Improving Security Using Extensible Lightweight Static Analysis

Slides:



Advertisements
Similar presentations
Static Analysis for Security
Advertisements

Advanced programming tools at Microsoft
Challenges in increasing tool support for programming K. Rustan M. Leino Microsoft Research, Redmond, WA, USA 23 Sep 2004 ICTAC Guiyang, Guizhou, PRC joint.
Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology
Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.
Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
SPLINT STATIC CHECKING TOOL Sripriya Subramanian 10/29/2002.
Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.
1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
Run-Time Storage Organization
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Declaring and Checking Non-null Types in an Object-Oriented Language Authors: Manuel Fahndrich K. Rustan M. Leino OOPSLA’03 Presenter: Alexander Landau.
Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code Zitser, Lippmann & Leek Presented by: José Troche.
Examining the Code [Reading assignment: Chapter 6, pp ]
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle David Evans University of Virginia Department of Computer Science Supported.
Static Analysis for Security Amir Bazine Per Rehnberg.
The Impact of Programming Language Theory on Computer Security Drew Dean Computer Science Laboratory SRI International.
A Framework for Automated Web Application Security Evaluation
C++ Code Analysis: an Open Architecture for the Verification of Coding Rules Paolo Tonella ITC-irst, Centro per la Ricerca Scientifica e Tecnologica
CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,
Department of Computer Science A Static Program Analyzer to increase software reuse Ramakrishnan Venkitaraman and Gopal Gupta.
Microsoft Security Development Lifecycle
Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.
Chapter 25 Formal Methods Formal methods Specify program using math Develop program using math Prove program matches specification using.
Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Defenses Author:
Static Program Analysis of Embedded Software Ramakrishnan Venkitaraman Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Static Program Analyses of DSP Software Systems Ramakrishnan Venkitaraman and Gopal Gupta.
David Evans These slides: Introduction to Static Analysis.
David Evans CS551/651: Dependable Computing University of Virginia Computer Science Static Analysis.
Static Analysis James Walden Northern Kentucky University.
Buffer Overflow Attack-proofing by Transforming Code Binary Gopal Gupta Parag Doshi, R. Reghuramalingam The University of Texas at Dallas 11/15/2004.
David Evans The Bugs and the Bees Research in Swarm Programming and Security University of Virginia.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
1 Splint: A Static Memory Leakage tool Presented By: Krishna Balasubramanian.
(A Somewhat Self-Indulgent) Splint Retrospective David Evans University of Virginia 25 October 2010.
Protecting C Programs from Attacks via Invalid Pointer Dereferences Suan Hsi Yong, Susan Horwitz University of Wisconsin – Madison.
S ECURE P ROGRAMMING 6. B UFFER O VERFLOW (S TRINGS AND I NTEGERS ) P ART 2 Chih Hung Wang Reference: 1. B. Chess and J. West, Secure Programming with.
Introducing Mango: A Formal Eclipse plugin for Java Vulnerability Detection Frank Rimlinger Information Assurance Directorate National Security Agency.
Quick Review of OOP Constructs Classes:  Data types for structured data and behavior  fields and methods Objects:  Variables whose data type is a class.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 11, 2011.
1 C# - Inheritance and Polymorphism. 2 1.Inheritance 2.Implementing Inheritance in C# 3.Constructor calls in Inheritance 4.Protected Access Modifier 5.The.
Chapter 4 Static Analysis. Summary (1) Building a model of the program:  Lexical analysis  Parsing  Abstract syntax  Semantic Analysis  Tracking.
ESSoS: February Leuven, Belgium1 Measuring the Effect of Code Complexity on Static Analysis Results James Walden, Adam Messer, Alex Kuhl Northern.
David Evans The Bugs and the Bees Research in Programming Languages and Security University of.
University of Virginia Computer Science Extensible Lightweight Static Checking David Evans On the I/O.
Classic Buffer OVERFLOW ATTACKS CSCE 548 Student Presentation Mouiad Al Wahah.
Buffer Overflow Defenses
Sabrina Wilkes-Morris CSCE 548 Student Presentation
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Data Collection and Analysis
Verification and Validation
Semantic Analysis with Emphasis on Name Analysis
AdaCore Technologies for Cyber Security
Lesson Objectives Aims You should be able to:
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Program Assertions in Security
UNIT V Run Time Environments.
Software Security.
CSC-682 Advanced Computer Security
Java Modeling Language (JML)
Annotation-Assisted Lightweight Static Checking
Semantic Type Qualifiers
Presentation transcript:

Improving Security Using Extensible Lightweight Static Analysis David Evans and David Larochelle Presented by Joe Combs - 12 April 2006

Topics Static analysis concepts Splint Described Splint Limitations/Analysis Real world results

Static Analysis Concepts Ways of eliminating flaws: Human code reviews Testing Static Analysis Most attacks stem from repeated exploits of well-known problems Tools can help codify what is known about common vulnerabilities

Static Analysis Concepts Low end - standard compilers performing type checking and other simple analysis Other extreme - formal specification with theorem prover Lightweight analysis seeks a happy medium

Splint (aka LCLint) ANSI C static analysis tool (www.splint.org) The halting problem comes into play when asking non-trivial questions about code so Splint makes compromises and approximations to do its work Checking rules can be strengthened or weakened to balance False Accepts & Rejects Relies on annotations - /*@someAnnotation*/ applied to function parms & return values, globals variables and struct fields

Splint Limitations/Analysis Analysis limited to data flow within procedure bodies Control flow paths considered but to limit combinatorial explosion paths are merged at break points Loops checked for common idioms but convoluted code can throw it off (a challenge for human readers as well!)

Splint Sample Annotations /*@notnull@*/ think of it as a type qualifier /*@only@*/ implies ownership of a memory location and obligation to release storage /*@warn bufferoverflowhigh@*/ can be used to trigger a warning when unsafe functions like gets() are used

Splint Sample Annotations /*@nullterminated@*/ /*@requires maxSet(s1)>=maxRead(s2)@*/ useful for ensuring things like strcpy don’t result in a buffer overflow Extensibility! /*@tainted@*/

Splint Metrics A real world example: the Washington University FTP daemon (8000 Lines of code) first pass - 166 warnings 66 annotations added final pass - 101 warnings 25 legitimate errors 76 false positives

Conclusions Lightweight static analysis is important but no replacement for runtime controls, systematic testing and security assessments Splint only catches code inconsistencies, language conventions, and assumptions documented in annotations Building up annotations and checking rules will take time Can’t detect design flaws