Abstract
Abstract : This report presents an overview of the results of a three year DARPA-sponsored effort investigating dynamic software security analysis. This research effort resulted in the design and implementation of two major tool sets (FIST and VISTA), each comprised of many individual tools, and the development of a methodology that provides the capability to perform a thorough security analysis on a piece of security-critical software written in C or C++. The Fault Injection Security Tool (FIST) automates white-box dynamic security analysis of software using program inputs, fault injection and assertion monitoring of programs written in C and C++. The Visualizing STatic Analysis (VISTA) Tool provides a way of viewing and navigating static analysis properties of a program. Together these tools provide static and dynamic analysis capabilities that can identify security vulnerabilities in source code before its release. However, a major research issue remains. Though the current approach is able to discover security vulnerabilities through a process of fault injection and dynamic monitoring, the tools themselves are not able to determine whether such an event could occur through standard attacker input at the program interface. This effort only scratched the surface of work on this important problem.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
