Static Code Analysis for Software Security Verification: Problems and Approaches

Developing and deploying secure software is a difficult task, one that is even harder when the developer has to be conscious of adhering to specific company security requirements. In order to facilitate this, different approaches have been elaborated over the years to varying degrees of success. To...

Full description

Saved in:
Bibliographic Details
Published in2014 IEEE 38th International Computer Software and Applications Conference Workshops pp. 102 - 109
Main Authors Zhioua, Zeineb, Short, Stuart, Roudier, Yves
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.07.2014
Subjects
Abstracts
Analytical models
code analysis tools
Model checking
program modeling
Programming
Security
security properties
Software
static analysis
Online AccessGet full text
DOI10.1109/COMPSACW.2014.22

Cover

More Information
Summary:Developing and deploying secure software is a difficult task, one that is even harder when the developer has to be conscious of adhering to specific company security requirements. In order to facilitate this, different approaches have been elaborated over the years to varying degrees of success. To better understand the underlying issues, this paper describes and evaluates a number of static code analysis techniques and tools based on an example that illustrates prevalent software security challenges. The latter can be addressed by considering an approach that allows for the detection of security properties and their transformation into security policies that can be validated against security requirements. This would help the developer throughout the software development lifecycle and to insure the compliance with security specifications.
DOI:10.1109/COMPSACW.2014.22