A Metric for Evaluating Static Analysis Tools

Oct 03, 2012

60 likes | 229 Vues

Four Perspectives on the Problem. GeneralHow good are software security tools today?Tools vendorIs my static analysis product getting better over time? (What is better?)How much has it improved since the last release?What should I focus on to improve my tool in the future?If I make my tool det

Share Presentation

Embed Code

Link

kirsi

Télécharger la présentation

A Metric for Evaluating Static Analysis Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs

Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs. Dave Hovemeyer Bill Pugh Jaime Spacco. How hard is it to find null-pointer exceptions?. Large body of work academic research too much to list on one slide commercial applications PREFix / PREFast Coverity Polyspace.

871 views • 39 slides

Evaluating a Meta-Analysis

Evaluating a Meta-Analysis. Validity Construct validity Internal validity Statistical conclusion validity External validity Theoretical contribution. Construct Validity. Refers to how accurately the theoretical variables being discussed are implemented in a study

467 views • 7 slides

Evaluating Static Analysis Tools

Evaluating Static Analysis Tools. Dr. Paul E. Black paul.black@nist.gov http://samate.nist.gov/. Static Analysis Examine code Handles unfinished code Can find backdoors, eg, full access for user name “JoshuaCaleb ” Potentially complete. Dynamic Analysis Run code

388 views • 17 slides

Metric Tools for Java Programs

Metric Tools for Java Programs. Zoran Putnik Department of Informatics and Mathematics, Faculty of Science, University of Novi Sad. Free Metric Tools for Java. JCSC CheckStyle JavaNCSC JMT Eclipse plug-in. JCSC – Java Coding Standard Checker. Overview.

851 views • 69 slides

Specify tools Enforce banned functions Static analysis

Security Development Lifecycle. Core security training. An undetected software requirement defect can cost 50 to 200 times as much to fix when discovered later in the development or post-development process. Establish security requirements Analyze security & privacy risk

235 views • 1 slides

Using Static Analysis Tools When Developing Drivers

Using Static Analysis Tools When Developing Drivers. Adam Shapiro Senior Program Manager Devices and Storage Technologies sdvpfdex@microsoft.com. Session Outline. Static analysis tools What they are Benefits What’s new for the next version of Windows PRE f ast for Drivers (PFD )

542 views • 34 slides

Evaluating Web Server Log Analysis Tools

Evaluating Web Server Log Analysis Tools. David Strom david@strom.com SD’98 2/13/98. Summary. Examine different log files What you can and can’t learn from your logs Pros and cons of various tools. Different types of log files. Access Error Referral Other. Access logs. Domain name

468 views • 27 slides

Static Analysis

Static Analysis. James Walden Northern Kentucky University. Topics. Why Static Analysis? False Positives and Negatives Static Analysis Internals Using the Tools. What is Static Analysis?. Static = without program execution Includes everything except testing.

615 views • 23 slides

Static Analysis for Security

Static Analysis for Security. Amir Bazine Per Rehnberg. Content. Background Static Analysis tools Our resarch and tests Test results Conclusion. Background. Increase of reported vulnerabilities Dynamic analysis not enough Developed new static analysis tools Ease the auditing process.

424 views • 18 slides

Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs

Evaluating and Tuning a Static Analysis to Find Null Pointer Bugs. David Hovemeyer, Jaime Spacco, and William Pugh. Presented by Nathaniel Ayewah CMSC838P 11/16/2006. Why Simple. Programmers make simple mistakes // org.eclipse.jdt.internal.ui.compare.JavaStructureDiffViewer

332 views • 26 slides

Static analysis for security

Static analysis for security. Luis Sierra November, 2007 Stic AmSud - ReSeCo Workshop Montevideo, Uruguay. Plan. Some motivation Static analysis PySTA: Python Static Analyzer Permission usage analysis Conclusions and further work. Motivation.

423 views • 26 slides

A Static Analysis Framework For Embedded Systems

Nathan Cooprider John Regehr's Embedded Systems Group. A Static Analysis Framework For Embedded Systems. , nesC and C. – OS for wireless sensor network devices nesC – language designed for building applications for the TinyOS platform

174 views • 5 slides

A New Metric for Evaluating the Throughput Performance of HEW

A New Metric for Evaluating the Throughput Performance of HEW. Date: 2014-03-20. Authors:. Abstract. This presentation suggests to add a new metric for evaluating the throughput performance of HEW and explains some reasons.

208 views • 8 slides

Static Analysis

Static Analysis. Static Analysis, Internal Forces, Stresses: Normal and Shear. Static Analysis. Equation of equilibrium If only x-y plane . Types of Connection. Think!. FBD: Structure. Discuss the approach?. ii) Equilibrium on Pin A. i) Equilibrium on the whole system.

783 views • 24 slides

Scanstud Evaluating Static Analysis Tools

Scanstud Evaluating Static Analysis Tools. Martin Johns, SAP Research Karlsruhe Moritz Jodeit, n.runs AG. ScanStud: Project overview. Mission statement Investigating the state of the art in static analysis Project overview Practical evaluation of commercial static analysis tools for security

612 views • 44 slides

Static Analysis for Security

Static Analysis for Security. POSTECH Laboratory for UNIX Security (PLUS) Kwang Yul Seo skyul@postech.ac.kr. Static Analysis for Security. Detecting security problems through source code (or binary) Identifying many common coding problems automatically. Dynamic vs Static.

381 views • 20 slides

A New Metric for Evaluating the Throughput of HEW

A New Metric for Evaluating the Throughput of HEW. Date: 2014-03-18. Authors:. Background. Inefficiencies of Current WLAN. Assume all APs are blind , in other words, they know know nothing about STAs. Inefficiencies of Current WLAN. Notorious Exposed Node Problem:.

236 views • 15 slides

Static Code Analysis Tools Appvigil

Appvigil is an automated mobile reputation protection suite for mobile apps. Appvigil performs static, dynamic and network analysis tools.

216 views • 4 slides

Evaluating Static Analysis Tools

201 views • 17 slides

A New Metric for Evaluating the Throughput Performance of HEW

94 views • 8 slides

The NIST SAMATE and Evaluating Static Analysis Tools

The NIST SAMATE and Evaluating Static Analysis Tools. Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov. What is NIST?. U.S. National Institute of Standards and Technology A non-regulatory agency in Dept. of Commerce

118 views • 9 slides

More Related