Reducing software security risk through an integrated approach

The paper presents joint work by the California Institute of Technology's Jet Propulsion Laboratory and the University of California at Davis (UC Davis) sponsored by the National Aeronautics and Space Administration Goddard Independent Verification and Validation Facility to develop a security assessment instrument for the software development and maintenance life cycle. The paper presents research on the generation of a software security assessment instrument to aid developers in assessing and assuring the security of software in the development and maintenance lifecycles.

[1]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[2]  Paul Ammann,et al.  Using model checking to generate tests from specifications , 1998, Proceedings Second International Conference on Formal Engineering Methods (Cat.No.98EX241).

[3]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[4]  John C. Kelly,et al.  Reducing Software Security Risk through an Integrated Approach , 2000, WETICE.

[5]  Matt Bishop,et al.  Property-based testing: a new approach to testing for assurance , 1997, SOEN.

[6]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[7]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .