Secure programming describes those techniques that software developers use to provide security features in their applications. In addition to these techniques, software practitioners use static code security checkers to parse through and scan the source code, looking for potential security problems. Related to static code checking, runtime checkers have been developed that monitor the software while it is in use.; In an effort to counter the hacker threat, software security professionals need better methods and tools than these to analyze executable programs the way hackers do: from the binary data level. This level is where the hackers find the secret doorways and security loopholes that are not evident in high-level source code. A few commercial companies have recently started marketing software products that will scan executable files for software security vulnerabilities; however, these products have unpublished methodologies and unverified test results. Consequently, software practitioners have only a loose collection of homegrown, commercial, and operating system software tools to perform their secure programming work and to do so in primarily a manual approach.; To help security analysts, programmers, and users detect security vulnerabilities in executable program files, we have created a methodology that uses information located in the headers, sections, and tables of a Windows NT/XP executable file, along with information derived from the overall contents of the file, as a means to detect specific software security vulnerabilities without having to disassemble the code. In addition, we have instantiated this methodology in a software utility program called findssv that automatically dissects an executable file and detects certain anomalies and software security vulnerabilities before installing and running the software.; We tested findssv on seven categories of files: software installation files, software development files, Windows XP operating system files, Microsoft application files, security-centric application files, and miscellaneous application files. We show through the test results on these 2700 files that findssv is able to detect table size anomalies, large zero-filled regions of bytes, unknown regions of bytes, compressed files, sections that are both writable and executable, and the use of functions susceptible to buffer overflow attacks. We also list sixteen key security vulnerability findings about software in the seven categories.
展开▼
机译:安全编程描述了软件开发人员用来在其应用程序中提供安全功能的那些技术。除了这些技术之外,软件从业人员还使用静态代码安全检查器来解析和扫描源代码,以查找潜在的安全问题。与静态代码检查相关,已经开发了运行时检查程序,可以在软件使用过程中对其进行监视。为了应对黑客威胁,软件安全专业人员需要比这些更好的方法和工具,以便以黑客的方式分析可执行程序:从二进制数据级别。黑客可以在此级别找到高级源代码中不明显的秘密通道和安全漏洞。一些商业公司最近已经开始销售软件产品,这些产品将扫描可执行文件中的软件安全漏洞。但是,这些产品的方法尚未公开,测试结果未经验证。因此,软件从业人员只有少量的本地,商业和操作系统软件工具集合,以执行其安全的编程工作,并且主要以手动方式进行。为了帮助安全分析人员,程序员和用户检测可执行程序文件中的安全漏洞,我们创建了一种方法,该方法使用位于Windows NT / XP可执行文件的标题,节和表中的信息以及从总体文件中获取的信息文件的内容,作为检测特定软件安全漏洞而无需反汇编代码的手段。另外,我们已经在名为findssv的软件实用程序中实例化了该方法,该程序会自动剖析可执行文件并在安装和运行软件之前检测某些异常和软件安全漏洞。我们在以下七类文件中测试了findssv:软件安装文件,软件开发文件,Windows XP操作系统文件,Microsoft应用程序文件,以安全性为中心的应用程序文件以及其他应用程序文件。通过对这2700个文件的测试结果,我们发现findssv能够检测表大小异常,较大的零填充字节区域,未知的字节区域,压缩文件,可写和可执行的节以及易受攻击的函数的使用缓冲溢出攻击。我们还在七个类别中列出了有关软件的十六个关键安全漏洞发现。
展开▼
