Presentation is loading. Please wait.

Presentation is loading. Please wait.

SATE 2010 Analysis Aurélien Delaitre, NIST October 1, 2010 The SAMATE Project

Published byGary Austin Modified over 9 years ago

Similar presentations

Presentation on theme: "SATE 2010 Analysis Aurélien Delaitre, NIST October 1, 2010 The SAMATE Project"— Presentation transcript:

1 SATE 2010 Analysis Aurélien Delaitre, NIST aurelien.delaitre@nist.gov October 1, 2010 The SAMATE Project http://samate.nist.gov/

2 Outline What tools find What people find – CVEs – Manual analysis

3 Building on SATE 2009 SATE 2010 SATE 2009 SATE 2010

4 Improving categories True Insignificant SATE 2009 Security Quality Insignificant SATE 2010

5 Improving the guidelines 45 lines → 314 lines Considering weakness types Better uniformity in evaluations

6 Decision process Security False Insignificant Unknown Quality Path...Type... Context... Bug...

7 Sampling Warnings of each class of severity 1 - 4

8 Weakness categories

9 Quality and security related

10 Non-false overlap

11 CVEs Key elements of the path for matching: Blocks of code Sink or upflow path elements But not exhaustive

12 Example /* Dialect Index */ dialect = tvb_get_letohs(tvb, offset); if (si->sip && si->sip->extra_info_type==SMB_EI_DIALECTS) { dialects = si->sip->extra_info; if (dialect num) { dialect_name = dialects->name[dialect]; } if (!dialect_name) { dialect_name = "unknown"; }

13 Manual analysis Dovecot for C Pebble for Java – Used a slightly later version

14 Dovecot No remotely exploitable vulnerability found Threat modeling Fuzzing Code review

15 Pebble Several vulnerabilities found Threat modeling Pen. test Code review

16 Tools ∩ humans No human findings for Dovecot No matches for Chrome and Wireshark

17 Interpretation All weaknesses CVEs Tool findings CVEs ∩ tool findings = ∅

18 Interpretation CVE descriptions ∩ tool findings = ∅ All weaknesses CVEs Tool findings CVE descriptions

19 Questions

Download ppt "SATE 2010 Analysis Aurélien Delaitre, NIST October 1, 2010 The SAMATE Project"

Similar presentations

Decision Structures - If / Else If / Else. Decisions Often we need to make decisions based on information that we receive. Often we need to make decisions.

Decision Structures - If / Else If / Else. Decisions Often we need to make decisions based on information that we receive. Often we need to make decisions.
Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology

Software Assurance Metrics and Tool Evaluation (SAMATE) Michael Kass National Institute of Standards and Technology
Chapter 13 Control Structures. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 13-2 Control Structures Conditional.

Chapter 13 Control Structures. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Control Structures Conditional.
Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
SATE 2010 Background Vadim Okun, NIST October 1, 2010 The SAMATE Project

SATE 2010 Background Vadim Okun, NIST October 1, 2010 The SAMATE Project
© Coverity 2010 Coverity Analysis: Improving Quality in the Software Supply Chain Peter Henriksen, Development Manager for Analysis, Coverity October 1,

© Coverity 2010 Coverity Analysis: Improving Quality in the Software Supply Chain Peter Henriksen, Development Manager for Analysis, Coverity October 1,
Choosing SATE Test Cases Based on CVEs Sue Wang October 1, 2010 The SAMATE Project 1SATE 2010 Workshop.

Choosing SATE Test Cases Based on CVEs Sue Wang October 1, 2010 The SAMATE Project 1SATE 2010 Workshop.
Tool Nose Radius = TNR. Tool nose radius An offset feature used on turning center that slightly shifts the tool path for a round tip on an insert during.

Tool Nose Radius = TNR. Tool nose radius An offset feature used on turning center that slightly shifts the tool path for a round tip on an insert during.
Improving Static Analysis Results Accuracy Chris Wysopal CTO & Co-founder, Veracode SATE Summit October 1, 2010.

Improving Static Analysis Results Accuracy Chris Wysopal CTO & Co-founder, Veracode SATE Summit October 1, 2010.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Selection Statements choice of one among several blocks of code Java supports 3 kinds of selection statements: if statement – selects one block or leaves.

Selection Statements choice of one among several blocks of code Java supports 3 kinds of selection statements: if statement – selects one block or leaves.
1 Loop-Extended Symbolic Execution on Binary Programs Pongsin Poosankam ‡* Prateek Saxena * Stephen McCamant * Dawn Song * ‡ Carnegie Mellon University.

1 Loop-Extended Symbolic Execution on Binary Programs Pongsin Poosankam ‡* Prateek Saxena * Stephen McCamant * Dawn Song * ‡ Carnegie Mellon University.
Level 3Level 4Level 5Level 6Level 7/8 Solving Equations I am beginning to understand the role of the = sign I can find missing numbers. I can construct.

Level 3Level 4Level 5Level 6Level 7/8 Solving Equations I am beginning to understand the role of the = sign I can find missing numbers. I can construct.
This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.
Evaluating Static Analysis Tools Dr. Paul E. Black

Evaluating Static Analysis Tools Dr. Paul E. Black
This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.
A Scanner Sparkly Web Application Proxy Editors and Scanners.

A Scanner Sparkly Web Application Proxy Editors and Scanners.
Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.
Lisp by Namtap Tapchareon 49540511. Lisp Background  Lisp was developed by John McCarthy in 1958.  Lisp is derives from List Processing Language. 

Lisp by Namtap Tapchareon Lisp Background  Lisp was developed by John McCarthy in  Lisp is derives from List Processing Language. 

Similar presentations

Ads by Google