Seven pernicious kingdoms: a taxonomy of software security errors

Taxonomies can help software developers and security practitioners understand the common coding mistakes that affect security. The goal is to help developers avoid making these mistakes and more readily identify security problems whenever possible. Because developers today are by and large unaware of the security problems they can (unknowingly) introduce into code, a taxonomy of coding errors should provide a real tangible benefit to the software security community. Although the taxonomy proposed here is incomplete and imperfect, it provides an important first step. It focuses on collecting common errors and explaining them in a way that makes sense to programmers. This new taxonomy is made up of two distinct kinds of sets, which we're stealing from biology: a phylum (a type of coding error, such as illegal pointer value) and a kingdom (a collection of phyla that shares a common theme, such as input validation and representation). Both kingdoms and phyla naturally emerge from a soup of coding rules relevant to enterprise software, and it's for this reason that this taxonomy is likely to be incomplete and might lack certain coding errors. In some cases, it's easier and more effective to talk about a category of errors than to talk about any particular attack. Although categories are certainly related to attacks, they aren't the same as attack patterns.     

Java Insecurity: Accounting for Subtleties That Can Compromise Code

Conscientious Java developers are typically aware of the numerous coding guidelines that they should follow when writing code, such as validating inputs, minimizing accessibility to classes and members, and avoiding public static nonfinal fields. Java developers follow such guidelines to avoid common programming pitfalls (often called antipatterns), thereby reducing the likelihood of bugs or security vulnerabilities in their programs.     

Sensei: Enforcing secure coding guidelines in the integrated development environment

We discuss the potential benefits, requirements, and implementation challenges of a security-by-design approach in which an integrated development environment plugin assists software developers to write code that complies with secure coding guidelines. We discuss how such a plugin can enable a company's policy-setting security experts and developers to pass their knowledge on to each other more efficiently, and to let developers more effectively put that knowledge into practice. This is achieved by letting the team members develop customized rule sets that formalize coding guidelines and by letting the plugin check the compliance of code being written to those rule sets in real time, similar to an as-you-type spell checker. Upon detected violations, the plugin suggests options to quickly fix them and offers additional information for the developer. We share our experience with proof-of-concept designs and implementations rolled out in multiple companies, and present some future research and development directions.     

How to think about security

Learning how to think about security means adopting a different mindset than we've had in the past. As a community, software developers have been thinking too much like "good guys" and thus ended up developing insecure software because they failed to predict attack scenarios. The only way to effectively develop good security in software is to learn to think like the "bad guys." Thinking like the adversary helps us to better identify and mitigate threats.     

Approximate Structural Context Matching: An Approach to Recommend Relevant Examples

When coding to an application programming interface (API), developers often encounter difficulties, unsure of which class to subclass, which objects to instantiate, and which methods to call. Example source code that demonstrates the use of the API can help developers make progress on their task. This paper describes an approach to provide such examples in which the structure of the source code that the developer is writing is matched heuristically to a repository of source code that uses the API. The structural context needed to query the repository is extracted automatically from the code, freeing the developer from learning a query language or from writing their code in a particular style. The repository is generated automatically from existing applications, avoiding the need for handcrafted examples. We demonstrate that the approach is effective, efficient, and more reliable than traditional alternatives through four empirical studies     

Improving software security with static automated code analysis in an industry setting

Software security can be improved by identifying and correcting vulnerabilities. In order to reduce the cost of rework, vulnerabilities should be detected as early and efficiently as possible. Static automated code analysis is an approach for early detection. So far, only few empirical studies have been conducted in an industrial context to evaluate static automated code analysis. A case study was conducted to evaluate static code analysis in industry focusing on defect detection capability, deployment, and usage of static automated code analysis with a focus on software security. We identified that the tool was capable of detecting memory related vulnerabilities, but few vulnerabilities of other types. The deployment of the tool played an important role in its success as an early vulnerability detector, but also the developers perception of the tools merit. Classifying the warnings from the tool was harder for the developers than to correct them. The correction of false positives in some cases created new vulnerabilities in previously safe code. With regard to defect detection ability, we conclude that static code analysis is able to identify vulnerabilities in different categories. In terms of deployment, we conclude that the tool should be integrated with bug reporting systems, and developers need to share the responsibility for classifying and reporting warnings. With regard to tool usage by developers, we propose to use multiple persons (at least two) in classifying a warning. The same goes for making the decision of how to act based on the warning. Copyright © 2012 John Wiley & Sons, Ltd.     

