Secure Coding Initiative

Similar documents
TSP Secure. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA September 2009

CERT Secure Coding Standards Robert C. Seacord Carnegie Mellon University

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

Inference of Memory Bounds

Synopsys Static Analysis Support for SEI CERT C Coding Standard

Modeling the Implementation of Stated-Based System Architectures

10 Years of FloCon. Prepared for FloCon George Warnagiris - CERT/CC #GeoWarnagiris Carnegie Mellon University

Roles and Responsibilities on DevOps Adoption

Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Static Code Analysis - CERT C Secure Code Checking

Julia Allen Principal Researcher, CERT Division

Software Assurance Education Overview

Situational Awareness Metrics from Flow and Other Data Sources

2013 US State of Cybercrime Survey

Using CERT-RMM in a Software and System Assurance Context

The CERT Top 10 List for Winning the Battle Against Insider Threats

Flow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University

Smart Grid Maturity Model

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Researching New Ways to Build a Cybersecurity Workforce

Defining Computer Security Incident Response Teams

ARINC653 AADL Annex Update

Cyber Hygiene: A Baseline Set of Practices

Prioritizing Alerts from Static Analysis with Classification Models

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Dr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs

Advancing Cyber Intelligence Practices Through the SEI s Consortium

Analyzing 24 Years of CVD

Engineering Improvement in Software Assurance: A Landscape Framework

Components and Considerations in Building an Insider Threat Program

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

Goal-Based Assessment for the Cybersecurity of Critical Infrastructure

Cyber Threat Prioritization

SEI/CMU Efforts on Assured Systems

Fall 2014 SEI Research Review Verifying Evolving Software

Specifications for Managed Strings

Verifying Periodic Programs with Priority Inheritance Locks

The Insider Threat Center: Thwarting the Evil Insider

SAME Standard Package Installation Guide

Open Systems: What s Old Is New Again

Secure Coding In C And C Sei Series In Software Engineering

Automated Provisioning of Cloud and Cloudlet Applications

CERT C Rules implemented in the LDRA tool suite

OSATE Analysis Support

Design Pattern Recovery from Malware Binaries

The Confluence of Physical and Cyber Security Management

Why Can t Johnny Program Securely?

Semantic Importance Sampling for Statistical Model Checking

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Architectural Implications of Cloud Computing

NO WARRANTY. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder.

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs

NISPOM Change 2: Considerations for Building an Effective Insider Threat Program

Denial of Service Attacks

Larry Maccherone Carnegie Mellon CyLab

Challenges and Progress: Automating Static Analysis Alert Handling with Machine Learning

Panel: Future of Cloud Computing

18-642: Code Style for Compilers

The Priority Ceiling Protocol: A Method for Minimizing the Blocking of High-Priority Ada Tasks

Biological Material Transfer Agreement. between (PROVIDER) and. Date: A. Specific Terms of Agreement (Implementing Section)

Information Security Is a Business

Encounter Complexes For Clustering Network Flow

Collaborative Autonomy with Group Autonomy for Mobile Systems (GAMS)

Pharos Static Analysis Framework

COTS Multicore Processors in Avionics Systems: Challenges and Solutions

Coccinelle: Tool support for automated CERT C Secure Coding Standard certification

DOS AND DON'TS OF DEVSECOPS

Passive Detection of Misbehaving Name Servers

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

Current Threat Environment

Developing Java TM 2 Platform, Enterprise Edition (J2EE TM ) Compatible Applications Roles-based Training for Rapid Implementation

EXAM PREPARATION GUIDE

Security Policy Guidelines

Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001

Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps

Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems

CERT Overview. Jeffrey J. Carpenter 2008 Carnegie Mellon University

18-642: Code Style for Compilers

EXP54-CPP. Do not access an object outside of its lifetime

Strip Plots: A Simple Automated Time-Series Visualization

The Fox Project: Advanced Development of Systems Software

Providing Information Superiority to Small Tactical Units

Foundations for Summarizing and Learning Latent Structure in Video

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

CSIRT SERVICES. Service Categories

The Need for Operational and Cyber Resilience in Transportation Systems

Secure Coding in C and C++

EXAM PREPARATION GUIDE

An Architect s Point of View. TSP Symposium Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

Architecture Reconstruction to Support a Product Line Effort: Case Study

Time-Bounded Analysis of Real- Time Systems

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

CODE TIME TECHNOLOGIES. Abassi RTOS MISRA-C:2004. Compliance Report

Investigating APT1. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Deana Shick and Angela Horneman

Model-Driven Verifying Compilation of Synchronous Distributed Applications

EXAM PREPARATION GUIDE

Transcription:

