Uncovering Weaknesses in Code With Cyclomatic Path Analysis
By: Thomas J. McCabe Sr,Thomas J. McCabe Jr,Lance Fiondella
Abstract. Software flaws represent a serious threat to system integrity. Today, software plays an increasingly important role in the infrastructure of government agencies. These entities outsource and use open-source software within their critical infrastructure; however, the origins and security characteristics of this code are rarely certified. We compare the relative effectiveness of the statement, branch, and cyclomatic code coverage software testing methodologies for detecting flaws in software.
Foreign influence on DoD software is a major security concern . A programmer can insert a flaw into code that looks like an honest mistake, but when triggered leads to unexpected behavior in the system on which the software resides. The consequences could be anything from system unavailability to outright hijacking of the system and all of its functionality. Given the potentially catastrophic consequences of allowing exploitable software flaws to reside in operational systems, software testing is now being acknowledged as a critical step to mitigate software supply chain risks .
Protecting against the “inside job” is not the only concern for those wishing to protect software systems from attack. Foreign adversaries persistently attempt to break into the networks of defense facilities and their contractors. A successful intruder would steal anything that could provide economic or strategic advantage. The speculated compromise of the Joint Strike Fighter [3] is a high profile example, with tens of thousands of hours of programming feared lost. Not only can code be copied, it can be studied intensively for weaknesses. By interfacing operational systems running the software and injecting attacks to trigger exploitable weak PCnesses, the range of consequences mentioned above could be realized. Any unprotected statements in code that could lead to failure become fair game. The only way to ensure compromised software can withstand external attacks is to subject it to rigorous testing and identify weaknesses for removal before they can ever be targeted for attack. A software testing methodology that can eliminate the majority of flaws, both intentional and unintentional, is essential for producing and preserving software dependability.
PCnesses, the range of consequences mentioned above could be realized. Any unprotected statements in code that could lead to failure become fair game. The only way to ensure compromised software can withstand external attacks is to subject it to rigorous testing and identify weaknesses for removal before they can ever be targeted for attack. A software testing methodology that can eliminate the majority of flaws, both intentional and unintentional, is essential for producing and preserving software dependability.
Detecting Security Flaws With Cyclomatic Complexity-
based Testing
A critical comparison of software testing methodologies is
essential to illustrate how competing approaches can fail to
identify particular weaknesses. The following three examples
consider this additional aspect and demonstrate that cyclomatic
complexity-based testing can successfully detect several common
weaknesses.
Divide By Zero
CWE-369: Dividing by zero is a commonly occurring problem.
In mathematics, dividing a number by zero is not permitted
because the result is defined to be infinity. This poses a challenge
for computers, which cannot work with such a large number.
Attempting to divide by zero on a computer leads to a condition
known as overflow. Though one may think this exception should
be simple to eliminate, overflows happen quite frequently because
many programming languages set a variable to zero before it
is ever assigned a value. All too often, programmers neglect to
initialize a variable before using it as the denominator
of a statement that performs division. This frequent
occurrence makes the divide by zero weakness a widespread
problem. Dividing by zero can lead to a variety of
unpredictable behavior in software. Potential outcomes
include unintended branching to error handling routines,
software crashes, and similar undesirable behaviors. A
programmer who intentionally or unwittingly introduces a
divide by zero flaw can induce system crashes, rendering
a system unavailable to perform its appointed tasks
Full article...
Other Resource
... to read more articles, visit http://sqa.fyicenter.com/art/
|