Exploring architecture blueprints for prioritizing critical code anomalies: Experiences and tool support

The manifestation of code anomalies in software systems often indicates symptoms of architecture degradation. Several approaches have been proposed to detect such anomalies in the source code. However, most of them fail to assist developers in prioritizing anomalies harmful to the software architecture of a system. This article presents an investigation on how developers, when supported by architecture blueprints, are able to prioritize architecturally relevant code anomalies. First, we performed a controlled experiment where participants explored both blueprints and source code to reveal architecturally relevant code anomalies. Although the use of blueprints has the potential to improve code anomaly prioritization, the participants often made several mistakes. We found these mistakes might occur because developers miss relationships between implementation and blueprint elements when they prioritize anomalies in an ad hoc manner. Furthermore, the time spent on the prioritization process was considerably high. Aiming to improve the accuracy and effectiveness of the process, we provided means to automate the prioritization process. In particular, we explored 3 prioritization criteria, which establish different ways of relating the blueprint elements with code anomalies. These criteria were implemented in the JSpIRIT tool. The approach was evaluated in the context of 2 applications with satisfactory precision results.     

An identity authentication scheme based on cloud computing environment

In order to solve the shortcomings of traditional identity authentication technology, such as low security, low efficiency, a mobile terminal identity authentication scheme based on cloud computing environment is proposed in this paper. In addition, the two-dimensional code technology is used for identity authentication in the cloud computing environment, and the QR coding technology is also used. The dynamic authentication of the mobile terminal is realized by using the two-dimensional code as the information transmission carrier. According to the security analysis, the scheme has simple structure and no need to use the third party equipment, which has high security and adaptability. Finally, the two fusion of two-dimensional code proposed in this paper provides a new way of thinking for the identity authentication based on the cloud environment, and also promotes the development of the Internet of things.     

编程现场上下文深度感知的代码行推荐

在软件开发的编程现场,有大量与当前开发任务相关的信息,比如代码上下文信息、用户开发意图等.如果能够根据已有的编程现场上下文给开发人员推荐当前代码行,不仅能够帮助开发人员更好地完成开发任务,还能提高软件开发的效率.而已有的一些方法通常是进行代码修复或者补全,又或者只是基于关键词匹配的搜索方法,很难达到推荐完整代码行的要求.针对上述问题,一种可行的解决方案是基于已有的海量源码数据,利用深度学习析取代码行的相关上下文因子,挖掘隐含的上下文信息,为精准推荐提供基础.因此,提出了一种基于深度学习的编程现场上下文深度感知的代码行推荐方法,能够在已有的大规模代码数据集中学习上下文之间潜在的关联关系,利用编程现场已有的源码数据和任务数据得到当前可能的代码行,并推荐Top-N给编程人员.代码行深度感知使用RNN Encoder-Decoder,该框架能够将编程现场已有的若干行上文代码行进行编码,得到一个包含已有代码行上下文信息的向量,然后根据该向量进行解码,得到预测的Top-N代码行输出.利用在开源平台上收集的大规模代码行数据集,对方法进行实验并测试,结果显示,该方法能够根据已有的上下文推荐相关的代码行给开发人员,Top-10的推荐准确率有60%左右,并且MRR值在0.3左右,表示用户满意的推荐项排在N个推荐结果中比较靠前的位置.     