Secure Coding Initiative Robert C. Seacord 2010 Carnegie Mellon University

NO WARRANTY THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder. This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free governmentpurpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013. 2

Presenter Bio Robert Seacord began programming (professionally) for IBM in 1982 and has been programming in C since 1985. Robert leads the Secure Coding Initiative at the CERT, located at Carnegie Mellon s Software Engineering Institute (SEI). He is author of The CERT C Secure Coding Standard (Addison- Wesley, 2009), Secure Coding in C and C++ (Addison-Wesley, 2005), Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison- Wesley, 2003). 3

Secure Coding Initiative Initiative Goals Work with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. Overall Thrusts Advance the state of the practice in secure coding Identify common programming errors that lead to software vulnerabilities Establish standard secure coding practices Educate software developers Current Capabilities Secure coding standards www.securecoding.cert.org Source code analysis and conformance testing Training courses Involved in international standards development. 4

Secure Coding in the SDLC 5

Increasing Vulnerabilities Reacting to vulnerabilities in existing systems is not working 6

CERT Secure Coding Initiative Reduce the number of vulnerabilities to a level where they can be handled by computer security incident response teams (CSIRTs) Decrease remediation costs by eliminating vulnerabilities before software is deployed 7

Fun With Integers char x, y; x = -128; y = -x; Lesson: Process is irrelevant without a strong fundamental knowledge of the language and environment if (x == y) puts("1"); if ((x - y) == 0) puts("2"); if ((x + y) == 2 * x) puts("3"); if (((char)(-x) + x)!= 0) puts("4"); if (x!= -y) puts("5"); 8

Secure Coding Roadmap Breadth of impact Secure Design Patterns University courses CMU Purdue University of Florida Santa Clara University St. John Fisher College SEI Secure Coding Course Influence International Standard Bodies Adoption by Analyzer Tools Licensed to: Computer Associates Siemens SANS Tool Test Suite Application Conformance Testing Adoption by software developers Lockheed Martin Aeronautics General Atomics 2003 Time 2010 9

Products and Services CERT Secure Coding Standards CERT SCALe (Source Code Analysis Laboratory) TSP Secure Training courses Research 10

CERT Secure Coding Standards Establish coding guidelines for commonly used programming languages that can be used to improve the security of software systems under development Based on documented standard language versions as defined by official or de facto standards organizations Secure coding standards are under development for: C programming language (ISO/IEC 9899:1999) C++ programming language (ISO/IEC 14882-2003) Java Platform Standard Edition 6 11

Secure Coding Web Site (Wiki) www.securecoding.cert.org Rules are solicited from the community Published as candidate rules and recommendations on the CERT Wiki. Threaded discussions used for public vetting Candidate coding practices are moved into a secure coding standard when consensus is reached 12

Noncompliant Examples & Compliant Solutions Noncompliant Code Example In this noncompliant code example, the char pointer p is initialized to the address of a string literal. Attempting to modify the string literal results in undefined behavior. char *p = "string literal"; p[0] = 'S'; Compliant Solution As an array initializer, a string literal specifies the initial values of characters in an array as well as the size of the array. This code creates a copy of the string literal in the space allocated to the character array a. The string stored in a can be safely modified. char a[] = "string literal"; a[0] = 'S'; 13

CERT C Secure Coding Standard Rules (89) CERT C Secure Coding Standard Recommendations (132) 0 5 10 15 20 Preprocessor (PRE) Declarations and Initialization (DCL) Expressions (EXP) 0 2 4 6 8 10 12 14 16 2 7 9 Preprocessor (PRE) Declarations and Initialization (DCL) Expressions (EXP) 11 12 15 Integers (INT) 6 Integers (INT) 16 Floating Point (FLP) 5 Floating Point (FLP) 4 Arrays (ARR) 9 Arrays (ARR) 3 Characters and Strings (STR) 8 Characters and Strings (STR) 9 Memory Management (MEM) 6 Memory Management (MEM) 11 Input Output (FIO) 15 Input Output (FIO) 17 Environment (ENV) 4 Environment (ENV) 5 Signals (SIG) 5 Signals (SIG) 3 Error Handling (ERR) 3 Error Handling (ERR) 7 Miscellaneous (MSC) 2 Miscellaneous (MSC) 16 POSIX (POS) 8 POSIX (POS) 3 14

CERT Mitigation Information Vulnerability Note VU#649732 This vulnerability occurred as a result of failing to comply with rule FIO30-C of the CERT C Programming Language Secure Coding Standard. US CERT Technical Alerts CERT Secure Coding Standard Examples of vulnerabilities resulting from the violation of this recommendation can be found on the CERT website. 15

