Ecole d'ingénieur et centre de recherche en Sciences du numérique

Static code analysis for software security verification: Problems and approaches

Zhioua, Zeineb; Short, Stuart; Roudier, Yves

STPSA 2014, 9th IEEE International Workshop on Security, Trust and Privacy for Software Applications, in COMPSAC 2014, 21-25 July 2014, Västerås, Sweden

Developing and deploying secure software is a difficult task, one that is even harder when the developer has to be conscious of adhering to specific company security requirements. In order to facilitate this, different approaches have been elaborated over the years to varying degrees of success. To better understand the underlying issues, this paper describes and evaluates a number of static code analysis techniques and tools based on an example that illustrates prevalent software security challenges. The latter can be addressed by considering an approach that allows for the detection of security properties and their transformation into security policies that can be validated against security requirements. This would help the developer throughout the software development lifecycle and to insure the compliance with security specifications.

Document Doi Bibtex

Titre:Static code analysis for software security verification: Problems and approaches
Département:Sécurité numérique
Eurecom ref:4444
Copyright: © 2014 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+4444, doi = {}, year = {2014}, title = {{S}tatic code analysis for software security verification: {P}roblems and approaches}, author = {{Z}hioua, {Z}eineb and {S}hort, {S}tuart and {R}oudier, {Y}ves}, booktitle = {{STPSA} 2014, 9th {IEEE} {I}nternational {W}orkshop on {S}ecurity, {T}rust and {P}rivacy for {S}oftware {A}pplications, in {COMPSAC} 2014, 21-25 {J}uly 2014, {V}{\"a}ster{\oa}s, {S}weden}, address = {{V}{\"a}ster{\oa}s, {SU}{\`{E}}{DE}}, month = {07}, url = {} }
Voir aussi: