Source Code Analysis Laboratory (SCALe) for Energy ... - CERT
Source Code Analysis Laboratory (SCALe) for Energy ... - CERT
Source Code Analysis Laboratory (SCALe) for Energy ... - CERT
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Figure 3: <strong>Source</strong> <strong>Code</strong> <strong>Analysis</strong> Labboratory<br />
The <strong>SCALe</strong> laboratory environmeent<br />
consists of two servers running VMware ESX hypervvisors.<br />
These are supported by a large stoorage<br />
area network (SAN) with redundant storage and baackup<br />
capabilities. The two ESX serverss<br />
support a collection of virtual machines (VMs) that cann<br />
be configured<br />
to support analysis in variious<br />
environments, such as Windows XP and Linux. A VVMware<br />
vCenter Server provides control oover<br />
the virtual environment.<br />
The VMs are connected by a segmmented-off<br />
network and to a file server running Samba and<br />
NFS.<br />
The Windows VMs can be remotely<br />
accessed from within the <strong>CERT</strong> network by using Reemote<br />
Desktop Protocol (RDP) and the LLinux<br />
VMs by using Secure Shell (SSH). The machines are oth-<br />
erwise disconnected from the inteernet.<br />
<strong>Source</strong> code being analyzed is coppied<br />
onto the file server, where it is available to all the annalysis<br />
VMs. Analyzers and other tools aare<br />
installed through a similar process or by using vCenteer.<br />
2.3 Con<strong>for</strong>mance Testing Proocess<br />
Figure 4 illustrates the <strong>SCALe</strong> coon<strong>for</strong>mance<br />
testing process. The client provides the softwware<br />
con-<br />
taining the code <strong>for</strong> analysis. Thiss<br />
software must build properly in its build environment, ssuch<br />
as<br />
Microsoft Windows/Visual Studioo<br />
or Linux/GCC. It may produce compiler warnings but may not<br />
produce fatal errors. If the target operational environment is different than the build envirronment,<br />
the target environment must be fuully<br />
specified, including all implementation-defined behaaviors.<br />
CMU/SEI-2010-TTR-021<br />
| 10