Skip to main content
SpringerLink
Log in

Integrity Static Analysis of COTS/SOUP

  • Conference paper
Book cover Computer Safety, Reliability, and Security (SAFECOMP 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2788))

Included in the following conference series:

Abstract

This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bishop, P.G., Bloomfield, R.E., Clement, T.M., Guerra, S.: Software Criticality Analysis of COTS/SOUP. In: Anderson, S., Bologna, S., Felici, M., et al. (eds.) SAFECOMP 2002. LNCS, vol. 2434, p. 198. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  2. Bishop, P.G., Bloomfield, R.E., Froome, P.K.D.: Justifying the use of software of uncertain pedigree (SOUP) in safety-related applications. Report No: CRR336 HSE Books (2001) ISBN 0 7176 2010 7, http://www.hse.gov.uk/research/crr_pdf/2001/crr01336.pdf

  3. Ward, N.J.: The Rigorous Retrospective Static Analysis of the Sizewell ‘B’ Primary Protection System Software. In: Proceedings of the 12th International Conference on Computer Safety, Reliability and Security, Safecomp 1993 (October 1993)

    Google Scholar 

  4. Morton, S.: A Symptom of the Cure: Safer Language Subsets and Safe-Code Development. MISRA Guidelines Forum (October 2001)

    Google Scholar 

  5. Guidelines for the use of the C language in vehicle based software. MISRA (1998)

    Google Scholar 

  6. PolySpace Technologies, http://www.polyspace.com/

  7. CodeSurfer user guide and technical reference. Version 1.0, Grammatech (1999)

    Google Scholar 

  8. Hatton, L.: Safer C. McGraw Hill, New York (1995)

    Google Scholar 

  9. Cousot, P., Cousot, R.: Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by construction or approximation of fixpoints. In: POPL 1977, ACM Press, New York (1977)

    Google Scholar 

  10. Bishop, P.G., Bloomfield, R.E.: A Conservative Theory for Long-Term Reliability Growth Prediction. IEEE Trans. Reliability 45(4) (December 1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CSR, City University,  

    P. Bishop & R. Bloomfield

  2. Adelard Drysdale Building, 10 Northampton Square, London, EC1V 0HB, UK

    P. Bishop, R. Bloomfield, T. Clement, S. Guerra & C. Jones

Authors
  1. P. Bishop
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Bloomfield
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. T. Clement
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. Guerra
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. C. Jones
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Informatics, The University of Edinburgh LFCS, Mayfield Road, EH9 3JZ, Edinburgh, UK

    Stuart Anderson

  2. School of Informatics, The University of Edinburgh, EH9 3JZ, Edinburgh, UK

    Massimo Felici

  3. Centre for Software Reliability, City University, Northampton Square, EC1V 0HB, London, UK

    Bev Littlewood

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bishop, P., Bloomfield, R., Clement, T., Guerra, S., Jones, C. (2003). Integrity Static Analysis of COTS/SOUP. In: Anderson, S., Felici, M., Littlewood, B. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2003. Lecture Notes in Computer Science, vol 2788. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39878-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39878-3_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20126-7

  • Online ISBN: 978-3-540-39878-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation