Abstract
Software vulnerabilities are defined as a property of a system's security requirements, design, implementation, or operation that could be accidentally triggered or intentionally exploited and result in a security failure [1]. Many organizations throughout the world are studying software vulnerabilities and how they allow software applications to be infiltrated and corrupted. The Common Weakness Enumeration (CWE) [2] is a collection of standard, measurable weaknesses that may be used to assess software tools and services. The CWE may be also be used to document known vulnerabilities and improve communication between parties working on software assurance. The SPARK programming language and toolset [3, 4] is designed for the development of high assurance software. The SPARK programming language is a subset of the Ada programming language plus a collection of annotations intended to provide a programming language that is unambiguous, free from implementation dependencies, and formally defined. Used together, the SPARK language and toolset enable the prevention and elimination of defects in source code during the development of the code. This paper presents an analysis of the SPARK programming language against a collection of CWEs.
- NIST Special Publication 500--268, Source Code Security Analysis Tool Functional Specification Version 1.0, May 2007.Google Scholar
- Common Weakness Enumeration (CWE), http://cwe.mitre.org/.Google Scholar
- SPARK GPL Edition, http://libre.adacore.com/libre/tools/spark-gpl-edition/.Google Scholar
- Barnes, John, High Integrity Software: The SPARK Approach to Safety and Security, Addison Wesley, 2006. Google Scholar
Digital Library
- ISO/IEC TR 24718:2004 (2004) Guide for the use of the Ada Ravenscar Profile in high integrity systems.Google Scholar
- Ada Reference Manual with Technical Corrugendum 1 and Ammendment 1, ISO-8652:1995(E) with COR 1: 2000 and Amd 1:2007.Google Scholar
Index Terms
Software vulnerabilities precluded by spark
Recommendations
Software vulnerabilities precluded by spark
SIGAda '11: Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming languageSoftware vulnerabilities are defined as a property of a system's security requirements, design, implementation, or operation that could be accidentally triggered or intentionally exploited and result in a security failure [1]. Many organizations ...
Ada and the software vulnerabilities project
Given the large focus on software vulnerabilities in the current market place, ISO/IEC JTC 1/SC 22/WG 23 has developed a Technical Report (TR) on Vulnerabilities [1]. This TR contains vulnerabilities that may be applicable to a programming language or ...
Mining trends and patterns of software vulnerabilities
We mine software vulnerabilities to facilitate vendors in making decisions about future vulnerabilities in software applications.Results show that no significant difference exists in trend of vulnerabilities.Sequential patterns of vulnerability events ...







Comments