Cyber security at software development time

Mark Bradley; Ansgar Fehnker; Ralf Huuck

doi:10.1109/DSR.2011.6026847

Cyber security at software development time

Mark Bradley, Ansgar Fehnker, Ralf Huuck

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

Abstract

Secure systems are intrinsically dependent on secure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard's comparative exposition.

Original language	English
Title of host publication	2011 Defense Science Research Conference and Expo, DSR 2011
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Number of pages	4
ISBN (Print)	9781424492763
DOIs	https://doi.org/10.1109/DSR.2011.6026847
Publication status	Published - 2011
Externally published	Yes
Event	2011 Defense Science Research Conference and Expo, DSR 2011 - , Singapore Duration: 3 Aug 2011 → 5 Aug 2011

Conference

Conference	2011 Defense Science Research Conference and Expo, DSR 2011
Country/Territory	Singapore
Period	3/08/11 → 5/08/11

Keywords

C/C++
Model Checking
NIST
Security
Static Analysis
Tools

Access to Document

10.1109/DSR.2011.6026847

Cite this

@inproceedings{d54b851bb6d340f1ac499629d8e18993,

title = "Cyber security at software development time",

abstract = "Secure systems are intrinsically dependent on secure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard's comparative exposition.",

keywords = "C/C++, Model Checking, NIST, Security, Static Analysis, Tools",

author = "Mark Bradley and Ansgar Fehnker and Ralf Huuck",

year = "2011",

doi = "10.1109/DSR.2011.6026847",

language = "English",

isbn = "9781424492763",

booktitle = "2011 Defense Science Research Conference and Expo, DSR 2011",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "2011 Defense Science Research Conference and Expo, DSR 2011 ; Conference date: 03-08-2011 Through 05-08-2011",

}

TY - GEN

T1 - Cyber security at software development time

AU - Bradley, Mark

AU - Fehnker, Ansgar

AU - Huuck, Ralf

PY - 2011

Y1 - 2011

N2 - Secure systems are intrinsically dependent on secure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard's comparative exposition.

AB - Secure systems are intrinsically dependent on secure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard's comparative exposition.

KW - C/C++

KW - Model Checking

KW - NIST

KW - Security

KW - Static Analysis

KW - Tools

U2 - 10.1109/DSR.2011.6026847

DO - 10.1109/DSR.2011.6026847

M3 - Conference proceeding contribution

SN - 9781424492763

BT - 2011 Defense Science Research Conference and Expo, DSR 2011

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

T2 - 2011 Defense Science Research Conference and Expo, DSR 2011

Y2 - 3 August 2011 through 5 August 2011

ER -

Cyber security at software development time

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this