Abstract
Practising software engineers, programme managers, and those involved with procurement of high-integrity software systems might attend this tutorial. Some background in the development of safety- or security-critical software might be useful, but not essential.
This tutorial will cover the use of "Correctness by Construction" (CbyC) techniques in the development of highly secure software systems. While the use of CbyC is well-known in the development of safety-related systems, it has also been deployed in the domain of highly secure systems. The software world seems plagued by security problems caused by basic mistakes in software design and construction, but this tutorial will show how practices from the safety-critical domain can be used to tackle these problems. In particular, the role of formal methods, programming language design, and strong static verification will be covered. The tutorial will be illustrated with reference to CbyC security projects such as the MULTOS CA and the NSA Tokeneer system.
Software security is one of the highest-profile and most important topics facing researchers today. The plague of "buffer overflow" and similar attacks that we read about every day seem almost endemic, yet these are problems that have been faced (and solved) by the safety-critical community for many years. This tutorial will recount our experience in building high-grade secure systems using the CbyC approach developed by Praxis over the last 15 years.
Index Terms
MF1: security by construction
Recommendations
Static analysis tools for security checking in code at Motorola
As part of an overall initiative to improve the security aspects in the software used in Motorola's products, training and secure coding standards were developed. The goal is to decrease the number of security vulnerabilities introduced during the ...
Logical foundation for static analysis: application to binary static analysis for security
Static analysis has emerged in recent years as an indispensable tool in software verification. Unlike deductive approaches to program verification, static analysis can only prove simple properties. Moreover, the myriad of static analysis tools employ ...







Comments