Language Tool Based Security
Most network security bugs have been the result of unchecked buffer overflows. The programmer has introduced a security hole by passing an array parameter into a subroutine without checking the size of the parameter first. This effectively overlays memory areas on the activation record stack. The intruder utilizes this weakness to send information in a network packet that will deliberately cause the buffer overrun to happen and by doing so is able to place data onto areas of the runtime stack. This is the combination of an inferior development tool (poorly designed language) and sloppy programming. We have developed a tool which can be used to scan source code to detect language feature usage that may result in security holes. The unchecked parameter pass described above is an example of such an unsafe usage. We are using the front-end of the GNU g++ compiler to read the source code and produce an abstract syntax tree. We then dump the abstract syntax tree to a file. A Perl program then reads in the file containing the information from the abstract syntax tree building its own internal representation of the AST, The AST is then searched for instances of dangerous usage. We have the source code to the NT operating system (versions 3.51 and 4.0). We can compile a list of known flaws that were addressed in the various service packs release for NT. We can use these known bugs to evaluate how effective the tool is at finding dangerous coding practices. The same analysis can be performed using an open source UNIX-like OS.
An initial version of this tool has been implemented as a Perl program that reads the AST generated by gcc. The tool can be extended indefinitely to add more security flaw scanning capabilities.