Static Analysis for Security

Slides:



Advertisements
Similar presentations
Symbol Table.
Advertisements

Fachbereich Informatik SVS – Sicherheit in Verteilten Systemen Universität Hamburg Preventing Buffer Overflows (and more) An overview of scientific approaches.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
CS7100 (Prasad)L16-7AG1 Attribute Grammars Attribute Grammar is a Framework for specifying semantics and enables Modular specification.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Background for “KISS: Keep It Simple and Sequential” cs264 Ras Bodik spring 2005.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Static Analysis of the VoteHere VHTi Reference Implementation Using Flawfinder and RATS Markus Dale December 2005.
TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.
CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.
ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.
Reasons to study concepts of PL
Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler, Benjamin Chelf, Andy Chow, Seth Hallem Computer Systems.
Houdini: An Annotation Assistant for ESC/Java Cormac Flanagan and K. Rustan M. Leino Compaq Systems Research Center.
Chapter 3 Program translation1 Chapt. 3 Language Translation Syntax and Semantics Translation phases Formal translation models.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Static Analysis for Security Amir Bazine Per Rehnberg.
Language Evaluation Criteria
VEX: VETTING BROWSER EXTENSIONS FOR SECURITY VULNERABILITIES XIANG PAN.
Towards Scalable Modular Checking of User-defined Properties Thomas Ball, MSR Brian Hackett, Mozilla Shuvendu Lahiri, MSR Shaz Qadeer, MSR Julien Vanegue,
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.
Types for Programs and Proofs Lecture 1. What are types? int, float, char, …, arrays types of procedures, functions, references, records, objects,...
A Survey of Dynamic Techniques for Detecting Device Driver Errors Olatunji Ruwase LBA Reading Group 18 th May 2010.
University of Houston-Clear Lake Proprietary© 1997 Evolution of Programming Languages Basic cycle of improvement –Experience software difficulties –Theory.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.
Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.
FLEX Fast Lexical Analyzer EECS Introduction Flex is a lexical analysis (scanner) generator. Flex is provided with a user input file or Standard.
David Evans These slides: Introduction to Static Analysis.
DTS ( Defect Testing System ) Yang Zhao Hong, Gong Yun Zhan,Xiao Qing, Wang Ya Wen Beijing University of Posts and Telecommunications
Static Analysis James Walden Northern Kentucky University.
CSCE 548 Integer Overflows Format String Problem.
1. 2 Preface In the time since the 1986 edition of this book, the world of compiler design has changed significantly 3.
Chapter 3 Syntax, Errors, and Debugging Fundamentals of Java.
1 Splint: A Static Memory Leakage tool Presented By: Krishna Balasubramanian.
Semantic Analysis II Type Checking EECS 483 – Lecture 12 University of Michigan Wednesday, October 18, 2006.
Introduction to Software Analysis CS Why Take This Course? Learn methods to improve software quality – reliability, security, performance, etc.
CS412/413 Introduction to Compilers Radu Rugina Lecture 11: Symbol Tables 13 Feb 02.
©SoftMoore ConsultingSlide 1 Structure of Compilers.
MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.
Chapter 4 Static Analysis. Summary (1) Building a model of the program:  Lexical analysis  Parsing  Abstract syntax  Semantic Analysis  Tracking.
Preventing bugs with pluggable type-checking Michael Ernst MIT
CS223: Software Engineering Lecture 21: Unit Testing Metric.
Programming Languages Concepts Chapter 1: Programming Languages Concepts Lecture # 4.
CS 5150 Software Engineering Lecture 21 Reliability 2.
STATIC CODE ANALYSIS. OUTLINE  INTRODUCTION  BACKGROUND o REGULAR EXPRESSIONS o SYNTAX TREES o CONTROL FLOW GRAPHS  TOOLS AND THEIR WORKING  ERROR.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Chapter 2 Introduction to Static Analysis. Chapter Outline Capabilities and Limitations of Static Analysis  Type checking  Style checking  Program.
Content Coverity Static Analysis Use cases of Coverity Examples
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Introduction to Compiler Construction
YAHMD - Yet Another Heap Memory Debugger
Types for Programs and Proofs
Context-Sensitive Analysis
Compiler Construction (CS-636)
Ik-Soon Kim December 18, 2010 Embedded Software Platform Team
C Basics.
SUDS: An Infrastructure for Creating Bug Detection Tools
Security in Java Real or Decaf? cs205: engineering software
Improving Security Using Extensible Lightweight Static Analysis
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
CSCE 330 Programming Language Structures Ch.2: Syntax and Semantics
Types and Type Checking (What is it good for?)
Introduction to Static Analyzer
NASA Secure Coding Rules
Semantic Type Qualifiers
Presentation transcript:

