|Christèle Faure (Safe River)|
Date de l'exposé : 30 septembre 2011
Software security assessment based on static analysis
Software security evaluation has been largely automated: several hundred of tools are meant to facilitate the elimination of security holes, vulnerabilities or flaws for a large panel of programming languages (C, C++, Java, Ada, Perl, Python, PHP ...). Amongst these tools, one can find: commercial or research tools, focused on various aspects of security, and based on several technologies. This makes the choice of tools with respect to security objectives really difficult for any user.
The main security issues which are addressed by existing tools are the threefold:
- Identification of “dangerous function calls”, by syntactic analysis;
- Detection of dangerous patterns and detection of patterns that do not conform to design and coding rules, based on pattern analysis;
- Proof that an application is “error-free” and “weaknesses-free” by semantic analysis (abstract interpretation), with respect to secure execution and secure behavior.
Existing tools implement different analysis methods: syntactic analysis, pattern analysis, abstract interpretation, each of them enables to detect different errors classes or enables to verify different security rules. They also are different in terms of selectivity, soundness and precision. Static analysis tools do not take into account exploitation and scenarios that can take benefit of implementation errors and weaknesses. The question of weaknesses exploitation is usually addressed by dynamic analysis. SafeRiver is developing the CadRiver tool based on static analysis by abstract interpretation, in order to help in Security Audit of C-written applications. It aims at analyzing and assess exploitability of code weaknesses -found by the tool itself or other static tools.