Integrating Contract-based Security Monitors in the Software Development Life Cycle

Abstract : Software systems, containing security vulnerabilities, continue to be created and released to consumers. We need to adopt improved software engineering practices to reduce the security vulnerabilities in modern systems. These practices should begin with stated security policies and end with systems which are quantitatively, not just qualitatively, more secure. Currently, contracts have been proposed for reliability and formal verification; yet, their use in security is limited. In this work, we propose a contract-based security assertion monitoring framework (CB SAMF) that is intended to reduce the number of security vulnerabilities that are exploitable, spanning multiple software layers, to be used in an enhanced systems development life cycle (SDLC).
Type de document :
Communication dans un congrès
Proc. 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software, 2008, Malta, Malta. 2008
Liste complète des métadonnées

https://hal.inria.fr/inria-00546624
Contributeur : Isabelle Simplot-Ryl <>
Soumis le : mardi 14 décembre 2010 - 14:47:21
Dernière modification le : jeudi 11 janvier 2018 - 06:22:13

Identifiants

  • HAL Id : inria-00546624, version 1

Collections

Citation

M. Alexander, Isabelle Simplot-Ryl, Issa Traoré. Integrating Contract-based Security Monitors in the Software Development Life Cycle. Proc. 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software, 2008, Malta, Malta. 2008. 〈inria-00546624〉

Partager

Métriques

Consultations de la notice

48