Secure Coding mailing list archives
Re: auditing
From: Jose Nazario <jose () monkey org>
Date: Mon, 03 May 2004 22:39:20 +0100
some advice ... look for tools to generate callgraphs from dynamic (runtime) analysis and static (run them over the compiler binary or the source code) analysis. graphing those relationships can be useful. one example: http://monkey.org/~jose/graphing/syscalls/ look for tools to do control flow analysis, again static or dynamic. build an annotated C library that you can use to preload and watch execution while the program runs (assuming you only have a binary available on a UNIX platform, i would't know how to do this on windows). invoke some of the old software cracker tricks ... look for tools to do known hole analysis, they can be as simple as grep or as complex as you can imagine ... this page has a few links to some tools at teh bottom which may be useful: http://www.dwheeler.com/flawfinder/ (several easy to use tools of varying sophistication are listed in these): http://www.linuxjournal.com//article.php?sid=5673 http://www.ida.liu.se/~johwi/research_publications/paper_nordsec2002_john_wilander.pdf http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf http://www.cs.berkeley.edu/~pbwell/papers/saswifi.pdf etc etc etc ... frankly the hard part if identifying the right terms to use. once you do that you're all set. big kudos to david wheeler for maintaining a nice repository of links (along with flawfinder, a pretty decent first pass tool). even more links to even more tools and techniques (scan the whole page): http://osq.cs.berkeley.edu/ remember. automated tools will only catch the things you already knew about. they help because they don't get tired, see cross eyed (typically), and can be fast. they fail because they're easy to confuse, they only work on what you know, and get prohibitively difficult to write and use for large forms of analysis. it's a hot topic, has attracted some of the best and brightest, and is a fertile area for all levels of research. if you're serious about studying it, learn compiler internals as a means to learn model building, study the language specification (spot the ambiguities is a fun game to play) and start hacking tools. dilligance, dilligance, dilligance. ________ jose nazario, ph.d. [EMAIL PROTECTED] http://monkey.org/~jose/ http://infosecdaily.net/
Current thread:
- auditing jnf (May 03)
- Re: auditing James Walden (May 03)
- Re: auditing jnf (May 03)
- Re: auditing ljknews (May 03)
- Re: auditing Jose Nazario (May 03)
- Re: auditing jnf (May 05)
- Re: auditing Paco Hope (May 03)
- Re: auditing jnf (May 03)
- Re: auditing Crispin Cowan (May 03)
- Re: auditing James Walden (May 03)