Title :
Static Code Analysis for Software Security Verification: Problems and Approaches
Author :
Zhioua, Zeineb ; Short, Stuart ; Roudier, Yves
Author_Institution :
SAP Labs., Sophia-Antipolis, France
Abstract :
Developing and deploying secure software is a difficult task, one that is even harder when the developer has to be conscious of adhering to specific company security requirements. In order to facilitate this, different approaches have been elaborated over the years to varying degrees of success. To better understand the underlying issues, this paper describes and evaluates a number of static code analysis techniques and tools based on an example that illustrates prevalent software security challenges. The latter can be addressed by considering an approach that allows for the detection of security properties and their transformation into security policies that can be validated against security requirements. This would help the developer throughout the software development lifecycle and to insure the compliance with security specifications.
Keywords :
formal specification; formal verification; program diagnostics; security of data; security policies; security properties detection; security requirements; security specifications; software development lifecycle; software security verification; static code analysis techniques; Abstracts; Analytical models; Model checking; Programming; Security; Software; code analysis tools; program modeling; security properties; static analysis;
Conference_Titel :
Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International
Conference_Location :
Vasteras
DOI :
10.1109/COMPSACW.2014.22
