Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving Security Using Extensible Lightweight Static Analysis

Published byKarola Morgenstern Modified over 5 years ago

Similar presentations

Presentation on theme: "Improving Security Using Extensible Lightweight Static Analysis"— Presentation transcript:

1 Improving Security Using Extensible Lightweight Static Analysis
David Evans and David Larochelle Presented by Joe Combs - 12 April 2006

2 Topics Static analysis concepts Splint Described
Splint Limitations/Analysis Real world results

3 Static Analysis Concepts
Ways of eliminating flaws: Human code reviews Testing Static Analysis Most attacks stem from repeated exploits of well-known problems Tools can help codify what is known about common vulnerabilities

4 Static Analysis Concepts
Low end - standard compilers performing type checking and other simple analysis Other extreme - formal specification with theorem prover Lightweight analysis seeks a happy medium

5 Splint (aka LCLint) ANSI C static analysis tool (www.splint.org)
The halting problem comes into play when asking non-trivial questions about code so Splint makes compromises and approximations to do its work Checking rules can be strengthened or weakened to balance False Accepts & Rejects Relies on annotations - applied to function parms & return values, globals variables and struct fields

6 Splint Limitations/Analysis
Analysis limited to data flow within procedure bodies Control flow paths considered but to limit combinatorial explosion paths are merged at break points Loops checked for common idioms but convoluted code can throw it off (a challenge for human readers as well!)

7 Splint Sample Annotations
think of it as a type qualifier implies ownership of a memory location and obligation to release storage can be used to trigger a warning when unsafe functions like gets() are used

8 Splint Sample Annotations
useful for ensuring things like strcpy don’t result in a buffer overflow Extensibility!

9 Splint Metrics A real world example: the Washington University FTP daemon (8000 Lines of code) first pass warnings 66 annotations added final pass warnings 25 legitimate errors 76 false positives

10 Conclusions Lightweight static analysis is important but no replacement for runtime controls, systematic testing and security assessments Splint only catches code inconsistencies, language conventions, and assumptions documented in annotations Building up annotations and checking rules will take time Can’t detect design flaws

Download ppt "Improving Security Using Extensible Lightweight Static Analysis"

Similar presentations

Static Analysis for Security

Static Analysis for Security
Advanced programming tools at Microsoft

Advanced programming tools at Microsoft
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.

Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology

Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology
Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.

Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.

Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
SPLINT STATIC CHECKING TOOL Sripriya Subramanian 10/29/2002.

SPLINT STATIC CHECKING TOOL Sripriya Subramanian 10/29/2002.
Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.

Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.

Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.
1 Static Testing: defect prevention SIM3302. 2 objectives Able to list various type of structured group examinations (manual checking) Able to statically.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
Run-Time Storage Organization

Run-Time Storage Organization
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.

1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.

Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.
Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code Zitser, Lippmann & Leek Presented by: José Troche.

Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code Zitser, Lippmann & Leek Presented by: José Troche.

Similar presentations

Ads by Google