Securely Using Software Assurance (SwA) Tools in the Software Development Environment

July, 2018
IDA document: P-9166
FFRDC: Systems and Analyses Center
Type: Documents
Division: Information Technology and Systems Division
E. Kenneth Hong Fong, Project Leader David A. Wheeler Daniel J. Reddy See more authors
Software assurance (SwA) may be defined as “the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.” Since modern systems are under constant attack, sufficient SwA is vital. In practice, a suite of SwA tools is necessary to help achieve this. However, there are potential challenges to securely using a suite of SwA tools. Software development environments (SDEs) are increasingly under focused attack, since subverting software during development can be easier than subverting it after it is deployed. One mechanism for subverting SDEs is to exploit vulnerabilities in its tools or to provide maliciously subverted tools to an SDE. The goal of this paper is to help ease the deployment of SwA tools, by countering potential objections to using them. To achieve this, we discuss how to protect against potential supply chain risks of SwA tools themselves, including how to protect the SDE in general against supply chain risks and how the mechanisms to counter SwA tool risks fit into the SDE. We show that it is possible to modify SDE practices to use a wide variety of SwA tools and still manage the inherent risks. Isolation mechanisms can be used, for example, to separate tools and restrict access for specific tasks. This approach can be automated and may reduce risk in a relatively uncomplicated manner. In particular, the “medium protection” approach discussed here should be easy to incorporate in existing SDEs. We recommend that organizations fully embrace the use of many SwA tools when developing software. Where appropriate, they should consider taking the additional steps discussed here if they determine that the risks of using SwA tools are otherwise too high. Our hope is that this information will lead to the widespread safe use of suites of SwA tools.