Using Software Maps for Security Inspections

About This Presentation

Title:

Using Software Maps for Security Inspections

Description:

Text string, size, color. Box shape, edge style, edge thickness, edge color, fill color ... Font size: small 10 LOC, medium 10 to 50 LOC, large = 50 LOC ... – PowerPoint PPT presentation

Number of Views:375

Avg rating:3.0/5.0

Slides: 2

Provided by: jon793

Category:

more less

Transcript and Presenter's Notes

Title: Using Software Maps for Security Inspections

1
Using Software Maps for Security
Inspections Thomas D. LaToza James D. Herbsleb
Goals
Approach

Inspecting code for security exploits
Reusing open source code
Does it have existing security exploits?
Will reusing it in a different environment
introduce new exploits?
What assumptions does it make about its
environment?
Fixing security bugs
Repairing design decisions
Should I make a new class with different
permissions and assumptions about its use?
Does adding a guard for this input duplicate
checks elsewhere and reduce performance?

Make it easy to understand dependencies
Trace environmental dependencies through system
Start at user input, network input, or other
external input functions
Check dependent methods for correct input
assumptions
Start at methods making privileged calls such as
writing to filesystem
Ensure callers make appropriate checks
Make it easy to change design decisions
Refactor to simplify architecture for new
assumptions
Move, combine, and split methods introduce
classes

Anatomy of a security fix 3 classes modified in
fix of Drag and drop gestures can be hijacked to
load priviliged xul for Firefox 1.02
nsDragService
nsBaseDragService
nsNativeDragTarget
nsDragService
nsBaseDragService
nsDragServie
nsBaseDragServie
GetData
nsNativeDragTarget
GetDataObjCollection
IsCollectionObject
GetFrameFromNode
No dependency changes
GetSourceDocument
nsNativeDragTarget
GetNumDropItems
mSourceDocument
GetNumDropItems
DispatchDragDropEvent
AddRef
GetCurrentSession
StartDragSession
mWindow
GetData
mDoingDrag
m_cRef
mDataObject
mHWnd
EndtDragSession
Release
SetIDataObject
mTransArray
InvokeDragSession
GetGeckoDragAction
mCanMove
mSourceNode
mNativeDragTarget
Methods grouped around variable dependency
mNativeDragSrc
DragEnter
SetTargetSize
GetSourceNode
EndDragSession
Drop
mTargetSize
DragOver
StartInvokingDragSession
IsDataFlavorSupported
GetTargetSize
Legend Members -Font size small lt 10 LOC, medium
10 to 50 LOC, large gt 50 LOC -Fill solid
modified since checkin, diamond added since
checkin, none not modified color task
membership -Edge line solid public method,
dashed protected or private method, none
variable -Edge shape rectangular static,
curved instance Edges calls, called by, writes
var, reads var
mDragService
DragLeave
QueryInterface
GetDragAction
IsDataFlavorSupported
mDragAction
SetCanDrop
mCanDrop
SetDragAction
InvokeDragSession
IsKeyDown
ProcessDrag
GetCanDrop

Removed function call
Added function call
Circle sized by 403 LOC in class
No member variable references
Read variable
Read and written multiple times
Technology

Separate design view from algorithm view
Separate code editor view for function bodies
Clicking on method navigates code editor
Design view for making programming in the large
design decisions
Put related members together
Position encodes relatedness to make clusters of
functionality apparent
Minimize distance of
Methods with call relationships (inside and
outside class)
Methods with data dependencies on variables
Variables from center of class
Methods and variables must stay inside owning
class
Control flow dependency, data dependency,
membership gt functional relationships
Make interprocedural inspection easier