1 / 26

Introducing Mango: A Formal Eclipse plugin for Java Vulnerability Detection

Introducing Mango: A Formal Eclipse plugin for Java Vulnerability Detection. Frank Rimlinger Information Assurance Directorate National Security Agency http:// babelfish.arc.nasa.gov / trac / jpf /wiki/projects/ jpf -mango. Summary. Tool purpose, features

zona
Download Presentation

Introducing Mango: A Formal Eclipse plugin for Java Vulnerability Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introducing Mango: A Formal Eclipse plugin for Java Vulnerability Detection Frank Rimlinger Information Assurance Directorate National Security Agency http://babelfish.arc.nasa.gov/trac/jpf/wiki/projects/jpf-mango

  2. Summary • Tool purpose, features • What is Eclipse? What is a plugin? • Finalizer attack (from Oracle Java Security Guide) • Step 1: Build trap • Step2: Mock-up • Step3: Detect trap • Step4: Train • Mango class resolver, and math foundations.

  3. Tool purpose • Create and understand formal specification of Java code. • Create and apply tests to screen for known issues. • Formulate and prove properties about the code using automated theorem proving.

  4. Tool features • Available as open-source, Eclipse plugin. • Persistent automated modeling of formal specification. • Natural language translation. • Navigable view of specification. • Pattern capture-and-edit for test creation. • Layered Eclipse project design for code approximation.

  5. What is Eclipse?

  6. What is the Mango plugin?

  7. Finalizer attack

  8. Step 1: Build the trap • How to use Mango to build a trap for catching coding errors which enable the finalizer attack.

  9. Add safe.firewallCheck()

  10. Build the “opaque” spec

  11. Inspect the state transition

  12. Modify the heap reference

  13. Step 2: Mock-up • How to set up a mock situation that will fire the trap.

  14. Firewall and sensitive dummies

  15. “Approximate” the sensitive method

  16. Step 3: Detect • Create a “training rule” to detect and report allfirewallCheck expressions. • More refined rules later to weed out false positives.

  17. The training rule

  18. Step 4 Train • Use Mango navigation of generated specification to reveal the salient features of the formal model. Develop rules for more general situations.

  19. Generate the mock-up spec

  20. Movie: Mango does its thing!

  21. Navigate to the hit point

  22. Edit hit to generalize

  23. The loop algorithm

  24. The confluence algorithm

  25. Confluence Alg concluded

More Related