Title :
Cyber security at software development time
Author :
Bradley, Martin ; Fehnker, Ansgar ; Huuck, Ralf
Author_Institution :
Nat. ICE Australia (NICTA), Univ. of New South Wales, Sydney, NSW, Australia
Abstract :
Secure systems are intrinsically dependent on se cure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard´s comparative exposition.
Keywords :
formal verification; pattern matching; program diagnostics; security of data; trees (mathematics); Goanna; National Institute of Standard comparative exposition; cyber security; formal checking; model checking; security analysis; security threat; software development lifecycle; software development time; software security; source code analysis tool; system security; tree-based pattern matching; Computer architecture; Computer security; NIST; Pattern matching; Programming; Software; C/C++; Model Checking; NIST; Security; Static Analysis; Tools;
Conference_Titel :
Defense Science Research Conference and Expo (DSR), 2011
Conference_Location :
Singapore
Print_ISBN :
978-1-4244-9276-3
DOI :
10.1109/DSR.2011.6026847