Static Analysis for Security POSTECH Laboratory for UNIX Security (PLUS) Kwang Yul Seo skyul@postech.ac.kr

Static Analysis for Security Detecting security problems through source code (or binary) Identifying many common coding problems automatically

Dynamic vs Static Static tools examine the text of a program statically, without attempting to execute it Source code Binary E.g., Java Bytecode Dynamic Poor testability: due to hard-to-reach states, unusual circumstances

Manual vs Automatic Manual Automatic Time cosuming Auditor dependent Fast Easy to use

Pitfalls Aim for good, not perfect Require human evaluation Check a fixed set of patterns, or rules in the code Require human evaluation Priority, supression Undecideable Rice’s theorem: every non-trivial problem-> halting problem False negatives <-> False positives

Example of Static Analysis: grep Grep can be a static analysis tool for security $ grep gets * Cannot differntiate comments, declarations, defintions… (1) gets(&buf); (2) /* never ever call gets */ (3) int begetsNextChild = 0; Lexical analysis is required!

Lexical Analysis Tools ITS4 FlawFinder(www.dwheeler.com/flawfinder) RATS(www.securesoftware.com) Matt Bishop & Mike Dilger’s TOCTOU(time-of-check time-of-use) check tool Preprocess and tokenize the source files, and then match the result token stream against a library of vulnerable constructs

Lexical Analysis Tool: Pitfalls No semantic checks! Many false positives Must borrow compiler technologies E.g., AST (Abstract Syntax Tree) Data-flow analysis

Analysis Scopes Local analysis Module-level analysis One function at a time Module-level analysis One class/or compilation unit Global(interprocedural) analysis Entire program More context is better, but computation grows so fast!

Tool Tradeoffs Sound vs unsound Flexible(General) vs special-purpose General tools are able to read definitions of bugs and apply them

Example: Boon Integer range analysis However, Bool is imprcise Catch bugs indexing an array outside its bounds in C However, Bool is imprcise Ignores statement order Can’t model interprocedural dependencies Ignores pointer aliasing

Example: CQual Inspired by Perl’s taint mode Detects format string vulnerabilities in C programs Use type qualifiers to perform a taint analysis Annotate a few variables as tainted/untainted Use type inference rules to propagate the qualifiers The system can check format string bugs by type checking

Example: xg++ Use template-driven compiler extension to find kernel vulnerabilities in Linux/OpenBSD Looks for locations where kernel uses data from untrusted source without checking it first E.g., A user can cause the kernel to allocate memory and not free it A user can cause the kernel to deadlock

Example: Eau Claire Use a theorem-prover to create a general specification-checking framework for C programs Find common security bugs Buffer overflows File access race conditions Format string bugs Developers can use specifications to verify that a function implementations behave as expected

Example: MOPS Model-checking approach to look for violations of temporal safety properties Developer can model their own safety properties Privilege management errors Incorrect construction of chroot jails File access race conditions Ill-conceived temporary file schemes

Example: Splint Extends lint concept into security realm By adding annotations, find Abstraction violations Unannounced modifications to global variables Possible use-before-initialization Reason about minimum and maximum array bounds accesses if it is provided with function pre and post conditions

Example: Other tools ESP, a large-scale property verification approach Model checkers such as SLAM and BLAST Use predicate abstraction to examine program safety properties FindBugs, a lightweight checker with a good reputation for unearthing common errors in Java programs

Further Requirements Easy to use even for non-security people Easy to apply regularly

Revised Software Development Life Cycle

References Static Analysis for Security by Gary McGraw http://www.cigital.com/papers/download/bsi5-static.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.