Secure Coding Standard Applications Establish secure coding practices within an organization may be extended with organization-specific rules cannot replace or remove existing rules Train software professionals Certify programmers in secure coding Establish requirements for software analysis tools Certify software systems 16

Industry Adoption Software developers that require code to conform to The CERT C Secure Coding Standard: Software tools that (partially) enforce The CERT C Secure Coding Standard: 17

Industry Adoption LDRA ships new TBsecure complete with CERT C Secure Coding programming checker Screenshot from the LDRA tool suite shows the selection of the CERT C secure coding standard from the C standards models 18

Products and Services CERT Secure Coding Standards CERT SCALe (Source Code Analysis Laboratory) TSP Secure Training courses Research 19

Enforcing Coding Standards Increasingly, application source code reviews are dictated. The Payment Card Industry (PCI) Data Security Standard requires that companies with stored credit card or other consumer financial data install application firewalls around all Internet-facing applications or have all the applications' code reviewed for security flaws. This requirement could be met by a manual review of application source code or the proper use of automated application source code analyzer tools. 20

CERT SCALe (Source Code Analysis Lab) Satisfy demand for source code assessments for both government and industry organizations. Assess source code against one or more secure coding standards. Provided a detailed report of findings. Assist customers in developing conforming systems. 21

Conformance Testing Client contacts SCALe SCALe communicates requirement Client provides buildable software The use of secure coding standards defines a proscriptive set of rules and recommendations to which the source code can be evaluated for compliance. SCALe selects tool set SCALe analyzes source code and generates initial report Client repairs software SCALe issues conformance tests results and certificate INT30-C. INT31-C. INT32-C. INT33-C. Provably nonconforming Documented deviation Conforming Provably Conforming 22

Products and Services CERT Secure Coding Standards CERT SCALe (Source Code Analysis Laboratory) TSP Secure Training courses Research 23

Secure TSP 221 Guidelines static analysis tools, unit tests, and fuzz testing Security Manager Deploy Source Code 24

Products and Services CERT Secure Coding Standards CERT SCALe (Source Code Analysis Laboratory) TSP Secure Training Courses Research 25

Secure Coding in C/C++ Course Four day course provides practical guidance on secure programming provides a detailed explanation of common programming errors describes how errors can lead to vulnerable code evaluates available mitigation strategies http://www.sei.cmu.edu/products/courses/p63.html Useful to anyone involved in developing secure C and C++ programs regardless of the application Direct offerings in Pittsburgh, Arlington, and other cities Partnered with industry Licensed to Computer Associates to train 9000+ internal software developers Licensed to SANS to provide public training 26

CMU CS 15-392 Secure Programming Offered as an undergraduate elective in the School of Computer Science in S07, S08 and S09 More of a vocational course than an enduring knowledge course. Students are interested in taking a class that goes beyond policy Secure Software Engineering graduate course offered at INI in F08, F09 Working with NSF to sponsor a workshop in Mauritius to help universities throughout the world teach secure coding 27

Products and Services CERT Secure Coding Standards CERT SCALe (Source Code Analysis Laboratory) TSP Secure Training Courses Research 28

As-if Infinitely Ranged (AIR) Integers AIR integers is a model for automating the elimination of integer overflow and truncation in C and C++ code. integer operations either succeed or trap uses the runtime-constraint handling mechanisms defined by ISO/IEC TR 24731-1 generates constraint violations for signed overflow for addition, subtraction, multiplication, negation, and left shifts unsigned wrapping for addition, subtraction, and multiplication truncation resulting from coercion (not included in benchmarks) SPECINT2006 macro-benchmarks Optimization Level Control Ratio Analyzable Ratio % Slowdown -O0 4.92 4.60 6.96 -O1 7.21 6.77 6.50 -O2 7.38 6.99 5.58 29

CERT C and C++ Develop a holistic solution to the problem that includes An analyzability annex for the C1X standard As-if infinitely ranged ( AIR ) integers Safe Secure C/C++ methods (SSCC) C and C++ Secure Coding Guidelines This solution eliminates the vulnerabilities: Writing outside the bounds of an object (e.g., buffer overflow) Reading outside the bounds of an object Arbitrary reads/writes (e.g., wild-pointer stores) Integer overflow and truncation Prototype using Compass/ROSE and GCC 30

ROSE Source file diagnostics Prototype Design Compiler Compiler Frontend Run-time pointer-checking library Internal representation (IR) Pre-linker Linker Safe/Secure Executable Advice file Modified Compiler Backend Object code 31

For More Information Visit CERT web sites: http://www.cert.org/secure-coding/ https://www.securecoding.cert.org/ Contact Presenter Robert C. Seacord rcs@cert.org (412) 268-7608 Contact CERT: Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh PA 15213-3890 USA 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback