Cyber security at software development time

Mark Bradley*, Ansgar Fehnker, Ralf Huuck

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Secure systems are intrinsically dependent on secure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard's comparative exposition.

Original languageEnglish
Title of host publication2011 Defense Science Research Conference and Expo, DSR 2011
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event2011 Defense Science Research Conference and Expo, DSR 2011 - Singapore, Singapore
Duration: 3 Aug 20115 Aug 2011

Conference

Conference2011 Defense Science Research Conference and Expo, DSR 2011
Abbreviated titleDSR 2011
CountrySingapore
CitySingapore
Period3/08/115/08/11

Keywords

  • C/C++
  • Model Checking
  • NIST
  • Security
  • Static Analysis
  • Tools

Fingerprint

Dive into the research topics of 'Cyber security at software development time'. Together they form a unique fingerprint.

Cite this