deepstate bringing vulnerability detection tools into the
play

DeepState : Bringing vulnerability detection tools into the - PowerPoint PPT Presentation

Oct 03, 2023 •42 likes •772 views

DeepState : Bringing vulnerability detection tools into the development lifecycle Peter Goodman (Trail of Bits) Gustavo Grieco (Trail of Bits) Alex Groce (Northern Arizona University) 1 Introductions Peter Goodman Gustavo Grieco Alex

  1. DeepState : Bringing vulnerability detection tools into the development lifecycle Peter Goodman (Trail of Bits) Gustavo Grieco (Trail of Bits) Alex Groce (Northern Arizona University) 1

  2. Introductions Peter Goodman Gustavo Grieco Alex Groce Senior Security Engineer Security Engineer Associate Professor peter@trailofbits.com gustavo.grieco@trailofbits.com alex.groce@nau.edu Trail of Bits Trail of Bits Northern Arizona University 2 Trail of Bits | IEEE SecDev 2018 | 30.09.2018 2

  3. Today’s workshop is interactive (1) Before beginning, please do one of the following in a terminal on your computers: Clone the ieee_secdev_2018 branch: git clone https://github.com/trailofbits/deepstate -b ieee_secdev_2018 OR Download and extract: https://github.com/trailofbits/deepstate/archive/ieee_secdev_2018.zip 3 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  4. Today’s workshop is interactive (2) Go into the cloned/unzipped deepstate directory, and execute the following: $ vagrant up $ vagrant ssh If successful, this is what you should see: vagrant@ubuntu-xenial $ 4 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  5. How do developers test code? Static Analysis ● Many tools available, most are commercial (e.g. Coverity) ● False positives continue to be a vexing problem ● 57% have never used one (JetBrains Survey) ● Unit Tests! ● Tooling is free ● Test for functionality and security ● Nearly everyone is familiar with the concepts ● Only 29% do not use unit tests (JetBrains Survey) ● 5 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  6. Unit testing is great! Unit tests are a software assurance methodology ● Typically test individual functions, classes, or groups of related ● functionality As code changes (e.g. improving an algorithm), unit tests help to ● ensure that expected functionality or results remain the same 6 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  7. Let’s write a unit test (1) Enter the exercises directory and open FirstTest.cpp vagrant@ubuntu-xenial $ cd exercises vagrant@ubuntu-xenial $ nano FirstTest.cpp 7 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  8. Let’s write a unit test (2) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 // Try some for yourself! } 8 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  9. Let’s write a unit test (3) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { Function that we want ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 to test // Try some for yourself! } 9 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  10. Let’s write a unit test (4) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 Test case ASSERT_NE(Pow2(2), 3); // 2^2 != 3 // Try some for yourself! } 10 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  11. Let’s write a unit test (5) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { Test case name and ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 test name // Try some for yourself! } 11 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  12. Let’s write a unit test (6) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { Assertions verifying ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 output is as expected // Try some for yourself! } 12 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  13. Let’s write a unit test (7) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 Homework!!! ASSERT_NE(Pow2(2), 3); // 2^2 != 3 // Try some for yourself! } 13 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  14. Executing your first test (1) Please save and close FirstTest.cpp, and execute the following command: vagrant@ubuntu-xenial $ make exercise_1 Now, execute the following: vagrant@ubuntu-xenial $ ./FirstTest 14 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  15. Executing your first test (2) Here is what you should see: vagrant@ubuntu-xenial $ ./FirstTest INFO: Running: Math_PowersOfTwo from FirstTest.cpp(7) INFO: Passed: Math_PowersOfTwo Our tests passed! This function must be correct, right? 15 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  16. Back to our test (1) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 What does // Try some for yourself! this do? ASSERT_EQ(Pow2(65535), 4294836225); } 16 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  17. Back to our test (2) Here is what you will see inside of FirstTest.cpp Let’s diagnose it! #include <deepstate/DeepState.hpp> We asked if this was true: uint16_t Pow2(uint16_t x) { return x * x; 65535 * 65535 = 4294836225 } TEST(Math, PowersOfTwo) { We can express this in hexadecimal as: ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 0xFFFF * 0xFFFF = 0xFFFE_0001 // Try some for yourself! ASSERT_EQ(Pow2(65535), 4294836225); And only the 0x0001 fits into a uint16_t } 17 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  18. Back to our test (3) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint16_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 // Try some for yourself! “correct” ASSERT_EQ(Pow2(65535), 1); } 18 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  19. Back to our test (4) Here is what you will see inside of FirstTest.cpp #include <deepstate/DeepState.hpp> uint32_t Pow2(uint16_t x) { return x * x; } TEST(Math, PowersOfTwo) { ASSERT_EQ(Pow2(0), 0); // 0^2 == 0 ASSERT_NE(Pow2(2), 3); // 2^2 != 3 // Try some for yourself! Fixed! ASSERT_EQ(Pow2(65535), 4294836225); } 19 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  20. Unit testing is great… right? Unit tests help you to... ● Find bugs in your code ● Experimentally verify your code on some set of inputs ● Verify that the behavior of some code on some set of inputs stays ● consistent over time and across changes But, unit tests are not a panacea ● It is up to YOU, the tester, to understand and test the boundary ● conditions, and test for them This is harder for more complex code ● 20 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  21. Can’t we just automate it? Ideally, we’d like something to figure out the best set of ● inputs for a given test so we don’t have to (think so hard) Spoiler alert! DeepState is that system ● This is a “solved” problem ● Symbolic execution (e.g. KLEE, Manticore, Angr, S2E, etc.) ● Fuzzers (e.g. libFuzzer, AFL, Dr. Fuzz, Radamsa, zzuf, Peach, etc.) ● Developers don’t use existing solutions because they ● don’t fit nicely into their existing workflow! 21 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  22. Developers don’t use security testing tools Zero* developers use symbolic executors ● Hard to learn and use ● Difficult to integrate into a build/test cycle ● Confusing and easily crash/run forever/eat up memory ● Nearly zero* developers use fuzzers ● Requires custom harnesses and build system changes ● Security tools are built for bug hunters ● Work great for auditors, CTF contests, reverse engineers ● Confusing and alien for software developers ● 22 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  23. Developers do use unit testing DeepState integrates symbolic testing and fuzz testing ● into a Google Test-like unit testing framework Fits into existing developer workflow ● Easily integrates with existing code base and build system ● Easy to learn and use, especially if you are familiar with Google Test ● Improves software quality ● Also tests for correctness, not just security ● No false positives! ● 23 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  24. Integrating DeepState is easy ● Header ● Library ● Test cases ● Executor 24 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

