Skip to main content

Deep Software Assurance: Requirements, Techniques, Field Experience

Researchers: Jonathan Aldrich, William Scherlis

Cross Cutting Thrusts: Software Security

Abstract

Software assurance is a key element of any cybersecurity strategy, as evidenced by the widespread use of tools like SLAM and PREfast by industry leaders such as Microsoft, eBay, and Oracle. Success with tool-based assurance of software requires multiple design characteristics, including specifically targeted security attributes, explicit design intent provided by engineers to the tools, deeply semantic analysis techniques, and a focus on immediate value for developers working on industrial-scale software. In this project, we are developing new design-intent based analysis techniques focusing on security-relevant architectural analysis, component compatibility, and library and framework usage. We are also exploring new approaches to leveraging these techniques in tool-mediated semantic inspections and process refinement driven by analysis-based quality indicators.