An Automated Tool for Assessing Security-Critical Designs and Programs

Conference: WIAR '2012 - National Workshop on Information Assurance Research
04/18/2012 at Riyadh, Kingdom of Saudi Arabia

Proceedings: WIAR '2012

Pages: 10Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Alshammari, Bandar; Fidge, Colin; Corney, Diane (School of Electrical Engineering and Computer Science, Queensland University of Technology, Australia)
Alshammari, Bandar (School of Public Health and Health Informatics, King Saud Bin Abdulaziz University for Health Sciences, Saudi Arabia)

This paper describes in detail our Security-Critical Program Analyser (SCPA). SCPA is used to assess the security of a given program based on its design or source code with regard to data flow-based metrics. Furthermore, it allows software developers to generate a UML-like class diagram of their program and annotate its confidential classes, methods and attributes. SCPA is also capable of producing Java source code for the generated design of a given program. This source code can then be compiled and the resulting Java bytecode program can be used by the tool to assess the program’s overall security based on our security metrics.