Tools and Experiments for Software Security

Loading...
Thumbnail Image

Files

Publication or External Link

Date

2018

Citation

Abstract

The computer security problems that we face begin in computer programs that we write.

The exploitation of vulnerabilities that leads to the theft of private

information and other nefarious activities often begins with a vulnerability

accidentally created in a computer program by that program's author. What

are the factors that lead to the creation of these vulnerabilities? Software

development and programming is in part a synthetic activity that we can

control with technology, i.e. different programming languages and software

development tools. Does changing the technology used to program software help

programmers write more secure code? Can we create technology that will

help programmers make fewer mistakes?

This dissertation examines these questions. We start with the Build It

Break It Fix It project, a security focused programming competition. This project

provides data on software security problems by allowing contestants

to write security focused software in any programming language. We discover that

using C leads to memory safety issues that can compromise security.

Next, we consider making C safer. We develop and examine the Checked C

programming language, a strict super-set of C that adds types for spatial safety.

We also introduce an automatic re-writing tool that can convert C code into Checked C

code. We evaluate the approach overall on benchmarks used by prior work on making

C safer.

We then consider static analysis. After an examination of different parameters of

numeric static analyzers, we develop a disjunctive abstract domain that uses a

novel merge heuristic, a notion of volumetric difference, either approximated via

MCMC sampling or precisely computed via conical decomposition. This domain is

implemented in a static analyzer for C programs and evaluated.

After static analysis, we consider fuzzing. We consider what it takes to perform

a good evaluation of a fuzzing technique with our own experiments and a review of

recent fuzzing papers. We develop a checklist for conducting new fuzzing research

and a general strategy for identifying root causes of failure found during fuzzing.

We evaluate new root cause analysis approaches using coverage information as

inputs to statistical clustering algorithms.

Notes

Rights