Title :
Security Verification Techniques Applied to PatchLink COTS Software
Author :
Gilliam, David P. ; Powell, John D. ; Bishop, Matt ; Andrew, Chris ; Jog, Sameer
Author_Institution :
Jet Propulsion Lab., California Inst. of Technol., Pasadena, CA
Abstract :
Verification of the security of software artifacts is a challenging task. An integrated approach that combines verification techniques can increase the confidence in the security of software artifacts. Such an approach has been developed by the Jet Propulsion Laboratory (JPL) and the University of California at Davis (UC Davis). Two security verification instruments were developed and then piloted on PatchLink´s UNIX agent, a commercial-off-the-shelf (COTS) software product, to assess the value of the instruments and the approach. The two instruments are the flexible modeling framework (FMF) - a model-based verification instrument (JPL), and a property-based tester (UC Davis). Security properties were formally specified for the COTS artifact and then verified using these instruments. The results were then reviewed to determine the effectiveness of the approach and the security of the COTS product
Keywords :
Unix; formal specification; program verification; security of data; software packages; Jet Propulsion Laboratory; PatchLink COTS software; UNIX agent; University of California; commercial-off-the-shelf software product; flexible modeling framework; formal specification; model-based verification instrument; property-based tester; security verification techniques; software artifacts; Automatic testing; Conferences; Instruments; Laboratories; Lead; Natural languages; Performance evaluation; Propulsion; Security; Software testing;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 2006. WETICE '06. 15th IEEE International Workshops on
Conference_Location :
Manchester
Print_ISBN :
0-7695-2623-3
DOI :
10.1109/WETICE.2006.59
