$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket?
Book Your Assignment at The Lowest Price
Now!
Students Who Viewed This Also Studied
CO4510 Advanced Topics in IT Security
Question:
In this project we use PREfast, a static analysis tool for C(++) developed at Microsoft, and the associated annotation language SAL, on some toy C code.
- What static analysis tools can do (using automated theorem proving technology behind the scenes);
- The amount of hassle, in the terms of annotations, a language like C(++) needs to make code amenable to such static analysis.
Goals of the project are
- to appreciate some of the many things that can go wrong in C(++) code;
- to understand the capabilities and the limitations of an (almost) state-of-the-art static analysis tool;
- to understand the trade-offs in the design and in the use of such a tool.
Handing in the assignment
The project is due Sunday Dec 5. You can do the project individually, as a pair or as a group of three students. If you do it as a group, please say that you did and mention all names as comments in the code. Also, write the group names in the comments of the submission.
Part I – Using the tool
If you’ve followed the installation instructions for PREfast above, then you should already have a copy of the exercise file prefast_exercise.cpp. (you can find it at the end of this file)
Get rid of the warnings in prefast_exercise.cpp that PREfast gives, by fixing the code. Mark places where you changed the code with a comment to keep track of the changes you made.
Keep the changes to the code minimal; the code is completely silly, no need to completely rewrite it.
There is no need to annotate the size of the argument of execute, as its size does not really matter. You also do not need to annotate validate. Fix any new warnings this produces.
Similarly, annotate the buffers returned as results by my_alloc and do_read to specify their size, using the annotations Fix any new warnings this produces.
As last step, we will add tainting annotations to trace any input passing from input to execute without passing through the validation operation, and add calls to the validation routine validate in the right places to fix any problems with missing input validation. The steps for this are explained in more detail below.
Annotate the first parameter of input with [SA_Post(Tainted=SA_Yes)], which specifies that this parameter will be tainted as postcondition, and
Annotate the parameter of execute with [SA_Pre(Tainted=SA_No)] to specify the precondition that this parameter should not be tainted.
Now annotate all the procedures that may handle or produce tainted data using pre- and/or postconditions as above. These procedures are:
Add calls to the validation routine validate in the right places to make such warnings disappear.
As you may notice, PREfast’s tainting analysis is not reliable unless you annotate all procedures that may handle tainted data correctly.
Except for the functions execute and validate, for all other functions all parameters and return values that have a pointer type should have a size annotation specifing buffer lengths;
All parameters or return values of functions that might be tainted at some stage should have tainting annotations.
Part II – Reflection
PREfast tries to check annotations — and hence the properties they express — at compile time. An alternative approach would be to check this at runtime. Two different aspects for which this could be done are 1) bounds-checking and 2) tainting & missing input validation. This would require some additional information to be tracked at runtime: for bounds-checking this could involve something like fat pointers to check access out of bounds at runtime; for tainting data would have to be marked and traced as being tainted. Name two advantages and two disadvantages of doing these checks at runtime instead of doing them at compile-time. (I can think of two each. Hint: also think of generic advantages and disadvantages when it comes to runtime vs compiletime checking. Maybe you can think of more?)
Sometimes PREfast only warns about problems after you add annotations. For example, the tool does not complain about zero() until after you add an annotation about the size of buf. An alternative tool design would be to produce a warning about zero() if there are no annotations for it. (The warning would then not so much be that there is a potential buffer overflow problem, but rather that the tool does not have enough information to determine whether there is a buffer overflow or not.) Can you give a plausible explanation why PREfast haas been designed so that it does not complain about such unannotated methods?
