Engineering Methods And Tools For Software Safety And Security

As a consequence of the wide distribution of software and software infrastructure, information security and safety depend on the quality and excellent understanding of its functioning. Only if this functionality is guaranteed as safe, customer and information are protected against adversarial attacks and malfunction. A vast proportion of information exchange is dominated by computer systems. Due to the fact that technical systems are more or less interfaced with software systems, most information exchange is closely related to software and computer systems. Information safety and security of software systems depend on the quality and excellent understanding of its functioning. The last few years have shown a renewed interest in formally specifying and verifying software and its role in engineering methods. Within the last decade, interactive program verifiers have been applied to control software and other critical applications. Software model checking has made strides into industrial applications and a number of research tools for bug detection have been built using automatic program-verification technology. Such solutions are high-level programming methods which provide strategies to ensure information security in complex software systems by automatically verified correctness. Based on the specific needs in applications of software technology, models and formal methods must serve the needs and the quality of advanced software engineering methods. This book provides an in-depth presentation of state-of-the-art topics on how to meet such challenges covering both theoretical foundations and industrial practice.

Based on the specific needs in applications of software technology, models and formal methods must serve the needs and the quality of advanced software engineering methods. This book provides a presentation of topics on how to meet such challenges covering both theoretical foundations and industrial practice.

As a consequence of the wide distribution of software and software infrastructure, information security and safety depend on the quality and excellent understanding of its functioning. Only if this functionality is guaranteed as safe, customer and information are protected against adversarial attacks and malfunction. A vast proportion of information exchange is dominated by computer systems. Due to the fact that technical systems are more or less interfaced with software systems, most information exchange is closely related to software and computer systems.

This first-of-its-kind resource offers a broad and detailed understanding of software systems engineering from both security and safety perspectives. Addressing the overarching issues related to safeguarding public data and intellectual property, the book defines such terms as systems engineering, software engineering, security, and safety as precisely as possible, making clear the many distinctions, commonalities, and interdependencies among various disciplines. You explore the various approaches to risk and the generation and analysis of appropriate metrics. This unique book explains how processes relevant to the creation and operation of software systems should be determined and improved, how projects should be managed, and how products can be assured. You learn the importance of integrating safety and security into the development life cycle. Additionally, this practical volume helps identify what motivators and deterrents can be put in place in order to implement the methods that have been recommended.

Recent decades have seen major advances in methods and tools for checking the safety and security of software systems. Automatic tools can now detect security flaws not only in programs of the order of a million lines of code, but also in high-level protocol descriptions. There has also been something of a breakthrough in the area of operating system verification. This book presents the lectures from the NATO Advanced Study Institute on Tools for Analysis and Verification of Software Safety and Security; a summer school held at Bayrischzell, Germany, in 2011. This Advanced Study Institute was divided into three integrated modules: Foundations of Safety and Security, Applications of Safety Analysis and Security Analysis. Subjects covered include mechanized game-based proofs of security protocols, formal security proofs, model checking, using and building an automatic program verifier and a hands-on introduction to interactive proofs. Bringing together many leading international experts in the field, this NATO Advanced Study Institute once more proved invaluable in facilitating the connections which will influence the quality of future research and the potential to transfer research into practice. This book will be of interest to all those whose work depends on the safety and security of software systems.

Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book’s expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and to define what is “good enough”–understanding that software security risks will change throughout the SDLC Project managers and software engineers need to learn to think like an attacker in order to address the range of functions that software should not do, and how software can better resist, tolerate, and recover when under attack

Developing secure software requires the integration of numerous methods and tools into the development process, and software design is based on shared expert knowledge, claims, and opinions. Empirical methods, including data analytics, allow extracting knowledge and insights from the data that organizations collect from their processes and tools, and from the opinions of the experts who practice these processes and methods. This book introduces the reader to the fundamentals of empirical research methods, and demonstrates how these methods can be used to hone a secure software development lifecycle based on empirical data and published best practices.

This book provides an accessible introduction to the SPARK programming language. Updated 'classic' that covers all of the new features of SPARK, including Object Oriented Programming. The only book on the market that covers this important and robust programming language. CD-ROM contains the main SPARK tools and additional manuals giving all the information needed to use SPARK in practice. Technology: The SPARK language is aimed at writing reliable software that combines simplicity and rigour within a practical framework. Because of this, many safety-critical, high integrity systems are developed using SPARK. User Level: Intermediate Audience: Software engineers, programmers, technical leaders, software managers. Engineering companies in fields such as avionics, railroads, medical instrumentation and automobiles. Academics giving MSc courses in Safety Critical Systems Engineering, System Safety Engineering, Software Engineering. Author Biography: John Barnes is a veteran of the computing industry. In 1977 he designed and implemented the RTL/2 programming language and was an original member of the ADA programming language design team. He was founder and MD of Alsys Ltd from 1985 to 1991. Currently self employed, John is the author of 'Programming in ADA' which has sold 150000 copies and been translated into 6 languages.