Lightweight Formal Methods for Improving Software Security

Author

Andrew Berns, University of Northern IowaFollow
James Curbow, University of Northern Iowa
Joshua Hilliard, University of Northern Iowa
Sheriff Jorkeh, University of Northern Iowa
Miho Sanders, University of Northern Iowa

Presentation Type

Open Access Poster Presentation

Keywords

Computer software--Development; Computer security;

Abstract

This research examines how software specifications could be used to build more-secure software. For this project, we analyzed known vulnerabilities for open source projects to identify the corrective actions required to patch the vulnerability. For each vulnerability, we then augmented the program with formal assertions in an attempt to allow a static analysis tool to find the vulnerability. Using the information gathered from these assertions, we hope to determine which assertions are most effective at finding vulnerabilities with today's tools and evaluate new assertions that could be added to the static analysis tool to help uncover more vulnerabilities. My work focuses on a common vulnerability type across multiple projects. In particular, I am examining if vulnerabilities caused by missing authentication could be prevented with proper tool usage.

Start Date

1-4-2019 11:00 AM

End Date

1-4-2019 2:30 PM

Event Host

University Honors Programs, Iowa Regent Universities

Faculty Advisor

Andrew Berns

Department

Department of Computer Science

Copyright

©2019 Andrew Berns, James Curbow, Joshua Hilliard, Sheriff Jorkeh, and Miho Sanders

File Format

application/pdf

Recommended Citation

Berns, Andrew; Curbow, James; Hilliard, Joshua; Jorkeh, Sheriff; and Sanders, Miho, "Lightweight Formal Methods for Improving Software Security" (2019). Research in the Capitol. 11.
https://scholarworks.uni.edu/rcapitol/2019/all/11