Korey Breshears. Overview What are automated security tools? Why do we need them? What types of...
-
date post
19-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Korey Breshears. Overview What are automated security tools? Why do we need them? What types of...
![Page 1: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/1.jpg)
AUTOMATED SECURITY TOOLS
Korey Breshears
![Page 2: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/2.jpg)
Overview
What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools have?
![Page 3: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/3.jpg)
What is it?
Automated security tools are tools designed to enhance the security of a program automatically
![Page 4: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/4.jpg)
Why do we need these tools? Information is increasing at an
unprecedented pace It is time consuming to debug subtle
bugs Easier to maintain Quicker code development Reliability
![Page 5: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/5.jpg)
Types of tools
Compiler/Translator Toolkits/Frameworks Stand alone programs
![Page 6: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/6.jpg)
Compiler/Translator
Provide type safety for non type safe languages
Provide security for parallel programs Ccured SAFECode Project Gcc known problem
![Page 7: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/7.jpg)
CCured
CCured is a source-to-source translator for C
The translator itself is written in Ocaml (a dialect of ML)
Provides type safety for C program
![Page 8: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/8.jpg)
SAFECode Project
Array bounds checking Loads and stores only access valid
memory objects Type safety for a subset of memory
objects proven to be type-safe Sound operational semantics in the face
of dangling pointer errors Optional dangling pointer detection
![Page 9: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/9.jpg)
Toolkits/Frameworks
Securibot framework Provide built in functions for security Access control policy generator
![Page 10: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/10.jpg)
Stand alone program
Monitor stack and heap Provide real time security
![Page 11: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/11.jpg)
Issues with automation
Only known types of problems can be caught
The security program could miss a bug The security program is only as strong
as its algorithm
![Page 12: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/12.jpg)
Conclusion
What automated security tools are and benefits to using them
Types of toolsCompilers/TranslatorsToolkits/FrameworksStand alone Programs
Problems with automated tools
![Page 13: Korey Breshears. Overview What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools.](https://reader036.fdocuments.in/reader036/viewer/2022062407/56649d2d5503460f94a03605/html5/thumbnails/13.jpg)
Questions?