代码的安全性保护技术研究

代码的安全问题由于直接关系到软件能否在多个领域可靠应用,并且影响到系统的安全,所以显得尤为重要.随着网络攻击与防护技术的深入发展,对软件安全提出了更高的要求,代码的缺陷使应用软件、Web系统及数据库系统面临巨大安全挑战.通过分析代码在溢出、跨站脚本、SQL攻击、加密代码、代码失效及软件模拟方式等方面存在的安全性问题,提出使用托管代码迁移、内存探测、正则表达式检测、签名等多种技术方法以实现代码的安全性需求,确保软件的可靠性,最后给出了一些能够提高安全性的编码原则.     

融合结构与语义特征的代码注释决策支持方法

代码注释是辅助编程人员理解源代码的有效手段之一.高质量的注释决策不仅能覆盖软件系统中的核心代码片段,还能避免产生多余的代码注释.然而,在实际开发中,编程人员往往缺乏统一的注释规范,大部分的注释决策都取决于个人经验以及领域知识.对于新手程序员来说,注释决策显然成为了一项重要而艰巨的任务.为了减少编程人员投入过多的精力在注释决策上,文章从大量的代码注释实例中学习出一种通用的注释决策规范,并提出了一种新颖的CommentAdviser方法用以辅助编程人员在代码开发过程中做出恰当的注释决策.由于注释决策与代码本身的上下文信息密切相关,因此,从当前代码行的上下文代码中提取代码结构特征以及代码语义特征作为支持注释决策的主要依据.然后,利用机器学习算法判定当前代码行是否为可能的注释点.在GitHub中的10个大型开源软件的数据集上评估了我们提出的方法,实验结果以及用户调研表明代码注释决策支持方法CommentAdviser的可行性和有效性.     

A field study of how developers locate features in source code

Our current understanding of how programmers perform feature location during software maintenance is based on controlled studies or interviews, which are inherently limited in size, scope and realism. Replicating controlled studies in the field can both explore the findings of these studies in wider contexts and study new factors that have not been previously encountered in the laboratory setting. In this paper, we report on a field study about how software developers perform feature location within source code during their daily development activities. Our study is based on two complementary field data sets: one that reflects complete IDE activity of 67 professional developers over approximately one month, and the other that reflects usage of an IR-based code search tool by nearly 600 developers. Analyzing this data, we report results on how often developers use which type of code search tools, on the types of queries and retreival strategies used by developers, and on patterns of developer feature location behavior following code search. The results of the study suggest that there is (1) a need for helping developers to devise better code search queries; (2) a lack of adoption of niche code search tools; (3) a need for code search tool to handle both lookup and exploratory queries; and (4) a need for better integration between code search, structured navigation, and debugging tools in feature location tasks.     

C2P:基于Pi演算的协议C代码形式化抽象方法和工具

形式化方法为安全协议分析提供了理论工具,但经过形式化验证过的协议标准在转换为具体程序实现时可能无法满足相应的安全属性.为此,提出了一种检测安全协议代码语义逻辑错误的形式化验证方法.通过将协议C源码自动化抽象为Pi演算模型,基于Pi演算模型对协议安全属性形式化验证.最后,给出了方案转换的正确性证明,并通过对Kerberos协议实例代码验证表明方法的有效性.根据该方案实现了自动化模型抽象工具C2P与成熟的协议验证工具ProVerif结合,能够为协议开发者或测试人员检测代码中的语义逻辑错误提供帮助.     

