Security is a crucial issue in many modern software systems and can lead to immense costs if required security goals are not fulfilled. Fewer techniques exist to address the syste...
We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection...
David Wagner, Jeffrey S. Foster, Eric A. Brewer, A...
Abstract. This paper argues for performing information-flow-based security analysis in the first phaseof the software development life cycle itself ie in the requirements elicita...
Evaluation of non-functional properties of a design (such as performance, dependability, security, etc.) can be enabled by design annotations specific to the property to be evalua...
C. Murray Woodside, Dorina C. Petriu, Dorin Bogdan...
This paper discusses the Trustworthy Computing Security Development Lifecycle (or simply the SDL), a process that Microsoft has adopted for the development of software that needs ...