Scribd
Upload
280 views

Cert Secure Coding Standards

Assignment #3 should be graded today and returned tomorrow (or Wednesday at the latest) the deadline for submissions of corrected assignment #1 is midnight, Thursday May 1st (11:59PM) the final will be on Tues. May 13 01:00pm-04:00pm room BH a53.

Uploaded by

Giap Le
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
280 views

Cert Secure Coding Standards

Assignment #3 should be graded today and returned tomorrow (or Wednesday at the latest) the deadline for submissions of corrected assignment #1 is midnight, Thursday May 1st (11:59PM) the final will be on Tues. May 13 01:00pm-04:00pm room BH a53.

Uploaded by

Giap Le
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Secure Coding Standards

Robert C. Seacord

2006 Carnegie Mellon University

Announcements
Assignment #3 Should be graded today and returned tomorrow (or Wednesday at the latest). Im presenting at NASA on Wednesday, so Chad will be giving the lecture on Protecting Sensitive Data Final will be Tues. May 13 01:00pm-04:00pm room BH A53 The deadline for submissions of corrected Assignment #1 is midnight, Thursday May 1st (11:59PM), same as assignment #4. If you submitted a corrected version your Assignment #1, please resubmit it to Chad, [email protected] who may have inadvertently deleted a few resubmissions. The University Course Assessment is open for Spring Semester courses through Monday, May 5 at 8 a.m. It is important that you provide feedback. Link to the Carnegie Mellon portal at https://my.cmu.edu/site/main/page.academics and click on University Course Assessment under Courses
2

Assignment #4
Students should turn in the following:
their checker function (eg any checker functions they write) any additional compliant & non-compliant code examples they choose to write. A document saying what weaknesses their function has (eg what cases does it NOT handle?)

They could simply add this info as comments to their function.


3

Assignment #4
Your code does not need to handle EVERY possible case, but it should handle at least one pair of compliant and noncompliant code examples in each rule. They could turn in their assignment by emailing me a ZIP file or tarball. Or, if they have no extra examples, they could send me a single C++ file of their code (eg POS.C if they implemented POS34-C). Do not implement a checker on EXP09-A because the "Working with Rose" slides contains a complete implementation and design.

CERT Secure Coding Standards


Identify coding practices that can be used to improve the security of software systems under development Coding practices are classified as either rules or recommendations
Rules need to be followed to claim compliance. Recommendations are guidelines or suggestions.

Development of Secure Coding Standards is a community effort

Scope
The secure coding standards proposed by CERT are based on documented standard language versions as defined by official or de facto standards organizations. Secure coding standards are under development for:
C programming language (ISO/IEC 9899:1999) C++ programming language (ISO/IEC 14882-2003 )

Applicable technical corrigenda and documented language extensions such as the ISO/IEC TR 24731 extensions to the C library are also included.

www.securecoding.cert.org

Rules
Coding practices are defined to be rules when all of the following conditions are met:
Violation of the coding practice is likely to result in a security flaw that may result in an exploitable vulnerability. There is a denumerable set of conditions for which violating the coding practice is necessary to ensure correct behavior. Conformance to the coding practice can be determined through automated analysis, formal methods, or manual inspection techniques.

Conformance to secure coding rules must be demonstrated to claim compliance with this standard unless an exceptional condition exists. If an exceptional condition is claimed, the exception must correspond to a predefined exceptional condition and the application of this exception must be documented in the source code.

Recommendations
Recommendations are guidelines or suggestions. Coding practices are defined to be recommendations when all of the following conditions are met:
Application of the coding practice is likely to improve system security. One or more of the requirements necessary for a coding practice to be considered a rule cannot be met.

Compliance with recommendations is not necessary to claim compliance with this standard. It is possible, however, to claim compliance with recommendations (especially in cases in which compliance can be verified). The set of recommendations that a particular development effort adopts depends on the security requirements of the final software product. Projects with high-security requirements can dedicate more resources to security and are thus likely to adopt a larger set of recommendations.

Community Development Process


Rules are solicited from the community Published as candidate rules and recommendations on the CERT Wiki at: www.securecoding.cert.org

Threaded discussions used for public vetting Candidate coding practices are moved into a secure coding standard when consensus is reached

10

Priorities and Levels


High severity, likely, inexpensive to repair flaws L1 P12-P27

L2 P6-P9

L3 P1-P4

Med severity, probable, med cost to repair flaws

Low severity, unlikely, expensive to repair flaws

11

FIO30-C. Exclude user input from format strings

12

CERT Mitigation Information


Vulnerability Note VU#649732 This vulnerability occurred as a result of failing to comply with rule FIO30-C of the CERT C Programming Language Secure Coding Standard.

US CERT Technical Alerts

CERT Secure Coding Standard

Examples of vulnerabilities resulting from the violation of this recommendation can be found on the CERT website .
13

Secure Coding Standard Applications


Establish secure coding practices within an organization
may be extended with organization-specific rules cannot replace or remove existing rules

Train software professionals Certify programmers Establish requirements for software analysis tools Certify software systems
14

Automatically Generated Code


If a code-generating tool is to be used, it is necessary to select an appropriate tool and undertake validation. Adherence to the requirements of secure coding standards may provide one criterion for assessing a tool. Secure coding guidance varies depending on how code is generated and maintained.

15

Automatically Generated Code


Tool-generated, tool-maintained
code that is specified and maintained in a higher level format, from which language-specific source code is generated. source code is generated from this higher level description and then provided as input to the language compiler. generated source code is never viewed or modified by the programmer.

Tool-generated, hand-maintained
code that is specified and maintained in a higher level format, from which language-specific source code is generated. It is expected or anticipated, however, that at some point in the development cycle the tool will cease to be used and the generated source code will be visually inspected and/or manually modified and maintained.

Hand-coded-code
has been manually written by a programmer using a text editor or interactive development environment in which the programmer maintains source code directly in the source code format provided to the compiler.

16

Hand-coded-code
Source code that is written and maintained by hand must have the following properties:
readability program comprehension

These requirements are not applicable for source code that is never directly handled by a programmer, although requirements for correct behavior still apply. Reading and comprehension requirements apply to code that is tool-generated and hand-maintained but does not apply to code that is tool-generated and tool-maintained. Tool-generated, tool-maintained code can impose consistent constraints that ensure the safety of some constructs that are risky in hand-generated code.
17

Questions about the CERT Secure Questions Coding Standards


18

You might also like