Ecole d'ingénieur et centre de recherche en Sciences du numérique

Towards the verification and validation of software security properties using static code analysis

Zhioua, Zeineb; Short, Stuart; Roudier, Yves

Computer Science: Theory and Application, Volume 2, N°2, 2014, ISSN: 2336-0984

Developing and delivering secure software is a challenging task, that gets even harder when the developer tries to adhere to both application and organization-specific security requirements. Different approaches have been proposed to facilitate this task, such as code analysis that aims at detecting flaws in the developed software before it is released and deployed to customer. This paper discusses a number of static code analysis approaches and presents different code analysis tools adopting each a specific analysis technique. These tools are evaluated against a sample code illustrating different security challenges that can be addressed using an approach that helps detecting security properties. The latter can be transformed into abstract security policies that can be validated against explicit security requirements. This would help the developer throughout the software development lifecycle and to ensure the compliance with security specifications.

Document Bibtex

Titre:Towards the verification and validation of software security properties using static code analysis
Mots Clés:Static Analysis, Code Analysis Tools, Security Properties, Program Modeling
Type:Journal
Langue:English
Ville:
Date:
Département:Sécurité numérique
Eurecom ref:4799
Bibtex: @article{EURECOM+4799, year = {2014}, month = {12}, title = {{T}owards the verification and validation of software security properties using static code analysis}, author = {{Z}hioua, {Z}eineb and {S}hort, {S}tuart and {R}oudier, {Y}ves }, journal = {{C}omputer {S}cience: {T}heory and {A}pplication, {V}olume 2, {N}°2, 2014, {ISSN}: 2336-0984 }, url = {http://www.eurecom.fr/publication/4799} }
Voir aussi: