cs527 software security
play

CS527 Software Security Program Testing Mathias Payer Purdue - PowerPoint PPT Presentation

Apr 28, 2023 •11 likes •391 views

CS527 Software Security Program Testing Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Why testing? Testing is the process of executing a program to find errors. An error is a deviation between observed

  1. CS527 Software Security Program Testing Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security

  2. Why testing? Testing is the process of executing a program to find errors. An error is a deviation between observed behavior and specified behavior, i.e., a violation of the underlying specification: Functional requirements (features a, b, c) Operational requirements (performance, usability) Security requirements? Mathias Payer CS527 Software Security

  3. Limitations of testing A successful test finds a deviation. Testing can only show the presence of bugs, never their absence. (Edsger W. Dijkstra) Complete testing of all control-flow/data-flow paths reduces to the halting problem, in practice, testing is hindered due to state explosion. Mathias Payer CS527 Software Security

  4. Forms of testing Manual testing Fuzz testing Symbolic and concolic testing Mathias Payer CS527 Software Security

  5. Manual testing Three levels of testing: Unit testing (individual modules) Integration testing (interaction between modules) System testing (full application testing) Mathias Payer CS527 Software Security

  6. Manual testing strategies Exhaustive: cover all input; not feasible due to massive state space Functional: cover all requirements; depends on specification Random: automate test generation (but incomplete) Structural: cover all code; works for unit testing Mathias Payer CS527 Software Security

  7. Testing example double doFun(double a, double b, double c) { if (a == 23.0 && b == 42.0) { return a * b / c; } return a * b * c; } Mathias Payer CS527 Software Security

  8. Testing example double doFun(double a, double b, double c) { if (a == 23.0 && b == 42.0) { return a * b / c; } return a * b * c; } Fails for a == 23.0 && b == 42.0 && c == 0.0 . Mathias Payer CS527 Software Security

  9. Testing approaches double doFun(double a, double b, double c) Exhaustive: 2ˆ{64}ˆ3 tests Functional: generate test cases for true/false branch, ineffective for errors in specification or coding errors Random: probabilistically draw a , b , c from value pool Structural: aim for full code coverage , generate test cases for all paths Mathias Payer CS527 Software Security

  10. Coverage as completeness metric Intuition: A software flaw is only detected if the flawed statement is executed. Effectiveness of test suite therefore depends on how many statements are executed. Mathias Payer CS527 Software Security

  11. Is statement coverage enough? int func(int elem, int *inp, int len) { int ret = -1; for (int i = 0; i <= len; ++i) { if (inp[i] == elem) { ret = i; break ; } } return ret; } Test input: elem = 2, inp = [1, 2], len = 2 . Full statement coverage. Mathias Payer CS527 Software Security

  12. Is statement coverage enough? int func(int elem, int *inp, int len) { int ret = -1; for (int i = 0; i <= len; ++i) { if (inp[i] == elem) { ret = i; break ; } } return ret; } Test input: elem = 2, inp = [1, 2], len = 2 . Full statement coverage. Loop is never executed to termination, where out of bounds access happens. Statement coverage does not imply full coverage. Today’s standard is branch coverage, which would satisfy the backward edge from i <= len to the end of the loop. Full branch coverage implies full statement coverage. Mathias Payer CS527 Software Security

  13. Is branch coverage enough? int arr[5] = { 0, 1, 2, 3, 4}; int func(int a, int b) { int idx = 4; if (a < 5) idx -= 4; else idx -= 1; if (b < 5) idx -= 1; else idx += 1; return arr[idx]; } Test inputs: a = 5, b = 1 and a = 1, b = 5 . Full branch coverage. Mathias Payer CS527 Software Security

  14. Is branch coverage enough? int arr[5] = { 0, 1, 2, 3, 4}; int func(int a, int b) { int idx = 4; if (a < 5) idx -= 4; else idx -= 1; if (b < 5) idx -= 1; else idx += 1; return arr[idx]; } Test inputs: a = 5, b = 1 and a = 1, b = 5 . Full branch coverage. Not all paths through the function are executed: a = 1, b = 1 results in a bug when both statements are true at the same time. Full path coverage evaluates all possible paths but this can be expensive (path explosion due to each branch) or impossible for loops. Loop coverage (execute each loop 0, 1, n times), combined with branch coverage probabilistically covers state space. Mathias Payer CS527 Software Security

  15. How to measure code coverage? Several (many) tools exist: gcov: https://gcc.gnu.org/onlinedocs/gcc/Gcov.html SanitizerCoverage: https://clang.llvm.org/docs/ SourceBasedCodeCoverage.html Mathias Payer CS527 Software Security

