Proactive security measures in coding
Valkonen, Ville (2014)
2014
Tietojenkäsittelyoppi - Computer Science
Informaatiotieteiden yksikkö - School of Information Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2014-12-19
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:uta-201412302547
https://urn.fi/URN:NBN:fi:uta-201412302547
Tiivistelmä
There are several ways to mitigate security breaches proactively. This thesis introduces portable security methods that can be adapted in any Unix-like oper- ating system. These methods can help to mitigate the harm done by a malicious attacker who has already gained a partial access into the system. The main focus in the thesis is to give an idea how attacks can be pursued and how to protect against them.
The first research question is: What proactive steps can be done to reduce errors and vulnerabilities in code before it is released? What methods can be adapted to harden the code and make it less penetrable? I examine a few design principles which are known to be good against malicious activities.
The second research question is: What is the state of the static analyzers in modern compilers, when compared to dedicated static analyzers? This a part of the thesis introduces automatic ways to check code against unsafe API or system call usages. Static code analysis has been around for awhile and performed heuristics of modern analyzers are highly sophisticated. Freely available open source analyzers are tested against example flaws and the results are reviewed. In the last section, analyzers are tested against a real world program which are used widely.
As a conclusion, many of the shown proactive security measures will help to mitigate against malicious activity, as proven by the real world code analysis.
The first research question is: What proactive steps can be done to reduce errors and vulnerabilities in code before it is released? What methods can be adapted to harden the code and make it less penetrable? I examine a few design principles which are known to be good against malicious activities.
The second research question is: What is the state of the static analyzers in modern compilers, when compared to dedicated static analyzers? This a part of the thesis introduces automatic ways to check code against unsafe API or system call usages. Static code analysis has been around for awhile and performed heuristics of modern analyzers are highly sophisticated. Freely available open source analyzers are tested against example flaws and the results are reviewed. In the last section, analyzers are tested against a real world program which are used widely.
As a conclusion, many of the shown proactive security measures will help to mitigate against malicious activity, as proven by the real world code analysis.