City Research Online

Integrity static analysis of COTS/SOUP

Bishop, P. G., Bloomfield, R. E., Clement, T. , Guerra, S. & Jones, C. (2003). Integrity static analysis of COTS/SOUP. In: Anderson, S. O., Felici, M. & Littlewood, B. (Eds.), Knowledge-Based Intelligent Information and Engineering Systems 7th INternational Conference, KES 2003, Oxford, UK, September 2003. Proceedings, Part I. Lecture Notes in Computer Science, 2788. (pp. 63-76). London, UK: Springer. doi: 10.1007/b12002


This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme.

Publication Type: Book Section
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments: School of Science & Technology > Computer Science > Software Reliability
[thumbnail of Safecomp2003_stat_analysis.pdf]
Download (75kB) | Preview


Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email


Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login