Integrated Security Verification and Validation: Case Study
Résumé
In most current approaches to software security, secu- rity flaws are fixed only after they have been exploited. To increase user confidence in software products, the software industry needs more proactive and durable security solu- tions by addressing security requirements throughout the software system lifecycle, including requirements and de- sign specification, testing, and maintenance phases. Appro- priate security analysis techniques must be used for each of these phases. In this paper, we illustrate an integrated se- curity analysis framework, which combines a quantitative design security analysis technique, with a static program analyzer, which tracks unsafe information flows. We illus- trate the framework by presenting a case study based on medical information card.