Cyber security at software development time

Author

Bradley, Martin ; Fehnker, Ansgar ; Huuck, Ralf

Author_Institution

Nat. ICE Australia (NICTA), Univ. of New South Wales, Sydney, NSW, Australia

fYear

2011

fDate

3-5 Aug. 2011

Firstpage

1

Lastpage

4

Abstract

Secure systems are intrinsically dependent on se cure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard´s comparative exposition.

Keywords

formal verification; pattern matching; program diagnostics; security of data; trees (mathematics); Goanna; National Institute of Standard comparative exposition; cyber security; formal checking; model checking; security analysis; security threat; software development lifecycle; software development time; software security; source code analysis tool; system security; tree-based pattern matching; Computer architecture; Computer security; NIST; Pattern matching; Programming; Software; C/C++; Model Checking; NIST; Security; Static Analysis; Tools;

fLanguage

English

Publisher

ieee

Conference_Titel

Defense Science Research Conference and Expo (DSR), 2011

Conference_Location

Singapore

Print_ISBN

978-1-4244-9276-3

Type

conf

DOI

10.1109/DSR.2011.6026847

Filename

6026847