Hello All,
I am doing research in the software visualisation field, and would
like to know if a project idea I have would be useful to the security
community. As well as that, I am looking for any
features/techniques/idea's that you think should be taken into
account, or any unforseen difficulties etc. Or if in fact, this
project would not benefit programmers at all in their search for
security bugs ?
Since this post is on the long side, you can skip PART 1 if you are
already familiar with the software visualisation field. PART 2 is
related work and describes some tools that demonstrate useful
techniques. PART 3 describes my proposal, this can be read on its own
if you do not wish to read the other sections :)
PART 1 :: INTRODUCTION
----------------------
Incase anyone is unfamiliar with the software visualisation field,
a definition of program visualization can be defined as follows:
"the program is specified in the conventional, textual manner, and the
graphics is used to illustrate some aspects of the program or its
run-time execution." [Myers 1986].
The goal of all visualisations can be identified as:
"transforming information into a meaningful, useful visual
representation from which a human observer can gain understanding"
[Stasko, Domingue, Brown, Price 1998]
If you would like more information on the above references or more
detailed information about the software visualisation field, please
email me and I will be happy to send on the information.
PART 2 :: RELATED WORK
----------------------
In 1991, [Agrawal et al 1991] discussed a technique called program
"slicing". Given a variable and a program location, it is possible to
determine the statements that affect the value of that variable for
the test case. Restoration of the program state is also supported by
backtracing.
The ability to debug backwards and forwards is demonstrated in the
tool: ZStep95 [ZStep 95a] and [ZStep 95b],
http://web.media.mit.edu/~lieber/Lieberary/ZStep/ZStep.html . This was
a prototype tool for debugging LISP. It has VCR-like controls that let
the programmer go backwards/forwards during debugging, the results of
which can be seen on screen. There is a QuickTime demonstration here:
http://web.media.mit.edu/~lieber/Lieberary/ZStep/ZStep.mov .
PART 3 :: PROPOSAL
------------------
The area's of computer security and visualisation are being used
successfully together, to make large log files more readable and
visible on screen, without having to grep them manually etc. However,
there seems to be little if any work done in helping programmers debug
a program for security bugs using software visualisation. If anybody
knows of such debuggers, I am very keen to find out about them, so
please let me know.
I propose to implement a dynamic graphical debugger, to aid
programmers in the search for security bugs. It would employ the
techniques described in PART 2, as its core. For example, the ability
to step backwards in the program and see the various variable values
previous to now, the ability to choose a variable and see all the
statements that affect its value, the ability to identify user
controlled variables (e.g. $HOME etc.) and the ability to
automatically run the program with different combinations of input for
these user controlled variables e.g. a very long $HOME or a $HOME that
contains control characters etc.
Also, a representation of stack sizes should be available to the
programmer on-screen. These can be seen to grow and shrink as you step
through your program.
What I would like to know is, would such a tool be useful in the
search for security bugs ? What other features would you see as
essential or nice to have ? Also what IDE would you see this
benefitting, KDevelop (C++), Eclipse (Java), NetBeans (Java), etc etc
? Obviously, Eclipse and NetBeans may be limited as they are for
Java programming and security bugs are more rampant in C++, C etc.
Any comments or criticisms you may have are very welcome.
Thank-you very much for your time,
SP.
REFERENCES
----------
[Agrawal et al 1991] Agrawal, H., DeMillo, R.A., Spafford, E.H., "An
Execution-Backtracing Approach to Debugging", IEEE Software, Vol. 8,
No. 3, pp. 21-26, May 1991.
[ZStep 95a] Lieberman, H., Fry, C., "Bridging the Gap Between Code and
Behavior in Programming", ACM Conference on Computers and Human
Interface (CHI-95), Denver, April 1995.
[ZStep 95b] Lieberman, H., Fry, C., "ZStep 95, A Reversible, Animated
Source Code Stepper", in Software Visualization: Programming as a
Multimedia Experience, John Stasko, John Domingue, Blaine Price, Marc
Brown, eds., MIT Press, 1997.
--
_______________________________________________
Get your free email from http://www.campus.ie
Powered by Outblaze
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 14:12:40 PST