Learn what formal methods are and how they make developing bug-free, impenetrable source code a possibility in this webinar by TrustInSoft, the leading provider of formal methods-based code analysis tools.
2. 2
Youwillget the slidesvia email
Youwillget the recording in the coming days
Please ask questionsin the Q&A section
Vic Sharma
US executive
JakubZwolakowski
R&D engineer
Welcome !
3. 3
In 2015 a team of hackers attemptedto take controlof an unmannedmilitary
helicopter knownas LittleBird.
After six weeks, they failedto crack LittleBird’s defenses.
The helicopter’s software was
Securedby DARPA using
formal methods
4. 4
Formal methods:
the most exhaustive approach to code analysis
Source code is formulated asa sequence of logical
constructions and mathematicaltheorems
(abstract interpretation, model checking, symbolic
execution…)
C/C++ source code
The mathematical/logical model and
specifications are compared
• The program works as specified for all
possibles input values and never crashes
• There is a mathematicalassurancethere
are no undefined behaviors left
The program has undefined behaviors
and needs to be corrected
Mathematical model
5. 5
<
<<<<<<
Built on 30 years of research and development at French
Atomic Energy Commission (CEA) and initiallyused to secure
code in airplanes
Based on30 years of R&D
Recognized bythe NIST as the first tool to meet the SATE V
Ockham criteria of exhaustivityand soundness and able to
guarantee the absence of CWE key classesin ARM Mbed TLS
Recognized by NIST
Adopted by worldwide leading companies in aeronautics, defense,
automotive, IoT, telecom & electronics
Market proven
TrustInSoft has been distinguished with awards from numerous
reference bodies such asthe LinuxFoundation and the RSA
Conference
Award winning
About Trust In Soft
7. 7
Hybrid code Analyzer combining advanced static
and dynamic analysis techniques together with
formal methods to mathematically guarantee C/C++
code quality & maximize code security and safety
TrustInSoft Analyzer
8. 8
Resolving the Achilles’
heel of C and C++:
Detecting all Undefined
Behaviors
• Memory access
• Buffer overflow
• Access out of bounds
• Invalid pointers usage
• Non-initialized variables
• etc…
• Arithmetic operations
• Division by zero
• Integer signed overflows
• Overflow in float-to-int conversion
• NaN in float computation
• etc…
• Race conditions
Unpredictable outputs or program execution
Code execution by an attacker & program intrusion
Software misbehavior or crash
Undefined behaviors are complex to detect and can
lead to disastrous consequences:
9. 9
The best-of benefits of application security testing
TrustInSoftAnalyzer
Traditionalsyntacticanalyzers (Coverity, Checkmarx,
Klocwork, Parasoft, Veracode….)
Analysis type Semantic Syntactic
What it does
Applies formal methods to look for issues that cause undefined behaviors and checks
execution for all possible input values
Looks for suspicious codeconstructs / coding rules compliance
Sound Yes No
False positives / False negatives Some/No Many / Yes
Output All undefined behaviors detected / confidence on codequality List of potential bugs
10. 10
Incremental journey to maximum safety & security
Replay existing tests Generalize inputs & static analysis Check functional implementation
• Instant productivity: find more bugs quicker
• Mathematical guarantee that Undefined
Behaviors resulting from discrete tested
values are all detected
• 0 false positives & 0 false negatives
• Mathematical guarantee that all Undefined
Behaviours are detected
• 0 false negatives
• Achieve up to 100% coverage on critical tests
• Ensure implemented SW architecture and
functions behave in line with spec
• Full mathematical guarantee for safety and
security
1. Interpreter 2. Analyzer 3. Functional proof
11. 11
+
Formal methods
(abstractinterpretation,symbolicexecution, hoare’slogic, model checking, weakestprecondition…)
Thebenefitsof:
• Reasons onapplication source code
• Explores all possible execution paths
Static AST Dynamic AST Interactive AST
• Exhaustive input value coverage
• Memory error & undefined behavior
detection
• ACSL functional specification
• Checks/Proves codebehavior matches
specification
The best-of benefits of application security testing
12. 12
Empowering SW developers & testers to…
Ensure absence of crashes and
deterministic behavior. Detect 0-days
before they are known. Platform
specific analysis without compiling.
