John Wilander, Lic:
 Policy and Implementation Assurance for Software Security

To build more secure software, accurate and consistent security
requirements must be specified. We have investigated current practice by
doing a field study of eleven requirement specifications on IT systems.
The overall conclusion is that security requirements are poorly
specified due to three things: inconsistency in the selection of
requirements, inconsistency in level of detail, and almost no
requirements on standard security solutions.
    To build more secure software we specifically need assurance
requirements on code. A way to achieve implementation assurance is to
use effective methods and tools that solve or warn for known
vulnerability types in code. We have investigated the effectiveness of
four publicly available tools for run-time prevention of buffer overflow
attacks. Our comparison shows that the best tool is effective against
only 50 % of the attacks and there are six attack forms which none of
the tools can handle.
    We have also investigated the effectiveness of five publicly
available compile-time intrusion prevention tools. The test results show
high rates of false positives for the tools building on lexical analysis
and low rates of true positives for the tools building on syntactical
and semantical analysis.
    As a first step toward a more effective and generic solution we
propose dependence graphs decorated with type and range information as a
way of modeling and pattern matching security properties of code. These
models can be used to characterize both good and bad programming
practice. They can also be used to visually explain code properties to
the programmer.



Travel reports

Licentiate seminars


Courses Spring 2016


Last modified on March 2006 by Anne Moe