1 / 13

Automated Security Tools

Korey Breshears. Automated Security Tools. Overview. What are automated security tools? Why do we need them? What types of tools are there? What problems do these tools have?. What is it?. Automated security tools are tools designed to enhance the security of a program automatically.

zarifa
Télécharger la présentation

Automated Security Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Korey Breshears Automated Security Tools

  2. Overview • What are automated security tools? • Why do we need them? • What types of tools are there? • What problems do these tools have?

  3. What is it? • Automated security tools are tools designed to enhance the security of a program automatically

  4. Why do we need these tools? • Information is increasing at an unprecedented pace • It is time consuming to debug subtle bugs • Easier to maintain • Quicker code development • Reliability

  5. Types of tools • Compiler/Translator • Toolkits/Frameworks • Stand alone programs

  6. Compiler/Translator • Provide type safety for non type safe languages • Provide security for parallel programs • Ccured • SAFECode Project • Gcc known problem

  7. CCured • CCured is a source-to-source translator for C • The translator itself is written in Ocaml (a dialect of ML) • Provides type safety for C program

  8. SAFECode Project • Array bounds checking • Loads and stores only access valid memory objects • Type safety for a subset of memory objects proven to be type-safe • Sound operational semantics in the face of dangling pointer errors • Optional dangling pointer detection

  9. Toolkits/Frameworks • Securibot framework • Provide built in functions for security • Access control policy generator

  10. Stand alone program • Monitor stack and heap • Provide real time security

  11. Issues with automation • Only known types of problems can be caught • The security program could miss a bug • The security program is only as strong as its algorithm

  12. Conclusion • What automated security tools are and benefits to using them • Types of tools • Compilers/Translators • Toolkits/Frameworks • Stand alone Programs • Problems with automated tools

  13. Questions?

More Related