|
Aside
from safety properties, can static analysis tools be
used to detect security issues? Yes, as we will show by
discussing a programming error in uftpd, an ftp server
implemented in C. In particular, we will show how the
error influences both safety as well as security and
under which conditions it can be exploited. Furthermore,
we will give a quick glance at techniques used to
minimize the issue’s impact or to avoid this and
comparable errors from the get go.
|
|
|
Safety (more precisely: functional safety, in the
sense of ISO/IEC 61508, ISO 26262, and other derived
standards) refers to the protection from errors or
malfunctions, in particular with respect to dangers or
risks of injury, loss of live or property or other
undesired outcomes.
Several programming standards defining safety conditions
and how to appropriately develop software and systems
exist. An example prominently used in the automotive
industry, the MISRA C software development guidelines
were introduced in 1998 and have been updated several
times since.
In contrast to functional safety, software security is
more focused on deliberate actions explicitly targeted
at providing harm. Rather than asking whether a system
can cause harm due to a malfunction, security
considerations deal with the question whether a system
can be made to cause harm by an attacker. Again,
different coding guidelines for the avoidance of
security issues are available, e.g., the
SEI CERT C Coding Standard,
which is aimed at safety, reliability and security
simultaneously. With the ISO/IEC TS 17961�2013 an
international norm for the development of security
critical software has been established.
As we will show with a simple example below, software
flaws often have both a safety as well as a security
aspect. Accordingly, the aforementioned standards link
to each other in various places and are interconnected.
For several of them, mappings from one to another are
provided. Safety standards such as the MISRA guidelines
have taken up security aspects as well and vice-versa.
|
|