skip to main content
article

MF1: security by construction

Published:04 November 2007Publication History
Skip Abstract Section

Abstract

Practising software engineers, programme managers, and those involved with procurement of high-integrity software systems might attend this tutorial. Some background in the development of safety- or security-critical software might be useful, but not essential.

This tutorial will cover the use of "Correctness by Construction" (CbyC) techniques in the development of highly secure software systems. While the use of CbyC is well-known in the development of safety-related systems, it has also been deployed in the domain of highly secure systems. The software world seems plagued by security problems caused by basic mistakes in software design and construction, but this tutorial will show how practices from the safety-critical domain can be used to tackle these problems. In particular, the role of formal methods, programming language design, and strong static verification will be covered. The tutorial will be illustrated with reference to CbyC security projects such as the MULTOS CA and the NSA Tokeneer system.

Software security is one of the highest-profile and most important topics facing researchers today. The plague of "buffer overflow" and similar attacks that we read about every day seem almost endemic, yet these are problems that have been faced (and solved) by the safety-critical community for many years. This tutorial will recount our experience in building high-grade secure systems using the CbyC approach developed by Praxis over the last 15 years.

Index Terms

  1. MF1: security by construction

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGAda Ada Letters
      ACM SIGAda Ada Letters  Volume XXVII, Issue 3
      SIGAda '07
      December 2007
      93 pages
      ISSN:1094-3641
      DOI:10.1145/1315607
      Issue’s Table of Contents
      • cover image ACM Conferences
        SIGAda '07: Proceedings of the 2007 ACM international conference on SIGAda annual international conference
        November 2007
        116 pages
        ISBN:9781595938763
        DOI:10.1145/1315580

      Copyright © 2007 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 4 November 2007

      Check for updates

      Qualifiers

      • article
    • Article Metrics

      • Downloads (Last 12 months)2
      • Downloads (Last 6 weeks)0

      Other Metrics

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!