Integrity static analysis of COTS/SOUP

Bishop, P. G., Bloomfield, R. E., Clement, T., Guerra, S. & Jones, C. (2003). Integrity static analysis of COTS/SOUP. In: S. O. Anderson, M. Felici & B. Littlewood (Eds.), Knowledge-Based Intelligent Information and Engineering Systems 7th INternational Conference, KES 2003, Oxford, UK, September 2003. Proceedings, Part I. Lecture Notes in Computer Science, 2788. (pp. 63-76). London, UK: Springer.

[img]
Preview
PDF
Download (75kB) | Preview

Abstract

This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme.

Item Type: Book Section
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: School of Informatics > Centre for Software Reliability
URI: http://openaccess.city.ac.uk/id/eprint/553

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics