Full Text

"C is quirky, flawed, and an enormous success. "

Dennis Ritchie

http://cm.bell-labs.com/cm/cs/who/dmr/index.html

In today's computing world, security takes an increasingly predominant role. The industry is facing challenges in public confidence at the discovery of vulnerabilities and customers are expecting security to be delivered out of the box, even on programs that were not designed with security in mind. Software maintainers face the challenge to improve the security of their programs and are often under-equipped to do so. Some are taking advantage of open source software (OSS) as the availability of the source code facilitates their validation and answers their need for trustworthy programs. OSS are often implemented using the C programming language (26% according to SourceForge.net). This makes it necessary to investigate the security issues related to C.

This paper summarizes key concepts related to security hardening, and demonstrates its applicability on the C language. We also propose a progressive approach to integrate security services and protection measures into existing software to ultimately make it more resistant against cyber-attacks. Given our ever increasing dependability on information technologies, it becomes critically important to provide tools to maintainers that will facilitate and accelerate the security hardening process, increasing the effectiveness of the effort and lowering the resources required to do so.

Software Security Hardening

Security hardening of software is an informal term, but the technical community considers it to be an iterative process to progressively implement security services and protection measures.

The process starts with the basic software that has being designed and implemented to offer some functionality as typically defined by use cases. As a first step toward better protection of data, security services are introduced to implement features associated with authentication, access control, confidentiality, and integrity. These services are typically described via security use cases. However, this is not sufficient. It is often necessary to define misuse cases to protect the software against users' mistakes and other errors that could happen in any system operated by humans in a complex execution environment. Moreover, it is often required to test software against abuse cases that model deliberate attacks that could be encountered in a hostile environment. Depending on the criticality of the system being designed, it may be necessary to harden the key components to...