The FDA Forensics Lab, New Tools and Capabilities



Similar documents
Eliminating Vulnerabilities in Third-Party Code with Binary Analysis

Application Code Development Standards

Introduction to Static Analysis for Assurance

Best Practices for Verification, Validation, and Test in Model- Based Design

Static Analysis. Find the Bug! : Analysis of Software Artifacts. Jonathan Aldrich. disable interrupts. ERROR: returning with interrupts disabled

Secure Software Programming and Vulnerability Analysis

Oracle Solaris Studio Code Analyzer

Comprehensive Static Analysis Using Polyspace Products. A Solution to Today s Embedded Software Verification Challenges WHITE PAPER

Static Analysis Best Practices

Static Analysis of Dynamic Properties - Automatic Program Verification to Prove the Absence of Dynamic Runtime Errors

A Test Suite for Basic CWE Effectiveness. Paul E. Black.

Static Code Analysis Procedures in the Development Cycle

Satisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry

Effective Software Verification for Medical Devices

Test-Driven Development and Unit Testing with Parasoft Concerto

Abstract Interpretation-based Static Analysis Tools:

Manage Software Development in LabVIEW with Professional Tools

Xcode Project Management Guide. (Legacy)

Software security assessment based on static analysis

Coverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects

Software in safety critical systems

Detecting Critical Defects on the Developer s Desktop

Helping you avoid stack overflow crashes!

Real World Software Assurance Test Suite: STONESOUP

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center

Seven Practical Steps to Delivering More Secure Software. January 2011

Software Reliability Estimation Based on Static Error Detection

TOOL EVALUATION REPORT: FORTIFY

Minimizing code defects to improve software quality and lower development costs.

Data Flow Static Code Analysis Best Practices

Fully Automated Static Analysis of Fedora Packages

Sound Verification Techniques for Developing High-Integrity Medical Device Software

Source Code Security Analysis Tool Functional Specification Version 1.0

Applying Clang Static Analyzer to Linux Kernel

Open-source Versus Commercial Software: A Quantitative Comparison

Software security specification and verification

Application Security Testing How to find software vulnerabilities before you ship or procure code

Manual vs. Automated Vulnerability Assessment: ACaseStudy

Qualitative & Quantitative Evaluation of Static Code Analysis Tools

Troubleshooting PHP Issues with Zend Server Code Tracing

APPROACHES TO SOFTWARE TESTING PROGRAM VERIFICATION AND VALIDATION

Enterprise Information Management for the Food and Beverage Industry

Controlling Risk Through Software Code Governance

Table of Contents. The RCS MINI HOWTO

Lecture 11 Doubly Linked Lists & Array of Linked Lists. Doubly Linked Lists

Source Code Review Using Static Analysis Tools

Software testing. Objectives

Using Clang to Visualize Large Codebases. Nathan Hawes and Ben Barham Oracle Labs Australia October 2014

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE

How I Learned to Stop Fuzzing and Find More Bugs

Controlling Software Complexity. The Business Case for Static Source Code Analysis

Software Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland

Technical paper review. Program visualization and explanation for novice C programmers by Matthew Heinsen Egan and Chris McDonald.

Idea: Measuring the Effect of Code Complexity on Static Analysis Results

Multi-/Many-core Modeling at Freescale

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

Building Embedded Systems

An overview on the Static Code Analysis approach in Software Development

The programming language C. sws1 1

Introduction to Automated Testing

Best practices for developing DO-178 compliant software using Model-Based Design

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

The Evolution of Load Testing. Why Gomez 360 o Web Load Testing Is a

Overload Protection in a Dual-Corded Data Center Environment

How To Ensure That Your Computer System Is Safe

Linux Kernel. Security Report

The Security Development Lifecycle

CSCI E 98: Managed Environments for the Execution of Programs

Input/Output Subsystem in Singularity Operating System

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

Security Advisory Relating to Multiple OpenSSL Vulnerabilities on Various Polycom Products.

Manual vs. Automated Vulnerability Assessment: A Case Study

Static Analysis for Software Verification. Leon Moonen

Automatic vs. Manual Code Analysis

Click Start > Control Panel > System icon to open System Properties dialog box. Click Advanced > Environment Variables.

Verification and Validation of Software Components and Component Based Software Systems

Static vs. Dynamic Testing How Static Analysis and Run-Time Testing Can Work Together. Outline

Tutorial: Getting Started

Embedded Software Design: Best Practices for Static Analysis Tools

Software Verification and Validation

Code Estimation Tools Directions for a Services Engagement

Simulink Modeling Guidelines for High-Integrity Systems

Adobe Flash Player and Adobe AIR security

Image Acquisition Toolbox Adaptor Kit User's Guide

WIND RIVER DIAB COMPILER

Transcription:

U. S. Department of Health and Human Services The FDA Forensics Lab, New Tools and Capabilities Symposium on Static Code Analysis and Complex Medical Devices University of Minnesota July 23, 2009 Static Analysis

FDA Use of Static Analysis Tools Safety-critical systems Pre-market approval or clearance Post-market Recalls FDA Use of Static Analysis Tools Performing a post-market investigation, however, is not an easy task. This is particularly true in the case of software, where the execution is often user-driven and systemspecific. To further complicate matters, device software is usually event-driven, resulting in failures that are often unpredictable and may not be easily reproducible. In such cases, the only way to trace the software flaws has historically been to manually review the source code itself.

