Transcription
CERT Secure CodingStandardsRobert C. Seacord 2006 Carnegie Mellon University
Problem Statement5,9906,000Reacting to vulnerabilitiesin existing systems is notworking5,0004,1294,000Total vulnerabilities reported(1995-2Q,2005): 17311262199719980 2006 Carnegie Mellon University199920002001220022005
Recent Trends Are No Different200017501500125010007505002500FY 2004Q3 2006 Carnegie Mellon UniversityFY 2004Q3FY 2004Q4FY 2005Q1FY 2005Q23FY 2005Q3FY 2005Q4FY 2006Q1FY 2006Q2FY 2006Q3TD
Secure Coding InitiativeWork with software developers and softwaredevelopment organizations to eliminatevulnerabilities resulting from coding errorsbefore they are deployed. Reduce the number of vulnerabilities to a levelwhere they can be handled by computersecurity incident response teams (CSIRTs) Decrease remediation costs by eliminatingvulnerabilities before software is deployed 2006 Carnegie Mellon University4
Overall ThrustsAdvance the state of the practice in securecodingIdentify common programming errors that leadto software vulnerabilitiesEstablish standard secure coding practicesEducate software developers 2006 Carnegie Mellon University5
CERT Secure Coding StandardsIdentify coding practices that can be used toimprove the security of software systems underdevelopmentCoding practices are classified as either rulesor recommendations Rules need to be followed to claim compliance. Recommendations are guidelines orsuggestions.Development of Secure Coding Standards is acommunity effort 2006 Carnegie Mellon University6
RulesCoding practices are defined as rules when Violation of the coding practice will result in asecurity flaw that may result in an exploitablevulnerability. There is an enumerable set of exceptionalconditions (or no such conditions) whereviolating the coding practice is necessary toensure the correct behavior for the program. Conformance to the coding practice can beverified. 2006 Carnegie Mellon University7
RecommendationsCoding practices are defined asrecommendations when Application of the coding practice is likely toimprove system security. One or more of the requirements necessary fora coding practice to be considered a rulecannot be met. 2006 Carnegie Mellon University8
Community Development ProcessRules are solicitedfrom the communityPublished as candidate rules and recommendationson the CERT Wiki accessible from:www.cert.org/secure-codingThreaded discussions used for public vettingCandidate coding practicesare moved into a securecoding standard whenconsensus is reached 2006 Carnegie Mellon University9
ScopeThe secure coding standards proposed by CERT arebased on documented standard language versions asdefined by official or de facto standards organizations.Secure coding standards are under development for: C programming language (ISO/IEC 9899:1999) C programming language (ISO/IEC 14882-2003 )Applicable technical corrigenda and documentedlanguage extensions such as the ISO/IEC TR 24731extensions to the C library are also included. 2006 Carnegie Mellon University10
Potential ApplicationsEstablish secure coding practices within anorganization may be extended with organization-specific rules cannot replace or remove existing rulesTrain software professionalsCertify programmers in secure codingEstablish base-line requirements for software analysistoolsCertify software systems 2006 Carnegie Mellon University11
System QualitiesSecurity is one of many system qualities that must be considered inthe selection and application of a coding standard.System qualities with significant overlap Safety Reliability AvailabilitySystem qualities that influence security Maintainability UnderstandabilitySystem qualities that make security harder PortabilitySystem qualities that may conflict with security Performance Usability 2006 Carnegie Mellon University12
Implementation & DemoExternally accessible system hosted on the CERTweb siteSoftware Atlassian's confluence wiki with unlimited named usersHardware One Dell PowerEdge 2850 Two Intel Xeon Processors at 3.0GHz/2MB Cache,800MHz FSB Memory 2GB DDR2 400MHz (2X1GB Primary Controller Embedded RAID (ROMB) Three 73GB 10K RPM Ultra 320 SCSI Hard Drives 2006 Carnegie Mellon University13
Demo 2006 Carnegie Mellon University14
Future DirectionsProvide similar products for other languages C /CLIC#JavaAdaEtc.Produce language independent guidancecross-referenced with specific examples fromtarget languages 2006 Carnegie Mellon University15
Questions 2006 Carnegie Mellon University16
For More InformationVisit the CERT web sitehttp://www.cert.org/secure-coding/Contact PresenterRobert C. Seacordrcs@cert.orgContact CERT Coordination CenterSoftware Engineering InstituteCarnegie Mellon University4500 Fifth AvenuePittsburgh PA 15213-3890Hotline: 412-268-7090CERT/CC personnel answer 8:00 a.m.–5:00 p.m.and are on call for emergencies during other hours.Fax:412-268-6989E-mail:cert@cert.org 2006 Carnegie Mellon University17
CERT Secure Coding Standards Identify coding practices that can be used to improve the security of software systems under development Coding practices are classified as either rules or recommendations Rules need to be followed to claim compliance. Recommendations are guidelines or suggestions. Development of Secure Coding Standards is a
