Title :
Integrated Security Verification and Validation: Case Study
Author :
Ghindici, Dorina ; Grimaud, Gilles ; Simplot-Ryl, Isabelle ; Liu, Yanguo ; Traore, Issa
Author_Institution :
L.I.F.L. CNRS UMR, Univ. de Lille I, Villeneuve d´´Ascq
Abstract :
In most current approaches to software security, security flaws are fixed only after they have been exploited. To increase user confidence in software products, the software industry needs more proactive and durable security solutions by addressing security requirements throughout the software system lifecycle, including requirements and design specification, testing, and maintenance phases. Appropriate security analysis techniques must be used for each of these phases. In this paper, we illustrate an integrated security analysis framework, which combines a quantitative design security analysis technique, with a static program analyzer, which tracks unsafe information flows. We illustrate the framework by presenting a case study based on medical information card
Keywords :
authorisation; formal specification; program diagnostics; program testing; program verification; software maintenance; design specification; information flow; integrated security analysis; medical information card; quantitative design security analysis; requirements specification; security flaws; security requirement; security validation; security verification; software industry; software maintenance; software product; software security; software system lifecycle; software testing; static program analyzer; Computer security; Error correction; Information analysis; Information security; Medical treatment; NIST; National security; Smart cards; Software maintenance; Software systems;
Conference_Titel :
Local Computer Networks, Proceedings 2006 31st IEEE Conference on
Conference_Location :
Tampa, FL
Print_ISBN :
1-4244-0418-5
Electronic_ISBN :
0742-1303
DOI :
10.1109/LCN.2006.322215
