Presentation is loading. Please wait.

Presentation is loading. Please wait.

Korey Breshears. Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Korey Breshears. Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools."— Presentation transcript:

1 Korey Breshears

2 Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools have?

3 What is it?  Automated security tools are tools designed to enhance the security of a program automatically

4 Why do we need these tools?  Information is increasing at an unprecedented pace  It is time consuming to debug subtle bugs  Easier to maintain  Quicker code development  Reliability

5 Types of tools  Compiler/Translator  Toolkits/Frameworks  Stand alone programs

6 Compiler/Translator  Provide type safety for non type safe languages  Provide security for parallel programs  Ccured  SAFECode Project  Gcc known problem

7 CCured  CCured is a source-to-source translator for C  The translator itself is written in Ocaml (a dialect of ML)  Provides type safety for C program

8 SAFECode Project  Array bounds checking  Loads and stores only access valid memory objects  Type safety for a subset of memory objects proven to be type-safe  Sound operational semantics in the face of dangling pointer errors  Optional dangling pointer detection

9 Toolkits/Frameworks  Securibot framework  Provide built in functions for security  Access control policy generator

10 Stand alone program  Monitor stack and heap  Provide real time security

11 Issues with automation  Only known types of problems can be caught  The security program could miss a bug  The security program is only as strong as its algorithm

12 Conclusion  What automated security tools are and benefits to using them  Types of tools Compilers/Translators Toolkits/Frameworks Stand alone Programs  Problems with automated tools

13 Questions?

Download ppt "Korey Breshears. Overview  What are automated security tools?  Why do we need them?  What types of tools are there?  What problems do these tools."

Similar presentations

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
CHECKING MEMORY SAFETY AND TEST GENERATION USING B LAST By: Pashootan Vaezipoor Computing Science Dept of Simon Fraser University.

CHECKING MEMORY SAFETY AND TEST GENERATION USING B LAST By: Pashootan Vaezipoor Computing Science Dept of Simon Fraser University.
Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology

Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology
Chapter 15 Debugging. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15-2 Debugging with High Level Languages.

Chapter 15 Debugging. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Debugging with High Level Languages.
Dynamic Memory Management

Dynamic Memory Management
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
The Functions and Purposes of Translators Code Generation (Intermediate Code, Optimisation, Final Code), Linkers & Loaders.

The Functions and Purposes of Translators Code Generation (Intermediate Code, Optimisation, Final Code), Linkers & Loaders.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.

INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2007 Exterminator: Automatically Correcting Memory Errors with High Probability Gene.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2007 Exterminator: Automatically Correcting Memory Errors with High Probability Gene.
Hastings Purify: Fast Detection of Memory Leaks and Access Errors.

Hastings Purify: Fast Detection of Memory Leaks and Access Errors.
SAFECode Memory Safety Without Runtime Checks or Garbage Collection By Dinakar Dhurjati Joint work with Sumant Kowshik, Vikram Adve and Chris Lattner University.

SAFECode Memory Safety Without Runtime Checks or Garbage Collection By Dinakar Dhurjati Joint work with Sumant Kowshik, Vikram Adve and Chris Lattner University.
SAFECode SAFECode: Enforcing Alias Analysis for Weakly Typed Languages Dinakar Dhurjati University of Illinois at Urbana-Champaign Joint work with Sumant.

SAFECode SAFECode: Enforcing Alias Analysis for Weakly Typed Languages Dinakar Dhurjati University of Illinois at Urbana-Champaign Joint work with Sumant.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.

Introduction The Approach ’ s Overview A Language of Pointers The Type System Operational Semantics Type Safety Type Inference The Rest of C Experiments.
Strength Through Typing: A more powerful dependently-typed assembly language Matt Harren George Necula OSQ 2004.

Strength Through Typing: A more powerful dependently-typed assembly language Matt Harren George Necula OSQ 2004.
Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.
Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.

Automatically Proving the Correctness of Compiler Optimizations Sorin Lerner Todd Millstein Craig Chambers University of Washington.
Random Testing of Interrupt-Driven Software John Regehr University of Utah.

Random Testing of Interrupt-Driven Software John Regehr University of Utah.

Similar presentations

Ads by Google