Undecidability of static analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
The undecidability of aliasing
ACM Transactions on Programming Languages and Systems (TOPLAS)
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Softwear Reliability
Token-based scanning of source code for security problems
ACM Transactions on Information and System Security (TISSEC)
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Hi-index | 0.00 |
Two approaches to enhancing the reliability and security of software—static analysis of the source code and dynamic protection—are compared. Advantages and disadvantages of these approaches are discussed. A hybrid approach to enhancing the reliability of software is suggested that combines advantages of both methods and smoothes over their drawbacks. A classification of dynamic protection systems is presented in terms of the time of their operation, abstraction level at which modifications are introduced and the protection code operates, and principles of protection. A pragmatic approach to the development and evolution of an algorithm for finding errors of a certain class in the source code that result in reducing the reliability or security of the system is described. The algorithm calculates an approximation of the exact solution (the set of dangerous fragments), and every next version of the algorithm improves the approximation to the exact solution. At each stage, the hybrid algorithm is used: when the static analysis cannot decide whether there are errors or not, the task of preventing the effects of possible errors is entrusted to the dynamic protection system. The iterative improvement of the algorithm has two purposes: to reduce the number of false alerts and to reduce the workload on the dynamic protection system. Application of the approach to a class of errors reducing the security of software is considered.