Securing Software: Analysis and Isolation

Goals

• Security Analysis
  • Understand the tradeoffs between different forms of analysis
  • Perform basic symbolic execution
• Architecture
  • Describe various mechanisms for isolating code execution
  • Assess the tradeoffs amongst them

Analysis

• What are the advantages (and disadvantages) of different methods for finding vulnerabilities?
  1. Human inspection
  2. Programmatic testing
  3. Randomized testing
  4. Static analysis
  5. Dynamic analysis
  6. Model checking
• Static analysis
  • How does compiler-based analysis work?
  • Is compiler-based analysis sound? Complete?
• Dynamic Analysis
  • Why is it useful to exhibit inputs that cause a program to misbehave?
  • What is concolic execution?
  • How does symbolic execution work?

Isolation

• What kinds of resources require isolation?
• How can isolation be imposed?
  • At what granularities?
• What are three common categories of separation mechanisms?
  • What’s an example of each?
• Memory Protection
  • What guarantees does memory protection offer and how is it implemented?
  • Why don’t we typically put each word of memory into its own domain?
• SFI
  • What guarantee does SFI provide?
  • Why bother with SFI when we have memory protection?
  • What are two approaches for implementing SFI?
    • What are the tradeoffs between them?
  • What is required for SFI to operate soundly?