• Integrating Contract-based Sec...

Treffer: Integrating Contract-based Security Monitors in the Software Development Life Cycle

Title:
Integrating Contract-based Security Monitors in the Software Development Life Cycle
Authors:
Hoole, Alexander, M., Simplot-Ryl, Isabelle, Traoré, Issa
Contributors:
Department of Electrical & Computer Engineering Victoria (ECE Department), University of Victoria Canada (UVIC), System and Networking for Portable Objects Proved to be Safe (POPS), Laboratoire d'Informatique Fondamentale de Lille (LIFL), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria), This work is partially supported by CPER Nord-Pas-de-Calais/FEDER Campus Intelligence Ambiante.
Source:
FLACOS 2008 - 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software ; https://inria.hal.science/inria-00546624 ; FLACOS 2008 - 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software, Nov 2008, Malta, Malta
Publisher Information:
HAL CCSD
Publication Year:
2008
Collection:
Université de Lille 3 - Sciences Humaines et Sociales: HAL
Subject Terms:
[INFO]Computer Science [cs]
Subject Geographic:
Malta
Document Type:
Konferenz conference object
Language:
English
Availability:
https://inria.hal.science/inria-00546624
https://inria.hal.science/inria-00546624/document
https://inria.hal.science/inria-00546624/file/FLACOS-FULL.pdf
Rights:
info:eu-repo/semantics/OpenAccess
Accession Number:
edsbas.202FD3BE
Database:
BASE

Weitere Informationen

International audience ; Software systems, containing security vulnerabilities, continue to be created and released to consumers. We need to adopt improved software engineering practices to reduce the security vulnerabilities in modern systems. These practices should begin with stated security policies and end with systems which are quantitatively, not just qualitatively, more secure. Currently, contracts have been proposed for reliability and formal verification; yet, their use in security is limited. In this work, we propose a contract-based security assertion monitoring framework (CB SAMF) that is intended to reduce the number of security vulnerabilities that are exploitable, spanning multiple software layers, to be used in an enhanced systems development life cycle (SDLC).