LDRA offers security-critical software solution

LDRA

Security-critical development and certification

LDRA has released a security-critical development and certification solution to ensure the company's tool suite meets the growing demand for security-critical software.

LDRA has extended its implementation of the Cert C secure coding standard to also meet Multiple Independent Levels of Security (MILS) and Homeland Security criteria for security-critical software development.

Recognising that static analysis does not expose all software security vulnerabilities, LDRA has integrated this solution into its entire tool suite from analysis through test and requirements traceability.

With the increased dependency on software systems in mission- and safety-critical systems as well as daily infrastructure, the number of security breaches and attacks has increased.

New security vulnerabilities are discovered daily and these cause problems with inadequately protected systems, resulting in security flaws.

Studies indicate that a majority of these vulnerabilities can be traced back to a set of common programming errors.

Developing software that avoids these vulnerabilities is driving industries such as transportation, aerospace, defence, finance, and utilities, resulting in an increased interest in secure coding practices.

In addition, broader industry initiatives highlight the need to combine experience, knowledge and tools for building security into software at every phase of its development.

The common goal is to find weaknesses in source code and operational systems, as well as to achieve better understanding and management of software weaknesses in architecture and design.

The release extends LDRA's Cert C integration to adopt MILS and Homeland Security initiatives.

With this release, LDRA brings together two primary types of security - that which can be enforced by static analysis and involves adherence to specific coding rules and creating a firewall that protects a system from the outside world; and that which requires a security-critical development process and the partitioning of one security level from another within the same system.

By combining both of these approaches, LDRA enables developers to identify errant and vulnerable code at the language level and find algorithmically deviant code such as a malformed HTTP request which may be correctly coded, but represents a security breach.

To provide secure software development processes, LDRA enhanced its Zero Defect Software Development methodology, which integrates and automates software processes from requirements traceability through code, quality, and design review to unit test and test verification with the practices required by MILS/Common Criteria.

With the integration of MILS/Common Criteria, the LDRA security-critical solution also incorporates other features.

These include: structural coverage analysis and the determination of code structures which have not been exercised by the requirements-based test procedures; and control coupling that provides a visual representation of the control coupling dependence of a given software component on those components that call it or are called by it, including calling frequency.

In addition, the solution features: data coupling that provides information in both the static and dynamic analysis domains, showing all instances of the data items accessed by a software component; requirements coverage (traceability) which focuses on verification of whether code properly implements security requirements and the adequacy of those requirements; and testing and structural code coverage measurement that imposes strict structural coverage analysis objectives on the software according to the Common Criteria standard.

Add to my alerts

You need to be logged in to add alerts.

Sign in