C8051F的示波器监控程序设计

设计采用高性能单片机C8051F020为控制芯片,监控示波器面板上40个按键、3个编码开关及4个电位器的状态。分别介绍了键盘、编码开关和电位器的工作原理,以及其与单片机连接的硬件电路及软件编程的实现。按键部分采用一键多义的键盘程序设计方法,给出了键码匹配子程序流程图。     

窃听攻击下子空间码的安全性

子空间码与随机线性网络编码相结合的网络系统具有编译码复杂度低、无需附加编码矢量和非相干通信等优点,曾被用于网络纠错。针对子空间码在窃听攻击下的安全性能,将攻击者猜测信源消息的成功概率作为子空间码的安全性度量。基于Cai和Yeung提出的网络窃听模型,采用线性代数和组合学方法,定量计算了攻击者的猜测概率并得到了闭式解。分析结果表明,子空间码具有概率意义下的弱安全性,但与许多完美安全或弱安全编码方案相比,子空间码具有复杂度低、灵活性高、拓扑不受限、可对抗多边窃听等优势,因此子空间码适用于计算受限且安全性能要求不高的应用。     

Job Security

Some consider unmaintainable code a tool that provides job security. At the low level, you can obtain such code through incorrect or inconsistent formatting, naming, and commenting. Complex and gratuitous coupling, lack of assertions, and failure to use a language's type system can further complicate the picture. At a higher level, deep and wide class hierarchies, lack of cohesion, and unhelpful package relationships can hinder maintainability. Finally, at the development process level, lack of version control, subpar build-and-release procedures, a lacking testing infrastructure, and the hiring of mediocre developers will hammer the last nails into a project's maintainability coffin.     

Understanding reuse of software examples: A case study of prejudice in a community of practice

ContextThe context of this research is software developers’ perceptions about the use of code examples in professional software development.ObjectiveThe primary objective of this paper is to identify the human factors that dominate example usage among professional software developers, and to provide a theory that explains these factors.MethodTo achieve this goal, we analyzed the perceptions of professional software developers as manifested on LinkedIn online community. We analyzed the data qualitatively using adapted grounded theory research procedures.ResultsThe research yields an initial framework of key factors that dominate professional developers’ perception regarding example usage. We use the theoretical lens of prejudice theory to put these factors in a broader context, and outline initial recommendations to address these factors in professional organizational context.ConclusionThe results of this work, in particular the use of qualitative techniques – allowed us to obtain rich insight into key human factors that affect professional software developers, and enrich the body of literature on the issues of reuse. These factors need to be taken into account as part of an organizational reuse strategy.     

浅谈如何构建安全的学校Web网站

学校网站的安全面临着日益严重的威胁。本文以网站开发的角度,从表单数据验证、使用存储过程、数据库连接字段加密、关键数据加密及IIS设置五个方面,阐述要保证网站安全应注意的代码设计/安全设置,供开发者借鉴。     

An aspect-oriented approach for the systematic security hardening of code

In this paper, we present an aspect-oriented approach for the systematic security hardening of source code. It aims at allowing developers to perform software security hardening by providing an abstraction over the actions required to improve the security of the program. This is done by giving them the capabilities to specify high-level security hardening plans that leverage a priori defined security hardening patterns. These patterns describe the required steps and actions to harden security code, including detailed information on how and where to inject the security code. We show the viability and relevance of our approach by: (1) elaborating security hardening patterns and plans to common security hardening practices, (2) realizing these patterns by implementing them into aspect-oriented languages, (3) applying them to secure applications, (4) testing the hardened applications. Furthermore, we discuss, in this paper, our insights on the appropriateness, strengths and limitations of the aspect-oriented paradigm for security hardening.     

代码挖掘中的数据处理方法综述

程序代码中蕴含着软件开发人员最原始的开发理念、设计思想和编程习惯等信息,将数据挖掘用于分析处理这种编码痕迹以便提取出潜藏着的有用知识是一个有着广阔前景的新的研究领域.由于当前的挖掘程序尚无法直接处理这种文本结构的程序代码,因而研究者需要将软件代码抽象成一种更有效的中间表达形式来作为挖掘对象.这种中间表达形式不仅界定了挖掘所使用的算法,更重要的是,它决定了所能挖掘的知识内容.对代码挖掘的一般过程进行了介绍并着重分析了代码挖掘的各种中间表达形式的特点.在此基础上,指出了当前代码挖掘存在的问题及今后的发展方向.