| One of the greatest challenges in computer security today is the software assurance problem: How do we deal with the fact that our most trusted software, even our security software itself, is often buggy? Our programming environments are flawed, which makes it easy to introduce bugs into security-sensitive applications. At the same time, a widespread reliance on legacy applications, developed in a more trusting age where security was less of a concern, raises the stakes. All of these factors suggest that the software assurance problem is likely to remain an important challenge for some time to come.; This dissertation argues that static analysis can be a powerful tool for software assurance, providing a new approach to the problem. To validate this methodology, we describe experience with two test applications. First, we describe new techniques for automated buffer overrun detection; a prototype implementation has been used to find serious new vulnerabilities in a large, widely deployed software package (even though it had already been hand-audited). Second, we examine intrusion detection, showing how static analysis allows us to detect potential break-ins without raising any false alarms. In both cases, a key selling point of static analysis is that it allows us to eliminate or neutralize security bugs proactively before they are exploited.; These two success stories provide strong support for the methodology, and they suggest that static analysis may prove a powerful tool for improving the assurance level of securitysensitive software in the future. |