FDA Use of Static Analysis Tools Given the complexity of modern medicaldevice software, this is a very difficult and time-consuming task for a third-party investigator with no prior knowledge of the software. FDA Use of Static Analysis Tools We use static analysis for the postmarket review of commercial medical devices The aim of our analysis is: to determine all possible potential causes for failure in the software that can be identified with the SA tools, and to assess compliance to established software and quality control standards

FDA Use of Static Analysis Tools Assay Definition: Examination and determination as to characteristics (as weight, measure, or quality) analysis (as of an ore or drug) to determine the presence, absence, or quantity of one or more components ; also : a test used in this analysis software Filthy, putrid FDA Use of Static Analysis Tools Multiple SA tools CodeSonar (Grammatech) PolySpace (Mathworks) Coverity LDRA Soon Klocwork Parasoft Languages C/C++, C#, Java

Steps Obtain source code, include files, make files, etc. Description of the development environment. A mock environment is created based on the documentation accompanying the source code. The result of this is a makefile that could be used to emulate the original compilation environment. Embedded systems / I/O Steps In addition, several configuration parameters are changed from the default in order to improve the precision of the analysis. This includes: Increasing the number of paths being searched in each procedure Maximizing the path finding effort Setting the lower bound for the null pointer threshold to 1 to indicate that all address values (except NULL) could be dereferenced safely.

Steps Engineering Bill of Materials Script developed to recurse the source code and pull the dependencies out from the source code. Effort In one case there were 736 warnings of which 127 were found to be of concern. They either reflected poor quality control or had the potential to cause the device to malfunction. These warnings were submitted as part of a report to the compliance group to take further action as necessary. Reference: Using Static Analysis to Evaluate Software in Medical Devices http://www.parsintl.com/18521.pdf

Example warnings Warning class Warnings reported Actual problems Buffer overrun 6 Buffer underrun 9 Cast alters value 116 29 Ignored return value 14 Division by zero 1 Leak 25 Missing return statement 13 1 Null pointer dereference 62 28 Redundant condition 139 4 Shift amount exceeds bit width 2 Type overrun 3 Type underrun 2 Uninitialized variable 169 36 Unreachable code 34 20 Unused value 23 Useless assignment 118 9 Warnings reported by CodeSonar (Grammatech) Effort The total effort expended during the post-market analysis was 210 person hours. A majority of the effort was expended in configuring the build for the application and manual analysis of the results. While 210 person-hours is still a significant amount in terms of the effort required for the analysis, it is considerably less than what would have been required for a purely manual analysis. Also, the static analysis method provides for a much more reliable means for tracing errors in the software as opposed to the manual process.

Effort Big Bang Approach! Not recommended easier if implemented early and used as part of the development effort. Valuable Tool Static analysis is a valuable tool for postmarket investigation. By reasoning about potential run-time errors in the software, static analysis provides an independent, standardized, and repeatable inspection of a medical device s software, as part of a broader scientific analysis of the device.

Valuable Tool Further, providing the precise location of the failure and a corresponding execution trace enables the investigator to trace the root cause of failure to its origin in the source code. This ability not only helps reduce time and effort involved in post-market investigation, but also leads to a more accurate means for post-market analysis, as opposed to manual inspection. Most importantly, the use of static analysis allows the post-market investigator to evaluate the product, in this case the software, and not just the processes involved in developing it. Device Manufacturers Much as static analysis helps the FDA, it can be leveraged to even greater effect by medical-device manufacturers in the premarket. Hazard Analysis Reviewers potential additional information questions

Device Manufacturers The manufacturers can use static analysis to help find flaws early in the development cycle. Static analysis lends itself readily to verification and validation activities and can easily be incorporated as part of the manufacturers software-development processes. Doing so facilitates a deeper assessment of the code before releasing it to market and helps establish conformance to good programming practices. NIST SAMATE - Software Assurance Metrics And Tool Evaluation http://samate.nist.gov/index.php/main_page.h tml The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods.

Future SA Tools Model Checking x86 Executables with CodeSurfer/x86 and WPDS++ G. Balakrishnan 1, T. Reps 1,2, N. Kidd 1, A. Lal 1, J. Lim 1, D. Melski 2, R. Gruian 2, S. Yong 2, C.-H. Chen 2,and T. Teitelbaum 2,3 1 University of Wisconsin 2 GrammaTech, Inc. 3 Cornell University Future SA Tools Relies on the executable binary Why the executable? Reveals platform-specific choices made by compiler What you see is what you get Some source-level issues go away Better platform for finding security vulnerabilities Source-code tools: Lack of fidelity can allow vulnerabilities to escape detection Compiler validation especially for optimizing compilers

Future SA Tools Service-oriented Architecture Parasoft Check if interfaces coherent

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information