Source Code Analysis Laboratory (SCALe) for Energy ... - CERT

More documents

Recommendations

Info

slash, or backslash. If it is, then the loop applies canonicalization algorithms. The bug occurs while calling a bounded function call: _tcscpy_s(previousLastSlash, pBufferEnd - previousLastSlash, ptr + 2); This is a violation of the CERT ® C Secure Coding rule “ARR30-C. Do not form or use pointers or array subscripts that are out of bounds” and can be detected by the static analysis tools and techniques being implemented by CERT, part of Carnegie Mellon University’s Software Engineering Institute, and deployed in SCALe. CERT takes a comprehensive approach to identifying and eliminating software vulnerabilities and other flaws. CERT produces books and courses that foster a security mindset in developers, and it develops secure coding standards and automated analysis tools to help them code securely. Secure coding standards provide a detailed enumeration of coding errors that have caused vulnerabilities, along with their mitigations for the most commonly used software development languages. CERT also works with vendors and researchers to develop analyzers that can detect violations of the secure coding standards. Improving software security by implementing code that conforms to the CERT secure coding standards can be a significant investment for a software developer, particularly when refactoring or otherwise modernizing existing software systems [Seacord 2003]. However, a software developer does not always benefit from this investment because it is not easy to market code quality. 1.2 SCALe To address these problems, CERT has created the Source Code Analysis Laboratory (SCALe), which offers conformance testing of software systems to CERT secure coding standards. SCALe evaluates client source code using multiple analyzers, including static analysis tools, dynamic analysis tools, and fuzz testing. CERT reports any deviations from secure coding standards to the client. The client may then repair and resubmit the software for reevaluation. Once the reevaluation process is completed, CERT provides the client a report detailing the software’s conformance or nonconformance to each secure coding rule. The SCALe process consists of the sequence of steps shown in Figure 1. ® CERT is a registered mark owned by Carnegie Mellon University. CMU/SEI-2010-TR-021 | 2
1. Client contacts CERT. The proocess is initiated when a client contacts CERT with a requestt to evaluate a software system. 2. CERT communicates requiremments. CERT communicates requirements to the client, inccluding (1) selection of secure coding staandard(s) to be used, (2) a buildable version of the softwarre to be evaluated, and (3) a build engineeer. 3. Client provides buildable softtware. Client selects standard(s), provides a buildable verssion of the software to be evaluated, annd identifies the build engineer, who is available to respond to build questions for the system. 4. CERT selects tool set. CERT chhooses and documents the tool set to be used and proceduures for using that tool set in evaluation of the system. 5. CERT analyzes source code and generates conformance test report. CERT evaluates the system against specified standaard(s) and provides the conformance test results to the clieent. If the system is found to be confoorming, CERT issues a certificate and terminates the conformance testing process. 6. Client repairs software. Cliennt has the opportunity to repair nonconforming code. Cliennt sends system back to CERT for ffinal evaluation. 7. CERT issues conformance tessts results and certificate. CERT reevaluates the system usiing the tools and procedures used in thhe initial assessment. CERT provides the conformance test rresults to the client and, if the system iis found to be conforming, a certificate. Figure 1: SCALe Process Overvieww SCALe does not test for unknownn code-related vulnerabilities, high-level design and archhitectural flaws, the code’s operational enviironment, or the code’s portability. Conformance testing is performed for a particular set of softwware, translated by a particular implementation, and execcuting in a particular execution environmennt [ISO/IEC 2005]. Successful conformance testing oof a software system indicates that the SCALe analysis diid not detect violations of rules defined by a CERT secure coding standard. Successful conformaance testing does not provide any guarantees that these rules are not violated nor that the software is entirely and permanently secure. Conforming software systems can be insecure, for examp mple, if they implement an insecure desiggn or architecture. Software that conforms to a securre coding standard is likely to be more secure than nonconforming or untested software systems. However, no study has yet been performed to pprove or disprove this claim. 1.3 Conformance Assessmennt SCALe applies conformance asseessment in accordance with ISO/IEC 17000: “a demonstrration that specified requirements relatinng to a product, process, system, person, or body are fulffilled” CMU/SEI-2010-TR-021 | 3
Page 1 and 2: Source Code Analysis Laboratory (SC
Page 3 and 4: Table of Contents Acknowledgments v
Page 5 and 6: List of Figures Figure 1: SCALe Pro
Page 7 and 8: List of Tables Table 1: True Positi
Page 9 and 10: Acknowledgments We would like to ac
Page 11 and 12: Abstract The Source Code Analysis L
Page 13: 1 Introduction A key mission of the
Page 17 and 18: • The CERT C++ Secure Coding Stan
Page 19 and 20: • A floating-point value with all
Page 21 and 22: 2 Conformance Testing This section
Page 23 and 24: Figure 4: SCALe Conformance Tesstin
Page 25 and 26: • De-duplication of crashing test
Page 27 and 28: Handbook of Applied Acceptance Samp
Page 29 and 30: 2.6 Tracking Diagnostics Across Cod
Page 31 and 32: _Pragma(push: tool_a_maybe_foo, dis
Page 33 and 34: processes. A system of review will
Page 35 and 36: diagnostic codes mapped to a repres
Page 37 and 38: ID Rule Group AA AC 1 AC 2 AC 3 AC
Page 39 and 40: lack of confidence with C++. Howeve
Page 41 and 42: 3.1.1 Impartiality CERT resides wit
Page 43 and 44: 4. CERT will evaluate any deviation
Page 45 and 46: Table 6: Flagged Nonconformities, E
Page 47 and 48: Table 8: Flagged Nonconformities, E
Page 49 and 50: 4 Related Efforts This section desc
Page 51 and 52: 5 Future Work and Summary 5.1 Futur
Page 53 and 54: Bibliography URLs are valid as of t
Page 55 and 56: [MISRA 2004] Motor Industry Softwar
Page 57: REPORT DOCUMENTATION PAGE Form Appr

Source Code Analysis Laboratory (SCALe) for Energy ... - CERT

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?