Why Static Analysis is mandatory for IoT device software
1. WHY STATIC ANALYSIS IS
MANDATORY FOR IOT DEVICE
SOFTWARE
WWW.VALBRIO.COM
ALAN.HALL@VALBRIO.COM
2. THE EVOLVING
IOT LANDSCAPE
• >30 billion connected
‘things’
• $3 trillion of h/w spend
• Cost and impact of security
or reliability failures are
high.
• Developer dependency on
3rd party code, libraries or
binaries that can’t be
ignored
3. THE PERFECT
STORM FOR
DEVELOPERS
• Teams need to eliminate both
design and coding errors in their own
and 3rd party code
• Developers need to adopt code
analysis tools than can effectively
uncover defects that are hard to find
during testing such as concurrency
issues, hazardous information flows
and many types of security
vulnerabilities
4. STATIC ANALYSIS
A range of tools are available - Some focus just on coding
standard such as MISRA, others include the ability to find
reliability and security defects and are extendable
Mandated by many safety standards e.g. DO178-C, IEC
61508, ISO 26262
Data Races, Deadlock, sThread Starvation, Buffer Overruns,
Buffer Overflow, Leaks, Null Pointer Dereferences, Divides
By Zero, Uses After Free, Frees of Non-Heap Variables,
Uninitialized Variables, Returns of Pointers to Local, Returns
of Pointers to Free, Frees of Null Pointers, Unreachable
Code, Try-locks that Cannot Succeed, Misuse of Memory
Allocation, Misuse of Memory Copying, Misuse of Libraries,
Command Injection, Runtime Error, Double Free Bug
5. EXAMPLE: A NULL POINTER
DEREFERENCE IN MQQT IOT
CONNECTIVITY PROTOCOL -
CWE-476
Scope Impact
Availability
Technical Impact: DoS: Crash,
Exit, or Restart
NULL pointer dereferences usually
result in the failure of the process
unless exception handling (on some
platforms) is available and
implemented. Even when exception
handling is being used, it can still be
very difficult to return the software
to a safe state of operation.
Integrity
Confidentiality
Availability
Technical Impact: Execute
Unauthorized Code or Commands
In very rare circumstances and
environments, code execution is
possible.
7. THE COST IMPACT OF THE
TOOL
• Assume there are 100 defects in an application.
• Tool A is reasonably good at finding defects, with a recall of 60%.
Half of the results it reports are false positives.
• Tool B has a precision of 80%, meaning it is very good at
suppressing false positives. However, it finds only 30% of the real
defects.
• Tool C has a recall of 95%, so is extremely good at finding
defects, but its precision is only 10%.
8. HOW TO MITIGATE RISK
IN IOT DEVICES USING
STATIC ANALYSIS
1. Mandate the use of source
code analysis across development
projects and the supply chain.
2. Utilise binary analysis where
possible for 3rd-party and system
code analysis.
3. Incorporate software hardening
technologies– including software
monitors, binary transformations,
and more as they become
available.