CO4510 Advanced Topics in IT Security
Answer in Detail
Solved by qualified expert
Get Access to This Answer
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Hac habitasse platea dictumst vestibulum rhoncus est pellentesque. Amet dictum sit amet justo donec enim diam vulputate ut. Neque convallis a cras semper auctor neque vitae. Elit at imperdiet dui accumsan. Nisl condimentum id venenatis a condimentum vitae sapien pellentesque. Imperdiet massa tincidunt nunc pulvinar sapien et ligula. Malesuada fames ac turpis egestas maecenas pharetra convallis posuere. Et ultrices neque ornare aenean euismod. Suscipit tellus mauris a diam maecenas sed enim. Potenti nullam ac tortor vitae purus faucibus ornare. Morbi tristique senectus et netus et malesuada. Morbi tristique senectus et netus et malesuada. Tellus pellentesque eu tincidunt tortor aliquam. Sit amet purus gravida quis blandit. Nec feugiat in fermentum posuere urna. Vel orci porta non pulvinar neque laoreet suspendisse interdum. Ultricies tristique nulla aliquet enim tortor at auctor urna. Orci sagittis eu volutpat odio facilisis mauris sit amet.
Tellus molestie nunc non blandit massa enim nec dui. Tellus molestie nunc non blandit massa enim nec dui. Ac tortor vitae purus faucibus ornare suspendisse sed nisi. Pharetra et ultrices neque ornare aenean euismod. Pretium viverra suspendisse potenti nullam ac tortor vitae. Morbi quis commodo odio aenean sed. At consectetur lorem donec massa sapien faucibus et. Nisi quis eleifend quam adipiscing vitae proin sagittis nisl rhoncus. Duis at tellus at urna condimentum mattis pellentesque. Vivamus at augue eget arcu dictum varius duis at. Justo donec enim diam vulputate ut. Blandit libero volutpat sed cras ornare arcu. Ac felis donec et odio pellentesque diam volutpat commodo. Convallis a cras semper auctor neque. Tempus iaculis urna id volutpat lacus. Tortor consequat id porta nibh.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Hac habitasse platea dictumst vestibulum rhoncus est pellentesque. Amet dictum sit amet justo donec enim diam vulputate ut. Neque convallis a cras semper auctor neque vitae. Elit at imperdiet dui accumsan. Nisl condimentum id venenatis a condimentum vitae sapien pellentesque. Imperdiet massa tincidunt nunc pulvinar sapien et ligula. Malesuada fames ac turpis egestas maecenas pharetra convallis posuere. Et ultrices neque ornare aenean euismod. Suscipit tellus mauris a diam maecenas sed enim. Potenti nullam ac tortor vitae purus faucibus ornare. Morbi tristique senectus et netus et malesuada. Morbi tristique senectus et netus et malesuada. Tellus pellentesque eu tincidunt tortor aliquam. Sit amet purus gravida quis blandit. Nec feugiat in fermentum posuere urna. Vel orci porta non pulvinar neque laoreet suspendisse interdum. Ultricies tristique nulla aliquet enim tortor at auctor urna. Orci sagittis eu volutpat odio facilisis mauris sit amet.
Tellus molestie nunc non blandit massa enim nec dui. Tellus molestie nunc non blandit massa enim nec dui. Ac tortor vitae purus faucibus ornare suspendisse sed nisi. Pharetra et ultrices neque ornare aenean euismod. Pretium viverra suspendisse potenti nullam ac tortor vitae. Morbi quis commodo odio aenean sed. At consectetur lorem donec massa sapien faucibus et. Nisi quis eleifend quam adipiscing vitae proin sagittis nisl rhoncus. Duis at tellus at urna condimentum mattis pellentesque. Vivamus at augue eget arcu dictum varius duis at. Justo donec enim diam vulputate ut. Blandit libero volutpat sed cras ornare arcu. Ac felis donec et odio pellentesque diam volutpat commodo. Convallis a cras semper auctor neque. Tempus iaculis urna id volutpat lacus. Tortor consequat id porta nibh.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Hac habitasse platea dictumst vestibulum rhoncus est pellentesque. Amet dictum sit amet justo donec enim diam vulputate ut. Neque convallis a cras semper auctor neque vitae. Elit at imperdiet dui accumsan. Nisl condimentum id venenatis a condimentum vitae sapien pellentesque. Imperdiet massa tincidunt nunc pulvinar sapien et ligula. Malesuada fames ac turpis egestas maecenas pharetra convallis posuere. Et ultrices neque ornare aenean euismod. Suscipit tellus mauris a diam maecenas sed enim. Potenti nullam ac tortor vitae purus faucibus ornare. Morbi tristique senectus et netus et malesuada. Morbi tristique senectus et netus et malesuada. Tellus pellentesque eu tincidunt tortor aliquam. Sit amet purus gravida quis blandit. Nec feugiat in fermentum posuere urna. Vel orci porta non pulvinar neque laoreet suspendisse interdum. Ultricies tristique nulla aliquet enim tortor at auctor urna. Orci sagittis eu volutpat odio facilisis mauris sit amet.
