Advanced Sound Static Analysis to Detect Safety- and Security-Relevant Programming Defects

Kästner, Daniel; Mauborgne, Laurent; Grafe, Nicolas; Ferdinand, Christian

Home // International Journal On Advances in Security, volume 11, numbers 1 and 2, 2018 // View article

Advanced Sound Static Analysis to Detect Safety- and Security-Relevant Programming Defects

Authors:
Daniel Kästner
Laurent Mauborgne
Nicolas Grafe
Christian Ferdinand

Keywords: static analysis; abstract interpretation; runtime errors; security vulnerabilities; functional safety; cybersecurity

Abstract:
Static code analysis has evolved to be a standard technique in the development process of safety-critical software. It can be applied to show compliance to coding guidelines, and to demonstrate the absence of critical programming errors, including runtime errors and data races. In recent years, security concerns have become more and more relevant for safety-critical systems, not least due to the increasing importance of highly-automated driving and pervasive connectivity. While in the past, sound static analyzers have been primarily applied to demonstrate classical safety properties they are well suited also to address data safety, and to discover security vulnerabilities. This article gives an overview and discusses practical experience.

Pages: 149 to 159

Publication date: June 30, 2018

Published in: journal

ISSN: 1942-2636