210 likes | 433 Views
Korey Breshears. Automated Security Tools. Overview. What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools have?. What is it?. Automated security tools are tools designed to enhance the security of a program automatically.
E N D
Korey Breshears Automated Security Tools
Overview • What are automated security tools? • Why do we need them? • What types of tools are there? • What problems do these tools have?
What is it? • Automated security tools are tools designed to enhance the security of a program automatically
Why do we need these tools? • Information is increasing at an unprecedented pace • It is time consuming to debug subtle bugs • Easier to maintain • Quicker code development • Reliability
Types of tools • Compiler/Translator • Toolkits/Frameworks • Stand alone programs
Compiler/Translator • Provide type safety for non type safe languages • Provide security for parallel programs • Ccured • SAFECode Project • Gcc known problem
CCured • CCured is a source-to-source translator for C • The translator itself is written in Ocaml (a dialect of ML) • Provides type safety for C program
SAFECode Project • Array bounds checking • Loads and stores only access valid memory objects • Type safety for a subset of memory objects proven to be type-safe • Sound operational semantics in the face of dangling pointer errors • Optional dangling pointer detection
Toolkits/Frameworks • Securibot framework • Provide built in functions for security • Access control policy generator
Stand alone program • Monitor stack and heap • Provide real time security
Issues with automation • Only known types of problems can be caught • The security program could miss a bug • The security program is only as strong as its algorithm
Conclusion • What automated security tools are and benefits to using them • Types of tools • Compilers/Translators • Toolkits/Frameworks • Stand alone Programs • Problems with automated tools