Application of lightweight formal methods to software security

Author

Gilliam, David P. ; Powell, John D. ; Bishop, Matt

Author_Institution

California Inst. of Technol., USA

fYear

2005

fDate

13-15 June 2005

Firstpage

160

Lastpage

165

Abstract

Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which specifies security properties in a library that can be re-used by 2 instruments and their methodologies developed for the National Aeronautics and Space Administration (NASA) at the Jet Propulsion Laboratory (JPL) are described herein The flexible modeling framework (FMF) is a model based verification instrument that uses Promela and the SPIN model checker. The property based tester (PET) uses TASPEC and a test execution monitor (TEM). They are used to reduce vulnerabilities and unwanted exposures in software during the development and maintenance life cycles. These instruments are currently being piloted with a COTS server-agent application.

Keywords

formal specification; formal verification; security of data; software libraries; software maintenance; COTS server agent application; Jet Propulsion Laboratory; National Aeronautics and Space Administration; Promela model checker; SPIN model checker; TASPEC; formal methods; formal specification; formal verification; software development; software security; Application software; Formal specifications; Instruments; Laboratories; NASA; National security; Positron emission tomography; Propulsion; Software libraries; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Enabling Technologies: Infrastructure for Collaborative Enterprise, 2005. 14th IEEE International Workshops on

ISSN

1524-4547

Print_ISBN

0-7695-2362-5

Type

conf

DOI

10.1109/WETICE.2005.19

Filename

1566203