  25. Writing unit tests with DeepState TEST, TEST_F ● TEST(UnitName, CaseName) creates a new test ● TEST_F is like TEST but with a class that performs setup and teardown ● ASSERT, CHECK ● ASSERT logs and error and stops execution if a condition fails ● CHECK is like ASSERT but logs an error and continues execution ● Examples: ● ASSERT(poly != y * z); ASSERT_NE(poly, y * z); ● 25 Trail of Bits | IEEE SecDev 2018 | 30.09.2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

MASTER SEMINAR WS16/17 PROF. DR. ALEXANDER PRETSCHNER SAAHIL OGNAWALA FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr. Alexander Pretschner Head of Chair XXII Software Engineering @TUM since

489 views • 21 slides
Benchmarking Vulnerability Detection Tools for Web Services Nuno Antunes, Marco Vieira { nmsa ,

Benchmarking Vulnerability Detection Tools for Web Services Nuno Antunes, Marco Vieira { nmsa ,

Benchmarking Vulnerability Detection Tools for Web Services Nuno Antunes, Marco Vieira { nmsa , mvieira}@dei.uc.pt ICWS 2010 CISUC Department of Informatics Engineering University of Coimbra, Portugal Outline The problem Benchmarking

447 views • 25 slides
Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides
Static analysis for exploitable vulnerability detection Marie-Laure Potet VERIMAG University of

Static analysis for exploitable vulnerability detection Marie-Laure Potet VERIMAG University of

Static analysis for exploitable vulnerability detection Marie-Laure Potet VERIMAG University of Grenoble September 2014 Static analysis for exploitable vulnerability detection 1/43 Outline 1 Context Vulnerability detection process Static

546 views • 43 slides
Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection

Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection

Community Vulnerability Tools Presented to C/CAG Resource Management and Climate Protection Committee May 20, 2020 Outline Why use Community Vulnerability Tools? Major tools Benefits and examples of how to use them Discussion

362 views • 24 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Ants on the Grid: BiologyInspired Monitoring for Incident and Vulnerability Detection

Ants on the Grid: BiologyInspired Monitoring for Incident and Vulnerability Detection

A RIZONA S TATE U NIVERSITY CREDC Industrial Workshop 2017 Ants on the Grid: BiologyInspired Monitoring for Incident and Vulnerability Detection Josephine Lamp , Carlos E. Rubio-Medrano, Ziming Zhao and Gail-Joon Ahn 6/27/2017 1 A RIZONA S

305 views • 9 slides
Bringing GENI to the Classroom: Three Sample Assignments NSF Workshop on Designing Tools and

Bringing GENI to the Classroom: Three Sample Assignments NSF Workshop on Designing Tools and

Bringing GENI to the Classroom: Three Sample Assignments NSF Workshop on Designing Tools and Curricula for Undergraduate Courses in Distributed Systems Boston, Massachusetts Mark Berman, Niky Riga July 8, 2012 www.geni.net Sponsored by the

450 views • 17 slides
Bringing State-of-the-Art GPU-Accelerated Molecular Modeling Tools to the Research Community John

Bringing State-of-the-Art GPU-Accelerated Molecular Modeling Tools to the Research Community John

Bringing State-of-the-Art GPU-Accelerated Molecular Modeling Tools to the Research Community John E. Stone Theoretical and Computational Biophysics Group Beckman Institute for Advanced Science and Technology University of Illinois at