Tellus molestie nunc non blandit massa enim nec dui. Tellus molestie nunc non blandit massa enim nec dui. Ac tortor vitae purus faucibus ornare suspendisse sed nisi. Pharetra et ultrices neque ornare aenean euismod. Pretium viverra suspendisse potenti nullam ac tortor vitae. Morbi quis commodo odio aenean sed. At consectetur lorem donec massa sapien faucibus et. Nisi quis eleifend quam adipiscing vitae proin sagittis nisl rhoncus. Duis at tellus at urna condimentum mattis pellentesque. Vivamus at augue eget arcu dictum varius duis at. Justo donec enim diam vulputate ut. Blandit libero volutpat sed cras ornare arcu. Ac felis donec et odio pellentesque diam volutpat commodo. Convallis a cras semper auctor neque. Tempus iaculis urna id volutpat lacus. Tortor consequat id porta nibh.
22 More Pages to Come in This Document. Get access to the complete answer.
MyAssignmenthelp.com is the only platform in Australia that offers dissertation writing help at the cheapest rates. Part of our services also includes the provision of dissertation methodology help. Students who search the internet with phrases such as
More CO4510 CO4510 Advanced Topics in IT Security: Questions & Answers
csci-3136 Principles of Programming Languages
Consider the following L-attributed grammar, based on the grammar specififiedin Figure 1. Describe and justify what it is computing. Be sure to explain the purpose ofthe attributes, and what each of the semantic rules is doing. Your description must includea succinct summary of the purpose of this a …
View Answer
COMP123 Computer Programming
1 – Write a method that takes a double value representing the temperature in Celsius and returns the temperature in Fahrenheit. F = (9 / 5 * C) + 32
2 – Write a second method that takes a double value representing the temperature in Kelvin and returns the temperature in Celsius. K = C + 273.15
3 – …
View Answer
CBCP2202 Computer Programming II
REQUIREMENTYou are required to develop a program for Wise Health Club Membership to register new members and calculate their membership fees. The program requires user to input name and age of the member, and then determine the members’ category (Adult or Senior Citizen) based on their a …
View Answer
Scheduling
This asgn is kernel in freebsd environment and we need to modify the scheduler to’ lottery schedulerThe primary goal for this project is to modify the FreeBSD scheduler to use lottery scheduling rather than the current scheduler.This project will also teach you how to experiment with operating syste …
View Answer
Content Removal Request
If you are the original writer of this content and no longer wish to have your work published on Myassignmenthelp.com then please raise the
content removal request.
Choose Our Best Expert to Help You
Kaden Booker
Doctor of Philosophy in Civil & Environmental Engineering (Ph.D.)
650 – Completed Orders
Hire Me
Monica Shannon
I have received my Master’s in Psychology from James Cook University in Singapore.
800 – Completed Orders
Hire Me
Still in Two Minds? The Proof is in Numbers!
33845 Genuine Reviews With a Rating of 4.9/5.
Psychology
Home Work: 2 Pages, Deadline:
3 days
Very happy with the amazing services and completed assignment given. Thank you for the amazing job. Will definitely work with you guys again.
User ID: 2***91 Kuala Lumpur, Malaysia
Healthcare
Assignment: 5 Pages, Deadline:
4 days
Excellent writing for a Human Nutrition Class. The paper was well written, had excellent verbiage and covered all required information. Thank you!
User ID: 6***73 Laguna Niguel, United States
Management
Assignment: 12 Pages, Deadline:
10 days
I got a 100 on this assignment with the help of this expert. Thank you for helping me will use again.
User ID: 5***56 San Francisco, United States
Civil Engineering
Home Work: 13.6 Pages, Deadline:
6 days
best answers in civil engineering. really professional work and helpful team witch answer directly.
User ID: 8***15 Aberdeen, Great Britain
Statistics
Programming: 2 Pages, Deadline:
14 hours
Delivered on time and the work was top notch. It is my first time using my assignment help and it really pulled through during a busy week. Thank you!
User ID: 8***84 United States
Management
Assignment: 20 Pages, Deadline:
10 days
it was good and better help. the assignment was done formal manner. The team did it quickly.
User ID: 8***17 Derby, Great Britain
It Write Up
Assignment: 8.4 Pages, Deadline:
51 minutes
Very good effort in putting together a game design is evident. Demonstrated very good knowledge of academic misconduct and the importance of academic …
User ID: 7***72 New Malden, Great Britain
It Write Up
Assignment: 8.4 Pages, Deadline:
1 day
Excellent effort in putting together a game design is evident. Demonstrated an excellent knowledge of academic misconduct and the importance of academ …
User ID: 7***72 New Malden, Great Britain
Mechanical Engineering
Home Work: 1 Page, Deadline:
3 days
I’m extremely grateful for your help and will let you know what grade I receive.
User ID: 6***37 Ovens, Ireland
Assignment
Thesis: 2 Pages, Deadline:
1 day
Thank you for the great effort, thank you very much, excellent work and deserves 5 starsI would like to thank the expert for his cooperation and inter …
User ID: 9***3 Kuwait
Psychology
Home Work: 2 Pages, Deadline:
3 days
Very happy with the amazing services and completed assignment given. Thank you for the amazing job. Will definitely work with you guys again.
User ID: 2***91 Kuala Lumpur, Malaysia
Healthcare
Assignment: 5 Pages, Deadline:
4 days
Excellent writing for a Human Nutrition Class. The paper was well written, had excellent verbiage and covered all required information. Thank you!
User ID: 6***73 Laguna Niguel, United States
Management
Assignment: 12 Pages, Deadline:
10 days
I got a 100 on this assignment with the help of this expert. Thank you for helping me will use again.
User ID: 5***56 San Francisco, United States
Civil Engineering
Home Work: 13.6 Pages, Deadline:
6 days
best answers in civil engineering. really professional work and helpful team witch answer directly.
User ID: 8***15 Aberdeen, Great Britain
Statistics
Programming: 2 Pages, Deadline:
14 hours
Delivered on time and the work was top notch. It is my first time using my assignment help and it really pulled through during a busy week. Thank you!
User ID: 8***84 United States
Management
Assignment: 20 Pages, Deadline:
10 days
it was good and better help. the assignment was done formal manner. The team did it quickly.
User ID: 8***17 Derby, Great Britain
It Write Up
Assignment: 8.4 Pages, Deadline:
51 minutes
Very good effort in putting together a game design is evident. Demonstrated very good knowledge of academic misconduct and the importance of academic …
User ID: 7***72 New Malden, Great Britain
It Write Up
Assignment: 8.4 Pages, Deadline:
1 day
Excellent effort in putting together a game design is evident. Demonstrated an excellent knowledge of academic misconduct and the importance of academ …
User ID: 7***72 New Malden, Great Britain
Mechanical Engineering
Home Work: 1 Page, Deadline:
3 days
I’m extremely grateful for your help and will let you know what grade I receive.
User ID: 6***37 Ovens, Ireland
Assignment
Thesis: 2 Pages, Deadline:
1 day
Thank you for the great effort, thank you very much, excellent work and deserves 5 starsI would like to thank the expert for his cooperation and inter …
User ID: 9***3 Kuwait