Integrity static analysis of COTS/SOUP
Bishop, P. G., Bloomfield, R. E., Clement, T. , Guerra, S. & Jones, C. (2003). Integrity static analysis of COTS/SOUP. In: Anderson, S. O., Felici, M. & Littlewood, B. (Eds.), Knowledge-Based Intelligent Information and Engineering Systems 7th INternational Conference, KES 2003, Oxford, UK, September 2003. Proceedings, Part I. Lecture Notes in Computer Science, 2788. (pp. 63-76). London, UK: Springer. doi: 10.1007/b12002
Abstract
This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme.
Publication Type: | Book Section |
---|---|
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Departments: | School of Science & Technology > Computer Science > Software Reliability |