slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Presented by: José Troche PowerPoint Presentation
Download Presentation
Presented by: José Troche

Loading in 2 Seconds...

play fullscreen
1 / 9

Presented by: José Troche - PowerPoint PPT Presentation


  • 91 Views
  • Uploaded on

Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code Zitser, Lippmann & Leek. Presented by: José Troche. Motivation. Real attacks in server software Malicious code and DoS Why Static Analysis tools? Dynamic approach is expensive & incomplete

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Presented by: José Troche' - elisha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source CodeZitser, Lippmann & Leek

Presented by:

José Troche

motivation
Motivation
  • Real attacks in server software
    • Malicious code and DoS
  • Why Static Analysis tools?
    • Dynamic approach is expensive & incomplete
    • Safe languages make runtime checks
  • Perform an unbiased evaluation
test cases
Test Cases
  • BIND (4)
    • Most popular DNS server
  • WU-FTPD (3)
    • Popular FTP daemon
  • Sendmail (7)
    • Dominant mail transfer agent

Total vulnerabilities: 14

initial experience 145k lines
Initial experience (145K lines)
  • Splint issued parse errors
  • ARCHER quit with a Div/0 error
  • PolySpace run 4 days and quit
new testing approach
New Testing Approach
  • Create lower scale models
  • BAD vs. OK version
  • Retrospective analysis
discussion
Discussion
  • Detection Rate: 3 of 5 < 5%
  • High rate of false alarms (1 in 12 & 46)
  • Results only on marked lines
  • Insensitive to corrections (<40%)
  • None was able to analyze sendmail
conclusion
Conclusion
  • Results are promising:
    • Errors were detected
  • Need of improvement because of:
    • False positives
    • Poor discrimination