EU-researchers have developed a set of source code analysis tools capable of verifying the security properties of applications written in C, C++ and Java.

Digital Economy

In a society driven by information technology and communication, the safety and security of software have become crucial challenges. Answering this call is the EU-funded STANCE project, a multi-disciplinary initiative that has led to numerous scientific and technological breakthroughs in the field of software security. Within its three and a half years timeframe, the project defined, implemented and distributed a toolbox – a set of source code analysis tools – capable of verifying the security properties of applications written in C, C++ and Java. Essentially, the toolbox brings together and coordinates the work of existing analysis tools, including the Frama-C platform, the VeriFast verifier and a ‘fuzz’ software testing tool. Frama-C is a software analysis platform that enables the design, implementation and dissemination of formal verification solutions. VeriFast, on the other hand, is an analyser for C and Java source code annotated with predicates written in separation logic. ‘The STANCE architecture is based on the aforementioned analysis tools’, says project researcher Armand Puccetti. ‘The project developed numerous plug-ins for these tools, allowing them to perform specific security analyses, such as modular code analyses.’ According to Puccetti, these are powerful tools for formally verifying the robustness of security sensitive applications. ‘The STANCE project further optimised their usefulness by creating methodologies for combining these tools for use in real-world case studies and within the context of Common Criteria Certification’, he adds. How it works The STANCE tool specifies algorithms for detecting well-defined classes of security threats found in the source code. It accomplishes this by using, extending and expanding on known techniques for safety-oriented source code analysis – including abstract interpretations, deductive verifications and model checking. These analyses are then extended via diagnostic capabilities and model-based diagnosis and counterexamples. The analyses can also be conducted using dynamic analysis with fault injection and automatic test case generation. Following the completion of this initial phase, the tool provides the user with a theoretical foundation that formally guarantees that a given piece of software is free of any security flaws. Increasing trustworthiness With this toolbox and its supporting methods, the STANCE project successfully increased the trustworthiness and cost-effectiveness of existing security-oriented processes. ‘As a result of its work, the project positively altered the domain of software security assurance, having a broad impact on its legal, societal and economic aspects’, says Puccetti. ‘Furthermore, among the new tools developed in the Frama-C and Verifast platforms, several will be distributed in open source, while others remain as prototypes as further research continues.’ From an economic standpoint, the STANCE project’s findings will provide a strategic market differentiator for companies using its tool and methods, with long-term benefits as to development and maintenance costs. In a broader sense, the project has given society a new standard of trust – a much needed boost for the development of cyber-technologies. ‘The STANCE project contributed to the fulfilment of the EU’s policy strategies by providing a means for detecting security vulnerabilities in critical software applications, meaning EU citizens can have confidence that their software-driven applications are secure’, concludes Puccetti.

Keywords

STANCE, toolbox, source code, C++, java, cyber security, frama-c, verifast, code analysis, threats, diagnostic, software, maintenance, vulnerability