Skip to main content

Cyber security at software development time

Authors

Ansgar Fehnker, Mark Bradley and Ralf Huuck

NICTA

Abstract

Secure systems are intrinsically dependent on secure software. Creating secure software is no simple task and every aspect of the software development lifecycle has to be taken into account. In this article we focus on security in the software implementation phase and present a number of techniques that enable the formal checking of security properties at software development time. We give an overview of some of the automated analysis techniques available today ranging from tree-based pattern matching to model checking. Moreover, we present our source code analysis tool Goanna which integrates those security analysis techniques, and we provide a number of application examples, where Goanna detects real security threats demonstrated in application examples from the National Institute of Standard's comparative exposition.

BibTeX Entry

  @inproceedings{Fehnker_BH_11,
    author           = {Fehnker, Ansgar and Bradley, Mark and Huuck, Ralf},
    month            = sep,
    year             = {2011},
    keywords         = {security, static analysis, model checking, c/c++, nist, tools},
    address          = {Singapore Singapore},
    title            = {Cyber Security at Software Development Time},
    pages            = {4},
    booktitle        = { International Conference on Defence Science Research (DSR-2011)}
  }

Download

Served by Apache on Linux on seL4.