Detecting Safety- and Security-Relevant Programming Defects by Sound Static Analysis

Kästner, Daniel; Mauborgne, Laurent; Ferdinand, Christian

Home // CYBER 2017, The Second International Conference on Cyber-Technologies and Cyber-Systems // View article

Detecting Safety- and Security-Relevant Programming Defects by Sound Static Analysis

Authors:
Daniel Kästner
Laurent Mauborgne
Christian Ferdinand

Keywords: static analysis; abstract interpretation; runtime errors; security vulnerabilities; functional safety; cybersecurity

Abstract:
Static code analysis has evolved to be a standard technique in the development process of safety-critical software. It can be applied to show compliance to coding guidelines, and to demonstrate the absence of critical programming errors, including runtime errors and data races. In recent years, security concerns have become more and more relevant for safety-critical systems, not least due to the increasing importance of highly automated driving and pervasive connectivity. While in the past, sound static analyzers have been primarily applied to demonstrate classical safety properties they are well suited also to address data safety, and to discover security vulnerabilities. This article gives an overview and discusses practical experience.

Pages: 26 to 31

Copyright: Copyright (c) IARIA, 2017

Publication date: November 12, 2017

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-605-7

Location: Barcelona, Spain

Dates: from November 12, 2017 to November 16, 2017