KIT | KIT-Bibliothek | Impressum | Datenschutz

Correctness-by-Construction for Correct and Secure Software Systems

Runge, Tobias

Abstract:

Ensuring the safety and security of software systems is more important today than ever before, as critical domains (such as automotive, aviation, or healthcare systems) become increasingly software-intensive. Typically, such critical software is exhaustively tested, but testing alone cannot guarantee correctness. Therefore, formal approaches are required to ensure safety and security of the developed software. For functional correctness, post-hoc verification is the state-of-the-art. By post-hoc verification, we mean that a program is implemented, specified with a pre-/postcondition contract, and then verified. However, this approach has the downside that it does not provide guidelines for developers how to write correct code. If a program developed without guidelines cannot be verified, it is often difficult to find the root causes. It may be a faulty implementation or an unsuitable specification of the program. As a result, it is costly to debug the program and to verify it again. In terms of security, it is important to ensure confidentiality and integrity of processed data. Here, static and dynamic taint analysis approaches are prevalent, where data is labeled with a security level to analyze whether there is a prohibited flow from a secure source to a public sink as defined by a security policy. ... mehr


Volltext §
DOI: 10.5445/IR/1000162979
Veröffentlicht am 09.11.2023
Originalveröffentlichung
DOI: 10.24355/dbbs.084-202306071046-0
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Publikationstyp Hochschulschrift
Publikationsjahr 2023
Sprache Englisch
Identifikator KITopen-ID: 1000162979
Verlag Technische Universität Braunschweig
Umfang 226 S.
Art der Arbeit Dissertation
Schlagwörter 005
Referent/Betreuer Johns, Martin
Schaefer, Ina
Hähnle, Reiner
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page