skip to main content
research-article

Software vulnerabilities precluded by spark

Published:06 November 2011Publication History
Skip Abstract Section

Abstract

Software vulnerabilities are defined as a property of a system's security requirements, design, implementation, or operation that could be accidentally triggered or intentionally exploited and result in a security failure [1]. Many organizations throughout the world are studying software vulnerabilities and how they allow software applications to be infiltrated and corrupted. The Common Weakness Enumeration (CWE) [2] is a collection of standard, measurable weaknesses that may be used to assess software tools and services. The CWE may be also be used to document known vulnerabilities and improve communication between parties working on software assurance. The SPARK programming language and toolset [3, 4] is designed for the development of high assurance software. The SPARK programming language is a subset of the Ada programming language plus a collection of annotations intended to provide a programming language that is unambiguous, free from implementation dependencies, and formally defined. Used together, the SPARK language and toolset enable the prevention and elimination of defects in source code during the development of the code. This paper presents an analysis of the SPARK programming language against a collection of CWEs.

References

  1. NIST Special Publication 500--268, Source Code Security Analysis Tool Functional Specification Version 1.0, May 2007.Google ScholarGoogle Scholar
  2. Common Weakness Enumeration (CWE), http://cwe.mitre.org/.Google ScholarGoogle Scholar
  3. SPARK GPL Edition, http://libre.adacore.com/libre/tools/spark-gpl-edition/.Google ScholarGoogle Scholar
  4. Barnes, John, High Integrity Software: The SPARK Approach to Safety and Security, Addison Wesley, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. ISO/IEC TR 24718:2004 (2004) Guide for the use of the Ada Ravenscar Profile in high integrity systems.Google ScholarGoogle Scholar
  6. Ada Reference Manual with Technical Corrugendum 1 and Ammendment 1, ISO-8652:1995(E) with COR 1: 2000 and Amd 1:2007.Google ScholarGoogle Scholar

Index Terms

  1. Software vulnerabilities precluded by spark

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!