  16. How to achieve full testing coverage? Idea: look at data flow. Track constraints of conditions, generate inputs for all possible constraints. Mathias Payer CS527 Software Security

  17. Sanitizer Test cases detect bugs through Assertions ( assert(var != 0x23 && "var has illegal value"); ) detect violations Segmentation faults Division by zero traps Uncaught exceptions Mitigations triggering termination How can you increase the chances of detecting a bug? Mathias Payer CS527 Software Security

  18. Sanitizer Test cases detect bugs through Assertions ( assert(var != 0x23 && "var has illegal value"); ) detect violations Segmentation faults Division by zero traps Uncaught exceptions Mitigations triggering termination How can you increase the chances of detecting a bug? Sanitizers enforce some policy, detect bugs earlier and increase effectiveness of testing. Mathias Payer CS527 Software Security

  19. AddressSanitizer AddressSanitizer (ASan) detects memory errors. It places red zones around objects and checks those objects on trigger events. The tool can detect the following types of bugs: Out-of-bounds accesses to heap, stack and globals Use-after-free Use-after-return (configurable) Use-after-scope (configurable) Double-free, invalid free Memory leaks (experimental) Typical slowdown introduced by AddressSanitizer is 2x. Mathias Payer CS527 Software Security

  20. LeakSanitizer LeakSanitizer detects run-time memory leaks. It can be combined with AddressSanitizer to get both memory error and leak detection, or used in a stand-alone mode. LSan adds almost no performance overhead until process termination, when the extra leak detection phase runs. Mathias Payer CS527 Software Security

  21. MemorySanitizer MemorySanitizer detects uninitialized reads. Memory allocations are tagged and uninitialized reads are flagged. Typical slowdown of MemorySanitizer is 3x. Note: do not confuse MemorySanitizer and AddressSanitizer. Mathias Payer CS527 Software Security

  22. UndefinedBehaviorSanitizer UndefinedBehaviorSanitizer (UBSan) detects undefined behavior. It instruments code to trap on typical undefined behavior in C/C++ programs. Detectable errors are: Unsigned/misaligned pointers Signed integer overflow Conversion between floating point types leading to overflow Illegal use of NULL pointers Illegal pointer arithmetic . . . Slowdown depends on the amount and frequency of checks. This is the only sanitizer that can be used in production. For production use, a special minimal runtime library is used with minimal attack surface. Mathias Payer CS527 Software Security

  23. ThreadSanitizer ThreadSanitizer detects data races between threads. It instruments writes to global and heap variables and records which thread wrote the value last, allowing detecting of WAW, RAW, WAR data races. Typical slowdown is 5-15x with 5-15x memory overhead. Mathias Payer CS527 Software Security

  24. HexType HexType detects type safety violations. It records the true type of allocated objects and makes all type casts explicit. Typical slowdown is 0.5x. Mathias Payer CS527 Software Security

  25. Sanitizers AddressSanitizer: https://clang.llvm.org/docs/AddressSanitizer.html LeakSanitizer: https://clang.llvm.org/docs/LeakSanitizer.html MemorySanitizer: https://clang.llvm.org/docs/MemorySanitizer.html UndefinedBehaviorSanitizer: https://clang.llvm.org/ docs/UndefinedBehaviorSanitizer.html ThreadSanitizer: https://clang.llvm.org/docs/ThreadSanitizer.html HexType: https://github.com/HexHive/HexType Use sanitizers to test your code. More sanitizers are in development. Mathias Payer CS527 Software Security

  26. Fuzzing Fuzz testing (fuzzing) is an automated software testing technique. The fuzzing engine generates inputs based on some criteria: Random mutation Leveraging input structure Leveraging program structure The inputs are then run on the test program and, if it crashes, a crash report is generated. Mathias Payer CS527 Software Security

  27. Fuzz input generation Fuzzers generate new input based on generations or mutations. Generation-based input generation produces new input seeds in each round, independent from each other. Mutation-based input generation leverages existing inputs and modifies them based on feedback from previous rounds. Mathias Payer CS527 Software Security

  28. Fuzz input structure awareness Programs accept some form of input/output. Generally, the input/output is structured and follows some form of protocol. Dumb fuzzing is unaware of the underlying structure. Smart fuzzing is aware of the protocol and modifies the input accordingly. Example: a checksum at the end of the input. A dumb fuzzer will likely fail the checksum. Mathias Payer CS527 Software Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Introduction Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security About me Instructor: Mathias Payer Research area: system/software security Memory/type safety Mitigating control-flow

460 views • 25 slides
CS527 Software Security Advanced Mitigations Mathias Payer Purdue University, Spring 2018

CS527 Software Security Advanced Mitigations Mathias Payer Purdue University, Spring 2018

