Title :
Speculative Software Modification and its Use in Securing SOUP
Author :
Rodes, Benjamin D. ; Knight, Jonathan C.
Author_Institution :
Dept. of Comput. Sci., Univ. of Virginia, Charlottesville, VA, USA
Abstract :
We present an engineering process model for generating software modifications that is designed to be used when either most or all development artifacts about the software, including the source code, are unavailable. This kind of software, commonly called Software Of Unknown Provenance (SOUP), raises many doubts about the existence and adequacy of desired dependability properties, for example security. These doubts motivate some users to apply modifications to enhance dependability properties of the software, however, without necessary development artifacts, modifications are made in a state of uncertainty and risk. We investigate enhancing dependability through software modification in the presence of these risks as an engineering problem and introduce an engineering process for generating software modifications called Speculative Software Modification (SSM). We present the motivation and guiding principles of SSM, and a case study of SSM applied to protect software against buffer overflow attacks when only the binary is available.
Keywords :
security of data; software reliability; source code (software); SOUP security; SSM; software dependability property; software development artifacts; software engineering process model; software of unknown provenance; source code; speculative software modification; Complexity theory; Hardware; Maintenance engineering; Measurement; Security; Software; Uncertainty; Assurance Case; Security; Software Modification; Software Of Unknown Provenance (SOUP);
Conference_Titel :
Dependable Computing Conference (EDCC), 2014 Tenth European
Conference_Location :
Newcastle
DOI :
10.1109/EDCC.2014.29