951 views • 46 slides
Representativeness in the Benchmark for Vulnerability Analysis Tools ( B-VAT ) Kayla Afanador

Representativeness in the Benchmark for Vulnerability Analysis Tools ( B-VAT ) Kayla Afanador

Representativeness in the Benchmark for Vulnerability Analysis Tools ( B-VAT ) Kayla Afanador (Keen) Cynthia Irvine Preliminary Work Paper Naval Postgraduate School Naval Postgraduate School Length: Short Start Visualizations (CVE)

561 views • 12 slides
Bringing Data and Tools Into Classrooms Through Online Large-Scale Teacher Education Hollylynne

Bringing Data and Tools Into Classrooms Through Online Large-Scale Teacher Education Hollylynne

Bringing Data and Tools Into Classrooms Through Online Large-Scale Teacher Education Hollylynne Lee, Rick Hudson, Gemma Mojica, Christina Azmy, Kemal Akoglu Not with us today: Jennifer Lovett &amp; Stephanie Casey Work in this session

619 views • 14 slides
Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Advancing Equity Analysis in Scenario Planning Social Vulnerability and Neighborhood Effects

Advancing Equity Analysis in Scenario Planning Social Vulnerability and Neighborhood Effects

Advancing Equity Analysis in Scenario Planning Social Vulnerability and Neighborhood Effects Analysis Tools Robert Goodspeed, AICP, University of Michigan Chicago Open Heat Vulnerability Mapper Bev Wilson and Arnab Chakraborty, University of

830 views • 78 slides
Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and migration systems Purpose Intended to guide &amp; inform frontline workers &amp; decision makers on the relevance of vulnerability factors to

507 views • 19 slides
Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University

Scalable Verification of Design with Multiple Properties Rohit Dureja Iowa State University October 23, 2019 Model Checking 2 Model Checking Usually multiple properties to be verified 3 Model Checking Report 4 Model Checking Report

446 views • 9 slides
An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang Karsten Schwan

An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang Karsten Schwan

An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang Karsten Schwan Moinuddin K. Qureshi Virtual Memory: A Long History Physical Hardware DRAM Disk 2 Virtual Memory: A Long History Virtual Memory (per process)

1.23k views • 88 slides
Solar to Low-Income Customers May 18, 2017 Housekeeping Use the red arrow to open and close

Solar to Low-Income Customers May 18, 2017 Housekeeping Use the red arrow to open and close

Bringing the Benefits of Solar to Low-Income Customers May 18, 2017 Housekeeping Use the red arrow to open and close your control panel Join audio: Choose Mic &amp; Speakers to use VoIP Choose Telephone and dial using the

601 views • 45 slides
MA111: Contemporary mathematics Alex and Blair split a 2-bedroom apart- Master Other Alex $350

MA111: Contemporary mathematics Alex and Blair split a 2-bedroom apart- Master Other Alex $350

MA111: Contemporary mathematics Alex and Blair split a 2-bedroom apart- Master Other Alex $350 $325 ment for $550 per month so that each Blair $315 $300 Total $550 total was paying $50 less than they expected, Who gets it? Alex Blair

430 views • 6 slides
The CFRE Application Process: Step by Step Everything you want to know Who is CFRE?

The CFRE Application Process: Step by Step Everything you want to know Who is CFRE?

The CFRE Application Process: Step by Step Everything you want to know Who is CFRE? Certification process What is certification? CFRE examination What distinguishes How do I study? CFRE? Online resources

707 views • 39 slides
Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity

Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity

Learning From Data Lecture 26 Kernel Machines Popular Kernels The Kernel Measures Similarity Kernels in Different Applications M. Magdon-Ismail CSCI 4100/6100 recap: The Kernel Allows Us to Bypass Z -space Solve the QP 1

356 views • 12 slides
DELEGATION OF POWER TO AUTHORISED DEALERS AUTHORISED DEALERS HAVE BEEN GRANTED POWERS BY THE

DELEGATION OF POWER TO AUTHORISED DEALERS AUTHORISED DEALERS HAVE BEEN GRANTED POWERS BY THE

Chapter No. Page No. 11 243 International Finance FOREIGN TRAVEL AND RELEASE OF EXCHANGE DELEGATION OF POWER TO AUTHORISED DEALERS AUTHORISED DEALERS HAVE BEEN GRANTED POWERS BY THE RESERVE BANK TO RELEASE FOREIGN EXCHANGE FOR

429 views • 15 slides
Tutorial: Online Shopping Based on Chapter 10 of Maciaszek, L.A. (2007): Requirements Analysis and

Tutorial: Online Shopping Based on Chapter 10 of Maciaszek, L.A. (2007): Requirements Analysis and

Information Systems Concepts Tutorial: Online Shopping Based on Chapter 10 of Maciaszek, L.A. (2007): Requirements Analysis and System Design , 3rd ed. Addison Wesley. Background A computer manufacturer offers the possibility of purchasing

621 views • 3 slides

More recommend