Ferramentas de segurança de software

uma entrada em estilo logbook sobre ferramentas para segurança de software:

1- Static Analysis For safe Execution of Code

SAFECode project aims at providing memory safety guarantees to programs written in unsafe languages like C and C++.

As a part of this project, we developed a relatively simple compilation strategy that for standard C programs guarantees sound semantics for an aggressive interprocedural pointer analysis (or simpler ones), a call graph, and type information for a subset of memory. These provide the foundation for sophisticated static analyses to be applied to such programs with a guarantee of soundness. Our work builds on a previously published transformation called Automatic Pool Allocation to ensure that hard-to-detect memory errors (dangling pointer references and certain array bounds errors) cannot invalidate the call graph, points-to information or type information. A technical report on this work is available from here

Second, we developed a backwards-compatible run-time array bounds checking solution that has very low overhead. More information on this work is available from here

Finally, we also developed a novel technique that can detect dangling pointer errors (accesses to freed memory) with low over head in some applications. More information on this work is available here

2- Improving Program Robustness via Static and Dynamic Analysis

Our research project aims to help programmers in writing more reliable programs, detecting errors in their programs and diagnosing errors. Our project includes fundamental research to improve our ability to analyze programs, such as pointer alias analysis, and applying static and dynamic techniques to address specific kinds of errors such as buffer overruns and memory leaks. Our emphasis is to develop techniques that can handle large real-life programs without imposing an onerous burden on the users. Here are a list of publications and an overview of the research results:

* Integrated Static and Dynamic Analyses for User-Defined Error and Security Flaw Detectors
* Static Tools
o An unsound path-sensitive pointer alias analysis for C.
o Clouseau: Detecting memory leaks in C++ programs automatically by static analysis.
o Metacompilation: Detecting critical errors in system software by static analysis
+ Using redundancy to find errors.
+ RacerX: static detection of race conditions and deadlocks
* Dynamic Tools
o DIDUCE: Tracking down software errors using dynamic anomaly detection.
o CRED: A Practical Dynamic Overflow Detector.
* Static and Dynamic Analysis:
o Automatic extraction of object-oriented component interfaces using static and dynamic techniques.
* Architecture
o Speculative threads: Architectural support to improve software reliability.

3- CCured

CCured is a source-to-source translator for C. It analyzes the C program to determine the smallest number of run-time checks that must be inserted in the program to prevent all memory safety violations. The resulting program is memory safe, meaning that it will stop rather than overrun a buffer or scribble over memory that it shouldn't touch. Many programs can be made memory-safe this way while losing only 10–60% run-time performance (the performance cost is smaller for cleaner programs, and can be improved further by holding CCured's hand on the parts of the program that it does not understand by itself). Using CCured we have found bugs that Purify misses with an order of magnitude smaller run-time cost.