By Bill Graham
In my previous post I discussed the potential benefits in quality and costs that static analysis brings to software development. In addition to common coding errors, many of the bugs found by static analysis are potential security defects as well. Buffer overflow, OS command injection, unrestricted string format and integer overflows are among the top 25 most dangerous security coding defects (according to the Common Weakness Enumeration (CWS) from the MITRE organization). These types of defects are common in C and C++ and are dangerous to correct operation in general but also pose significant security threats – often because the right exploit can lead to arbitrary code execution on the target. Once an attacker can execute code on your device, they can gain complete control, which might include reflashing the firmware, installing malware or rewriting the command and control software.
Luckily, many of the top 25 errors are detectable by static analysis tools. Often the errors lurk in untested code and are a potential risk to you and your customers. Moreover, security defects are more expensive to find, fix and patch in a fielded product (figures place this as high as $300,000 per defect!), so fixing them earlier is always a cheaper option. Static analysis tools can be used to evaluate code at the developer’s desktop right in Wind River Workbench, before it makes it into the system builds. Continuous software builds used for integration and test can be analyzed as well to ensure defects are caught before they make it into system testing.
Improving security for embedded systems requires a software development lifecycle approach the include security from the beginning. Static analysis tools fit nicely into this approach but are a compliment to other important activities such as system simulation, design and testing.
For additional information from Wind River, visit http://www.facebook.com/WindRiverSystems.