Presentation is loading. Please wait.

Presentation is loading. Please wait.

AdaCore Technologies for Cyber Security

Published byVerawati Hardja Modified over 6 years ago

Similar presentations

Presentation on theme: "AdaCore Technologies for Cyber Security"— Presentation transcript:

1

2 AdaCore Technologies for Cyber Security
Yannick Moy November 14th, 2018

3 Take Home Messages Use of Ada/SPARK and AdaCore tools helps prevent or mitigate a number of serious security vulnerabilities Static analysis tools CodePeer and SPARK Pro (GNATprove) can be used to identify around 20 CWE vulnerabilities AdaCore roadmap includes features and tools to prevent or mitigate security vulnerabilities: fuzz testing, compiler hardening, taint analysis, proven secure libraries

4

5 Already 690 books offered! Already 1016 downloads!

6 Data Validation – SQL Injection & friends

7 Data Validation – Mitigations
Dynamic Mitigation Ada run-time checking Ada attribute X’Valid GNAT attribute X’Valid_Scalars GNAT validity checks -gnatV Static Mitigation GNAT warnings CodePeer static analysis SPARK Pro proof of checks SPARK Pro proof of contracts

8

9 Native Code Injection – Mitigations
Ada Code Injection No reflection/eval construct Static linking Execute from ROM/Flash Machine Code Injection Start from buffer overflow  Ada run-time checking  CodePeer & SPARK Pro

10 Denial of Service – Mitigations
Dynamic Mitigation Exception handling Static Mitigation Crash proof application? Loop termination?  CodePeer & SPARK Pro

11 Information Leak – Mitigations

12 Information Leak – Mitigations

13 Information Leak – Mitigations
?

14 Side Channel Attacks Data Leakage Attacks - Key material is leaked
- Branch test on secret data - Array read/write on secret data - Verification of secret is time sensitive - Secret data is left in memory Fault Injection Attacks - Bit-flip Boolean/enums - Data corruption - Corrupt return address/PC - Skip branch decision - Early loop termination

15 (Compiler) Hardening Data Leakage Attacks
- Detect sensitive control flow - Start array read/write at random index - Force verification of secret to take same time always - Stack/register erasing Fault Injection Attacks - Represent Boolean/enums on words - Use data checksums - Add explicit step counter - Replicate branch decisions - Verify loop termination

16 Industrial Scenario Examples
Identifying and repairing security vulnerabilities in existing Ada codebases Scenario 2: Ada software development practices for increasing security Scenario 3: Secure Design through SPARK Scenario 4: Support for Mixed Criticality Systems

17 Scenario 3 Example: Muen
The Muen Separation Kernel is the world’s first Open Source microkernel that has been formally proven to contain no runtime errors at the source code level.

18 Scenario 3 Example: WooKey
Software classes of attacks (e.g. buffer overflows) are mitigated using EwoK [...] providing more confidence by using the Ada safe language along with SPARK for formal verification of critical parts.

19 Take Home Messages Use of Ada/SPARK and AdaCore tools helps prevent or mitigate a number of serious security vulnerabilities Static analysis tools CodePeer and SPARK Pro (GNATprove) can be used to identify around 20 CWE vulnerabilities AdaCore roadmap includes features and tools to prevent or mitigate security vulnerabilities: fuzz testing, compiler hardening, taint analysis, proven secure libraries

20 SPARK Pro Update Yannick Moy November 14th, 2018

21 SPARK Discovery Update
Yannick Moy November 14th, 2018

22

23 Already 940 books offered! Already 1119 downloads!

24 Program Specification
SPARK Pro 19 Content Program Specification Tool Automation Tool Interaction Tool Usability

25 SPARK Pro 19 – Program Specification
More precise support for 'Image and 'Img attributes Support for more fixed-point types and operations New SPARK-compatible libraries for dimensional analysis New lemmas for exponentiation, fixed-point arithmetic and higher-order functions [only SPARK Pro]

26 SPARK Pro 19 – Tool Automation
Automatic detection of array initialization with non-static bounds Automatic unrolling of loops with dynamic bounds or executed only once Improved support for floating-point computations [only SPARK Pro]

27 SPARK Pro 19 – Tool Interaction
Better messages: - to understand root cause for SPARK violations - to investigate unproved checks - to detect inconsistencies Better counterexamples: [only SPARK Pro] - on values of private types and float types - on individual paths through subprograms Better integration in GPS: - path for missing dependency can be displayed - ability to focus analysis on region of code - new Analysis Report panel

28 Better messages – Info Messages
Enabled by switch --info

29 Better messages – Possible Explanation

30 Better messages – Warnings by Proof
Enabled by switch --proof-warnings Warn on: - precondition or postcondition always False - dead code after loop - unreachable branches in assertions

31 Better counterexamples – Single Path

32 Better GPS Integration – Analyze Region

33 Better GPS Integration – Analysis Report

34 SPARK Pro 19 – Tool Usability
New switches - to limit memory used by provers - to treat failed checks as errors - to support --subdirs and --no-subprojects Better predictability of running time with --level switch Speedup on large projects

35

36 SPARK Pro 20 – Roadmap Support for safe Rust-like ownership pointers
Improved support for floating-point computations Better interactions: messages, counterexamples, GPS integration… Contracts on standard libraries and bindings to other libraries Proven libraries and lemma libraries

37

Download ppt "AdaCore Technologies for Cyber Security"

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Software Engineering-II Sir zubair sajid. What’s the difference? Verification – Are you building the product right? – Software must conform to its specification.

Software Engineering-II Sir zubair sajid. What’s the difference? Verification – Are you building the product right? – Software must conform to its specification.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.

Slide: 1 Copyright © 2014 AdaCore Claire Dross, Pavlos Efstathopoulos, David Lesens, David Mentré and Yannick Moy Embedded Real Time Software and Systems.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu

Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Static code check – Klocwork

Static code check – Klocwork
CSI 3120, Exception handling, page 1 Exception and Event Handling Credits Robert W. Sebesta, Concepts of Programming Languages, 8 th ed., 2007 Dr. Nathalie.

CSI 3120, Exception handling, page 1 Exception and Event Handling Credits Robert W. Sebesta, Concepts of Programming Languages, 8 th ed., 2007 Dr. Nathalie.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.

OOP #10: Correctness Fritz Henglein. Wrap-up: Types A type is a collection of objects with common behavior (operations and properties). (Abstract) types.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
Chair of Software Engineering Automatic Verification of Computer Programs.

Chair of Software Engineering Automatic Verification of Computer Programs.
Verification and Validation CIS 376 Bruce R. Maxim UM-Dearborn.

Verification and Validation CIS 376 Bruce R. Maxim UM-Dearborn.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Java Security Updated May 2007. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Similar presentations

Ads by Google