Securing Software: Analysis and Isolation

Goals

  • Security Analysis
    • Understand the tradeoffs between different forms of analysis
    • Perform basic symbolic execution
  • Architecture
    • Describe various mechanisms for isolating code execution
    • Assess the tradeoffs amongst them

Analysis

  • What are the advantages (and disadvantages) of different methods for finding vulnerabilities?
    1. Human inspection
    2. Programmatic testing
    3. Randomized testing
    4. Static analysis
    5. Dynamic analysis
    6. Model checking
  • Static analysis
    • How does compiler-based analysis work?
    • Is compiler-based analysis sound? Complete?
  • Dynamic Analysis
    • Why is it useful to exhibit inputs that cause a program to misbehave?
    • What is concolic execution?
    • How does symbolic execution work?

Isolation

  • What kinds of resources require isolation?
  • How can isolation be imposed?
    • At what granularities?
  • What are three common categories of separation mechanisms?
    • What’s an example of each?
  • Memory Protection
    • What guarantees does memory protection offer and how is it implemented?
    • Why don’t we typically put each word of memory into its own domain?
  • SFI
    • What guarantee does SFI provide?
    • Why bother with SFI when we have memory protection?
    • What are two approaches for implementing SFI?
      • What are the tradeoffs between them?
    • What is required for SFI to operate soundly?