static analysis for safety and security critical software · the deepest static analysis for safety...
TRANSCRIPT
Static Analysis for Safety and Security Critical Software
Cyber Security Chicago
Mark Hermeling | [email protected] | @markhermeling | @ grammatech
3 © GrammaTech, Inc. All rights reserved.
GrammaTech Vision
GrammaTech helps measure, identify,
understand and resolve software vulnerabilities,
reducing risk and saving time and cost
4 © GrammaTech, Inc. All rights reserved.
5 © GrammaTech, Inc. All rights reserved.
Static Analysis Is Like Magic
Analyzes all execution paths
Finds bugs
Prioritizes bugs
Extensive explanations of bugs
6 © GrammaTech, Inc. All rights reserved.
Not All Static Analysis Is Equal
Coding guidelines and standards
Deep, semantic bugs
Boundary is not always sharp
7 © GrammaTech, Inc. All rights reserved.
Example: strcpy
8 © GrammaTech, Inc. All rights reserved.
Prioritizes Bugs
9 © GrammaTech, Inc. All rights reserved.
Example: Copy-Paste
10 © GrammaTech, Inc. All rights reserved.
Example: Taint
11 © GrammaTech, Inc. All rights reserved.
Static Analysis Is Like Magic
Analyzes all execution paths
Finds bugs
Prioritizes bugs
Extensive explanations of bug
12 © GrammaTech, Inc. All rights reserved.
Classifying Static Analysis Tools
What type of problems does a tool look for
Evaluate recall
Evaluate usability
13 © GrammaTech, Inc. All rights reserved.
The Flip Side Of The Coin
There is an inverse relation
between recall and precision.
Safety and Security requires
the highest recall, finding the
most amount of defects in your
code.
Recall
Precision
Performance
Perf
orm
an
ce
Slow
Fast
14 © GrammaTech, Inc. All rights reserved.
Static Analysis In Your Process
During developer builds
static analysis provides
quick feedback, much like a
compiler error.
15 © GrammaTech, Inc. All rights reserved.
Static Analysis In Your Process
A commit is only accepted if
it passes static and
dynamic tests. Static
analysis results feed into
the code review.
16 © GrammaTech, Inc. All rights reserved.
Static Analysis In Your Process
Deep static analysis is part
of the regression testing
cycle. This includes taint
checking as well as
concurrency checks.
17 © GrammaTech, Inc. All rights reserved.
Static Analysis In Your Process
An independent security
team reviews outstanding
risks as a white or black
box
18 © GrammaTech, Inc. All rights reserved.
Static Analysis In Your Process
Independent security
review
During coding
At commit
During test
[Certification ]
19 © GrammaTech, Inc. All rights reserved.
Take Away
You need to do static analysis
You need to do the right static analysis
At the right place in your process
20 © GrammaTech, Inc. All rights reserved.
Introducing CodeSonar
The deepest static analysis for safety and security critical software– Finds more defects
– Mathematical foundation, support for binary analysis
Developer-friendly interface– Clear explanations with path information
– Whole program navigation and visualization
Highly customizable– Workflows, checkers, search, compare
21 © GrammaTech, Inc. All rights reserved.
Booth 330
@markhermeling | @grammatech