Integrity Static Analysis of COTS/SOUP
نویسندگان
چکیده
This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002 [1]. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme.
منابع مشابه
Software Criticality Analysis of COTS/SOUP
This paper describes the Software Criticality Analysis (SCA) approach that was developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The primary objective of SCA is to assess the importance to safety of the software components within the COTS and to show there is segregation between software components with different safety importanc...
متن کاملCosting Safety Critical Software
The views expressed in this paper are the views of the author and not necessarily those of the MOD. This paper will focus on the COSTS associated with validation of Safety Critical Software and will suggest some considerations for the way forward. The costs of safety analysis of Software are not straightforward to estimate. The extent of errors in the software requiring correction cannot be pre...
متن کاملAssessment of Safety Critical Systems with Cots Software and Software of Uncertain Pedigree (soup)
Missionand safety critical system designers are more and more forced to use a Commercial-Off-The-Shelf (COTS) approach due to more focus on cost and development times, even if COTS components normally are not specifically designed and developed for robust operation. Many safety critical systems have to be assessed or certified by independent organisations. This paper addresses the challenges as...
متن کاملData Integrity Limitations in Highly Secure Systems
We discuss a class of computer/network architectures that supports multilevel security while utilizing commercial-off-the-shelf (COTS) workstations and COTS productivity software applications. We show that a property of these architectures is that, while supporting multilevel confidentiality policies, they do not generally support partially ordered integrity policies: specifically, these archit...
متن کاملControl Flow Integrity for COTS Binaries
Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence of relocation or debug information in the binary. In contrast, we present a technique for applyi...
متن کامل