Exhaustively find and fix all Undefined
Behaviors
incl. the most hidden ones
Determines and propagates the
superset of all possible code values in
execution paths.
Boost coverage. Perform quickly the
equivalent of billions of tests with 1
generalized inputs test
Functional proof & absence of
Undefined Behaviors (e.g. buffer
overflow).
Get mathematical guarantees on
software security/safety
Code
safety
&
security
13. 13
Our customers’ primary drivers
Reduce SW test coverage
costs
Bugs identification &
remediation optimization
Bug correction prioritization
(no false positive)
Perform tests as if on target
IMPROVE OPERATIONAL
EFFICIENCY
Position safety and/or security
as a feature to gain market
share
Get certification level /
smooth customer validation
as a price premium
Secure Time to Market
sensitive opportunities
GENERATE REVENUE
OPPORTUNITIES
CONTROL
FINANCIAL RISK
Reduce field support costs
post-production
Avoid brand/image valuation
impact
Beyond Software Security and Safety
14. 14
Improve Operational Efficiency
Software coverage tests costs reduction
Context
• Industry: Aeronautics, Tier one Aeronautics SW provider
• Product: In plane Gateway Communication Software Stack
• Objective: SW Security enhancement
Actions done
• Generalized exhaustive software tests
• All bugs at stage 1 detected & generalizing the inputs at stage 2
• Continuously replay the tests once bugs were fixed in successive SW commit
Customer achievements
• Verification time reduced from 4 months to 1 month
• SW tests coverage is a million times superior to previous test base
Cost impact
• SW verification effort divided by 4
15. 15
15
Improve Operational Efficiency
Bugs detection & remediation optimization
Context
• Industry: Consumer Electronics
• Product: Consumer Gateway software stack
• Objective: Evaluate TrustInSoft benefits to reduce code verification efforts/Bugs
finding
Actions done
• Replay existing tests in TrustInSoft Analyzer at stage 1
• Generalize test inputs at stage 2
Customer achievements
• Before using TIS Analyzer: 2 developers during 1 week to identify the bug (10 man-
days)
• With TrustInSoft Analyzer: bug found & fixed in 2 hours
Cost impact
• Divide by 40 the effort for bug detection/correction
16. 16
Generate Revenue Opportunities
Market share driver
Context
• Industry: Rail, Tier 1 Rail software provider
• Product: Automatic embedded software >300k LOC managing
sensors inputs
• Objective: Guarantee Mathematically the safety of the critical functions
Actions done
• Exhaustively generalize the inputs at stage 2
Customer achievements
• No undefined behaviors were left in the source code for all possible inputs
• Ensured software deterministic behavior & no crashes whatever the inputs
• Achieve 100% input coverage on all/critical functions
Cost impact
• Increase market share – Differentiation through the mathematical guarantee to meet
the customer extremely high level of safety requirements
17. 17
Control Financial Risk
Field Support costs reduction
Context
• Industry: Smart meter, Tier one provider
• SW stack measuring customer energy consumption
Actions done
• Replay existing tests in TIS Analyzer to detect and remove Undefined Behaviours
• Write more tests to increase % of functions covered
• Generalize the inputs to increase % of states/values covered
Customer achievements
• Detected & fixed critical bugs
• Coverage increase from 6% to 45%
Cost impact
• Reduce field support costs
• Increase security level
18. 18
How is it deployed
TrustInSoft Analyzer can be installed on a dedicated server,
either on-premises or in SaaS
Can be accessed through a
web browser or via
command line interface
Can be integrated to existing
DevOps and Continuous
Integration process via
command line
19. 19
25638(264-1)
This is the number of tests that we are going to perform in the following
demo
601226901190101306307114457
156718501627879601505979836
324242994413590530419161514
337036842790287400677240995
840