Metadata Source: news.bbc.co.uk 16

  17. Evitable Metadata 17

  18. Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy 4. Information Disclosure  Data Exfiltration, File Disclosure, Credential Theft 5. Data Manipulation 6. Code Execution 7. Evaluation 18

  19. Data Exfiltration • Idea: victim obtains spreadsheet; user input values sent to attacker’s server 19

  20. File Disclosure • Idea: include local files on disk 20

  21. File Disclosure 21

  22. File Disclosure 22

  23. File Disclosure 23

  24. Credential Theft • Goal: obtain user’s NTLM hash 24

  25. Credential Theft • Offline cracking – NTLMv2 : modern GPU requires 2,5h for eight chars – NTLMv1, LM : considered broken [Marlinspike2012] • Pass-the-hash or relay attacks – Compare [Ochoa2008, Hummel2009] – Depending on Windows security policy 25

  26. Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy 4. Information Disclosure 5. Data Manipulation  File Write Access, Content Masking 6. Code Execution 7. Evaluation 20

  27. File Write Access • Idea: XForms allow local file as target 27

  28. File Write Access CVE-2020-12803 28

  29. Content Masking: OOXML 29

  30. Content Masking: ODF Parsed by MS Office Parsed by LibreOffice 30

  31. Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy 4. Information Disclosure 5. Data Manipulation 6. Code Execution  Macros 7. Evaluation 24

  32. Macros 32

  33. Addition Findings CVE-2018-8161 (memory corruption) 33

  34. One-Click RCE in LibreOffice • We can write XML to arbitrary files • LibreOffice config file itself is XML 34

  35. One-Click RCE in LibreOffice CVE-2020-12803 35

  36. Overview 1. OOXML/ODF Basics 2. Denial of Service 3. Invasion of Privacy 4. Information Disclosure 5. Data Manipulation 6. Code Execution 7. Evaluation 28

  37. Evaluation 37

  38. Countermeasures • Removing insecure features • User privacy by default • Limitation of resources • Elimination of ambiguities 38

  39. Conclusion • OOXML and ODF are complex formats • Thorough analysis of dangerous features • One-click pure logic chain RCE in 2020 ;) Artifacts: https://github.com/RUB-NDS/Office-Security 39

Recommend

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.06k views • 57 slides
Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth

Data privacy: Privacy models Vicen c Torra March, 2019 Hamilton Institute, Maynooth University, Ireland Outline Outline Privacy models 1 / 11 Data privacy > Privacy models Outline Privacy models ? 2 / 11 Data privacy > Privacy

697 views • 12 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

863 views • 71 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

726 views • 45 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

434 views • 13 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

324 views • 13 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

912 views • 55 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

577 views • 26 slides
Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda

Mobile Device Security and Privacy Information Security and Privacy Office January 2012 Agenda Protecting mobile devices and your privacy Protecting Mobile Devices and Your Privacy Before We Start The City of Phoenix does not

975 views • 52 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

620 views • 30 slides
CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt // http://yxiao.info i i f Outline Outline What is Location Privacy Basic Techniques Private Information Retrieval Probabilistic

415 views • 24 slides
Privacy Computer Security Peter Reiher December 11, 2014 Lecture 16 Page 1 CS 136, Fall 2014

Privacy Computer Security Peter Reiher December 11, 2014 Lecture 16 Page 1 CS 136, Fall 2014

Privacy Computer Security Peter Reiher December 11, 2014 Lecture 16 Page 1 CS 136, Fall 2014 Privacy Data privacy issues Network privacy issues Some privacy solutions Lecture 16 Page 2 CS 136, Fall 2014 What Is Privacy?

792 views • 63 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

247 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

560 views • 21 slides
Contours and Regions Pablo Arbelez UC Berkeley I. HISTORICAL MOTIVATION Some Computer Vision

Contours and Regions Pablo Arbelez UC Berkeley I. HISTORICAL MOTIVATION Some Computer Vision

Contours and Regions Pablo Arbelez UC Berkeley I. HISTORICAL MOTIVATION Some Computer Vision Prehistory Hubel and Wiesel (1981 Nobel Price winners): MEASUREMENT system INPUT Selective response: Physiological evidence for the

1.32k views • 103 slides
Structured Forests for ConBnuity Fast Edge Detection Symmetry Piotr Dollr and Larry

Structured Forests for ConBnuity Fast Edge Detection Symmetry Piotr Dollr and Larry

4/27/16 what defines an edge? Brightness Color Texture Parallelism Structured Forests for ConBnuity Fast Edge Detection Symmetry Piotr Dollr and Larry Zitnick 1. A 1. Accur urac acy y 2. Speed 2. Speed I. data driven edge

300 views • 7 slides
Stream Reasoning using Temporal Logic and Predictive Probabilistic State Models Mattias Tiger

Stream Reasoning using Temporal Logic and Predictive Probabilistic State Models Mattias Tiger

Stream Reasoning using Temporal Logic and Predictive Probabilistic State Models Mattias Tiger Fredrik Heintz Artificial Intelligence and Integrated Computer Systems Department of Computer and Information Science Link oping University,

585 views • 24 slides
Brief Bio Rohit Jain is the CTO at Esgyn working on Apache Trafodion TM , currently in incubation.

Brief Bio Rohit Jain is the CTO at Esgyn working on Apache Trafodion TM , currently in incubation.

Apache Trafodion TM (incubating) Enterprise-Class Transactional SQL-on-Hadoop DBMS trafodion.apache.org 1 Brief Bio Rohit Jain is the CTO at Esgyn working on Apache Trafodion TM , currently in incubation. Trafodion is a transactional

404 views • 24 slides
Proposition HHH and a New Integrated Service Model in Permanent Supportive Housing 2017

Proposition HHH and a New Integrated Service Model in Permanent Supportive Housing 2017

Measure H, Proposition HHH and a New Integrated Service Model in Permanent Supportive Housing 2017 Integrated Care Conference October 26, 2017 John Connolly Los Angeles County Department of Public Health Maria Funk - Los Angeles County

751 views • 40 slides
A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S.

Intro vORAM HIRB Results A Practical Oblivious Map Data Structure with Secure Deletion and History Independence Daniel S. Roche Adam J. Aviv Seung Geol Choi Computer Science Department United States Naval Academy Annapolis, Maryland, USA

397 views • 37 slides
3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge

3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge

3/17/2009 OUTLINE OUTLINE Business Intelligence Business Intelligence Knowledge Management Paper by W. F. Cody BIKM J. T. Kreulen V. Krishna eClassifier W. S. Spangler Integrated BIKM Tools Presentation by Dylan Chi

492 views • 7 slides
Resources Overview Amanda Green, ODS Director Tim Strauch, President & CEO Support Services

Resources Overview Amanda Green, ODS Director Tim Strauch, President & CEO Support Services

OneOC Nonprofit Resources Overview Amanda Green, ODS Director Tim Strauch, President & CEO Support Services Nonprofit Resources & Support Volunteer Services & Support Back Office Support Services for Nonprofits Nonprofit Support

414 views • 7 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.