Abstract
This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bishop, P.G., Bloomfield, R.E., Clement, T.M., Guerra, S.: Software Criticality Analysis of COTS/SOUP. In: Anderson, S., Bologna, S., Felici, M., et al. (eds.) SAFECOMP 2002. LNCS, vol. 2434, p. 198. Springer, Heidelberg (2002)
Bishop, P.G., Bloomfield, R.E., Froome, P.K.D.: Justifying the use of software of uncertain pedigree (SOUP) in safety-related applications. Report No: CRR336 HSE Books (2001) ISBN 0 7176 2010 7, http://www.hse.gov.uk/research/crr_pdf/2001/crr01336.pdf
Ward, N.J.: The Rigorous Retrospective Static Analysis of the Sizewell ‘B’ Primary Protection System Software. In: Proceedings of the 12th International Conference on Computer Safety, Reliability and Security, Safecomp 1993 (October 1993)
Morton, S.: A Symptom of the Cure: Safer Language Subsets and Safe-Code Development. MISRA Guidelines Forum (October 2001)
Guidelines for the use of the C language in vehicle based software. MISRA (1998)
PolySpace Technologies, http://www.polyspace.com/
CodeSurfer user guide and technical reference. Version 1.0, Grammatech (1999)
Hatton, L.: Safer C. McGraw Hill, New York (1995)
Cousot, P., Cousot, R.: Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by construction or approximation of fixpoints. In: POPL 1977, ACM Press, New York (1977)
Bishop, P.G., Bloomfield, R.E.: A Conservative Theory for Long-Term Reliability Growth Prediction. IEEE Trans. Reliability 45(4) (December 1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bishop, P., Bloomfield, R., Clement, T., Guerra, S., Jones, C. (2003). Integrity Static Analysis of COTS/SOUP. In: Anderson, S., Felici, M., Littlewood, B. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2003. Lecture Notes in Computer Science, vol 2788. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39878-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-39878-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20126-7
Online ISBN: 978-3-540-39878-3
eBook Packages: Springer Book Archive