NEW White Paper
White Paper: Improving Software Security by Identifying and Securing Paths Linking Attack Surfaces to Attack Targets

Software Security Analysis (SSA) typically includes the identification of attack surfaces, entry points into the system that a malicious user can exploit by providing malformed data to trigger deviant behavior; and of attack targets, areas of the system that can cause adverse critical impact if exploited. The task of the analyst is to review these entry points and critical impact areas, and assess their correctness and robustness. The challenge is that a complex piece of code typically has a large number of potential attack surfaces and attack targets, often far more than can be thoroughly analyzed in the time available.

Fortunately, not all of the potential attack targets need to be investigated in detail, rather only those that are connected to attack surfaces.

Click here to download.

Software Security Analysis Application Note
Control Flow Security Analysis with McCabe IQ:
Applying a Path-based Method to Vulnerability Assessment of the Microsoft SDL Banned Function Calls

This application note discusses the example of performing vulnerability assessment in relation to the use of certain exploitable functions in the C standard library. As part of the recommendations for the implementation phase, the Microsoft SDL identifies a set of functions that, from real-world experience, have been linked to many security bugs because of buffer overruns and invalid pointer access. SDL practices suggest banning the use of these functions in favor of newer implementations that incorporate better bounds checking and are easier to secure.

Searching source code for banned function calls will readily identify the vulnerable points, but the exploitability of a given vulnerability is determined by whether it is reachable along an execution path from parts of the system accessible to an attacker. Exploitable vulnerabilities call for special attention to design remediation and adequate testing. This document describes activities that apply such practices using McCabe IQ.

Click here to download.

Complexity Analysis of Hostile Applets:
Using Path-Oriented Metric Analysis to Unravel Hostile Applet Algorithm Patterns, Signatures, Similarities, Authors, and Derivations

This paper uses known hostile Java applets as an example baseline that could be analyzed and profiled using path analysis to better understand the algorithms, identify their patterns, and use the analysis to identify signatures, similarities, authors, and derivations.

Click here to download.

Combining McCabe IQ with Fuzz Testing

Fuzz testing, or fuzzing, is a black-box testing technique that has recently leapt to prominence as a quick and cost effective method for uncovering security bugs. Fuzzing is able to cover the most exposed and critical attack surfaces in a system and identify common errors and potential vulnerabilities quickly and cost-effectively. Although fuzz testing tools can be remarkably effective, their ability to discover bugs on low probability program paths is inherently limited. Many current code coverage tools are inadequate and inefficient for vulnerability analysis. This paper details how leveraging static and dynamic path analysis will improve fuzz testing and software security.

Click here to download.

Cyclomatic Path Analysis and Security Vulnerabilities

Neither statement nor branch testing is adequate to detect security vulnerabilities and verify control flow integrity. Many exploits can hide in obscure paths and subtrees within a seemingly innocent appearing codebase.

This paper shows how Cyclomatic Path Analysis, on the other hand, detects more security vulnerabilities and errors in your critical applications.

Click here to download.

Path Insensitive Insecurity

This paper will show you how using software complexity metrics, measuring control flow integrity, and performing sneak path analysis help you make your applications more secure than previously thought possible.

Click here to download.

Measuring Software Complexity to Target Risky Modules in Autonomous Vehicle Systems

M. N. Clark, Bryan Salesky, Chris Urmson: Carnegie Mellon University
Dale Brenneman: McCabe Software Inc.
Corresponding Author: M.N.Clark (clarkmn@cmu.edu)

Tartan Racing developed 300 KLOC that represented over 14,000 modules and enabled our robot car "Boss" to win the DARPA Urban Challenge.

This paper describes how any complex software system can be analyzed in terms of its reliability, its degree of maintainability, and ease of integration using applied flow-graph theory. We discuss several code coverage measurements and why this is important in certifying critical software systems used in autonomous vehicles.

Our paper applies cyclomatic complexity analysis to the winning DARPA Urban Challenge vehicle's software. We show graphical primitives followed by views of modules using those constructs. In this way minimum testing paths are quickly computed and viewed. We argue for customizing evaluation thresholds to further filter the modules to a small subset of those most at risk. This "choosing our battles" approach works well when teams are immersed in a fast-paced development program.

Click here to download.

DO-178B and McCabe IQ

This document briefly describes DO-178B and how McCabe Software's McCabe IQ can be used to support the guidelines. It describes the focus of DO-178B, the Tool Qualification process in both general cases and as it relates to McCabe IQ, and the Certification Process.

This document also provides a summary of McCabe IQ functionality, including specific notes about how McCabe IQ can be used to support the guidelines. Several appendices compile relevant notes to provide more information to those who are interested in this process.

This document can assist readers with becoming more familiar with DO178B, and what may be involved in qualifying McCabe IQ for airborne systems projects.

Click here to download.

Baseline Code Analysis Using McCabe IQ

This document has been written to provide the answer to three basic questions:

• What is baseline code analysis and why is it important?
• What are the challenges of baseline code analysis?
• How can baseline code analysis with McCabe IQ be used to add value to Development and QA processes?

Click here to download.

Improved Testing Using McCabe IQ Coverage Analysis

This document has been written to...

• ..introduce coverage analysis as an increasingly important direction in the
  management of software testing
• ...describe how the unique coverage analysis techniques available in
  McCabe IQ can add value to your test processes. Specifically, this paper covers test assessment and improvement using McCabe IQ coverage analysis in the areas of functional testing, incremental testing, and unit level testing.

Click here to download.

McCabe Recommended Approach to Code Reviews

This paper was written to provide the answer to three basic questions:

• What is the function of code reviews in increasing productivity and code quality?
• What is the McCabe approach to code reviews?
• How can McCabe IQ be used to set up an automated code review process?

Click here to download.

Metrics & Thresholds in McCabe IQ

A list of all metrics collected in McCabe IQ, including a description and the standard threshold values used.

Click here to download.