Static and dynamic code analysis in rootkits and software security

Static & Dynamic Code -- Rootkits

Static & Dynamic Code - Rootkits

Static and Dynamic Code

Static code is stationary or fixed (Rouse, 2005). It does not have the capacity to return information that is not preformatted. Static code is useful for webpages for information only. Programmers must declare the type of variable before compiling code. It is less flexible and less error prone. Static code has the advantages of finding weaknesses in code at the exact location, can be conducted by trained software assurance developers who understand the code, allows for quicker turnaround to fixes, is relatively fast if automated tools are used, automated code can scan the entire code base, automated tools can provide mitigation recommendations, reducing research, and permits weaknesses to be found earlier, reducing fixing costs (Jackson, 2009).

Dynamic code is capable of change. The user can make requests and information will be returned from a database. It is useful for accounting software or pages with databases of information or input. Dynamic programming language can create variables without specifying type and creates flexible programs as well as simplify prototyping. The advantages are identifying runtime environment vulnerabilities, automated tools provide flexibility on what to scan for, allows for analysis of applications with no access code, identifies vulnerabilities that may have been false negatives in static code, permits validation of static code findings, and can be conducted against any applications.

The usefulness of either code would depend on the purpose of it being used. If it is on web server software, it may require the variables to be identified for security reasons depending on the level of security needed. If the code is used only inside the company, it can be more flexible in the design, such as the accounting software. Legislation would also make a difference in which code and how it is written in order to follow the requirements of the legislation.

Rootkit Evolution

"Rootkits are programs (or toolsets) designed to infect the core processes of an operating system and prevent their own detection on the infected system" (Beegle, 2007). The first rootkits were written in the 1990s and were primarily aimed at Linux and related systems. They can install themselves in the kernel and gain administrative access. Over time, rootkits evolved into code that attacked other systems, such as Microsoft, and cause breaches in the operating system.

Rootkits can suppress directory and process listing related to its own files, evading detection, can be used to install other types of attack tools, such as keystroke loggers and backdoors, and can modify or replace files. They may reside in the memory only. They are installed by exploiting vulnerability, cracking a password, or are installed by the user. They are used more recently to spread viruses, worms and spyware. Rootkits are being used to promote Digital Rights Management by large corporations. Sony DRM is a copyright rootkit that is attached to CDs and destroys the security of the end user's computer. Vendor rootkits can be installed as part of business software.