CS527 Software Security Advanced Mitigations Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Model for Control-Flow Hijack Attacks Figure 1: Mathias Payer CS527 Software Security Advanced mitigations

504 views • 26 slides
CS527 Software Security Basic Principles Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Basic Principles Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Basic Principles Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software Security Allow inteded use of software, prevent unintended use that may cause harm. Mathias Payer CS527

470 views • 25 slides
CS527 Software Security Reverse Engineering Mathias Payer Purdue University, Spring 2018

CS527 Software Security Reverse Engineering Mathias Payer Purdue University, Spring 2018

CS527 Software Security Reverse Engineering Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Basics: encodings Code is data is code is data Learn to read hex numbers: 0x38 == 0011'1000 Python:

710 views • 49 slides
CS527 Software Security Mobile Security Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Mobile Security Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Mobile Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Android statistics 1.4 billion users (1) Android generates $31 billion revenue (2) 4,000+ different devices (1)

157 views • 11 slides
CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Exploitation: Disclaimer This section focuses software exploitation We will discuss both basic and advanced

860 views • 49 slides
deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 &amp; 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 &amp; 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
Everware - lowering reproducibility barriers Andrey Ustyuzhanin Yandex School of Data Analysis

Everware - lowering reproducibility barriers Andrey Ustyuzhanin Yandex School of Data Analysis

Everware - lowering reproducibility barriers Andrey Ustyuzhanin Yandex School of Data Analysis and Higher School of Economics, Moscow, Russia Scientific Reproducibility Nature: 1,500 scientists lift the lid on reproducibility by Monya Baker

604 views • 13 slides
Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Now How to handle complexity: 3 more strategies + 1 previous How? Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet Manipulate Reduce Manipulate Facet Reduce Map Derive Arrange Change Juxtapose

73 views • 3 slides
LINKED DATA FOR PRODUCTION: A MULTI-INSTITUTION APPROACH TO TECHNICAL SERVICES TRANSFORMATION

LINKED DATA FOR PRODUCTION: A MULTI-INSTITUTION APPROACH TO TECHNICAL SERVICES TRANSFORMATION

LINKED DATA FOR PRODUCTION: A MULTI-INSTITUTION APPROACH TO TECHNICAL SERVICES TRANSFORMATION SWIB2016 Philip E. Schreur Stanford University Libraries November 30, 2016 Linked Data for Production

306 views • 14 slides
Act it! How to design interaction patterns beyond the desktop Elisa Rubegni Universit della

Act it! How to design interaction patterns beyond the desktop Elisa Rubegni Universit della

Act it! How to design interaction patterns beyond the desktop Elisa Rubegni Universit della Svizzera italiana, Lugano, Switzerland elisa.rubegni@usi.ch RESEARCH QUESTIONS The investigation of the socio technical factors that contribute

265 views • 8 slides
Part I Introduction General Information Computer programming is an art form, like the creation

Part I Introduction General Information Computer programming is an art form, like the creation

Part I Introduction General Information Computer programming is an art form, like the creation of poetry or music. 1 Fall 2015 Donald Ervin Knuth Conc Co ncur urren ent t vs vs. Pa Paral allel el: 1/ 1/3 The execution of

507 views • 35 slides
Part-of-Speech Tagging for Historical English Yi Yang and Jacob Eisenstein Georgia Tech

Part-of-Speech Tagging for Historical English Yi Yang and Jacob Eisenstein Georgia Tech

Part-of-Speech Tagging for Historical English Yi Yang and Jacob Eisenstein Georgia Tech Digital humaniEes research How does the portrayal of men and women differ in Shakespeares plays? Whats the language use paMerns in North

1.07k views • 81 slides
Ecocriticism Trends in Scholarship (Cf. environment over its observer (bestiaries) physical

Ecocriticism Trends in Scholarship (Cf. environment over its observer (bestiaries) physical

Ecocriticism Trends in Scholarship (Cf. environment over its observer (bestiaries) physical space Ganim, Landscape and Late Medieval Literature Langeslag, Seasons in the Literatures of the Medieval North , ch. 2) Herder to

345 views • 10 slides
Zara Bagdasarian for the ANKE Collaboration z.bagdasarian@fz-juelich.de Forschungszentrum Jlich

Zara Bagdasarian for the ANKE Collaboration z.bagdasarian@fz-juelich.de Forschungszentrum Jlich

Mitglied der Helmholtz-Gemeinschaft Zara Bagdasarian for the ANKE Collaboration z.bagdasarian@fz-juelich.de Forschungszentrum Jlich Universitt zu Kln Ivane Javakhishvili Tbilisi State University January 26 th 2015 Bormio, Italy 53 rd

519 views • 4 slides

More recommend