Article thumbnail

Integrity static analysis of COTS/SOUP

By P. G. Bishop, R. E. Bloomfield, T. Clement, S. Guerra and C. Jones

Abstract

This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme

Topics: QA75
Publisher: 'Springer Science and Business Media LLC'
Year: 2003
DOI identifier: 10.1007/b12002
OAI identifier: oai:openaccess.city.ac.uk:553
Provided by: City Research Online

Suggested articles


To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.