Skip to main content

Open Source Evaluation and Assurance

Researcher: William Scherlis

Cross Cutting Thrusts: Software Security | Formal Methods

Abstract

Software assurance is a key element of any cybersecurity strategy, as evidenced by the widespread use of tools like SLAM and PREfast by industry leaders such as Microsoft, eBay, and Oracle. Success with tool-based assurance of software requires multiple design characteristics, including specifically targeted security attributes, explicit design intent provided by engineers to the tools, deeply semantic analysis techniques, and a focus on immediate value for developers working on industrial-scale software. In this project, we are developing new design-intent based analysis techniques focusing on security-relevant architectural analysis, component compatibility, and library and framework usage. We are also exploring new approaches to leveraging these techniques in tool-mediated semantic inspections and process refinement driven by analysis-based quality indicators.