An Automated Tool for Assessing Security-Critical Designs and Programs

Konferenz: WIAR '2012 - National Workshop on Information Assurance Research
18.04.2012 in Riyadh, Kingdom of Saudi Arabia

Tagungsband: WIAR '2012

Seiten: 10Sprache: EnglischTyp: PDF

Persönliche VDE-Mitglieder erhalten auf diesen Artikel 10% Rabatt

Alshammari, Bandar; Fidge, Colin; Corney, Diane (School of Electrical Engineering and Computer Science, Queensland University of Technology, Australia)
Alshammari, Bandar (School of Public Health and Health Informatics, King Saud Bin Abdulaziz University for Health Sciences, Saudi Arabia)

This paper describes in detail our Security-Critical Program Analyser (SCPA). SCPA is used to assess the security of a given program based on its design or source code with regard to data flow-based metrics. Furthermore, it allows software developers to generate a UML-like class diagram of their program and annotate its confidential classes, methods and attributes. SCPA is also capable of producing Java source code for the generated design of a given program. This source code can then be compiled and the resulting Java bytecode program can be used by the tool to assess the program’s overall security based on our security metrics.