Assessing and extracting software security vulnerabilities in SOFL formal specifications
| Title | Assessing and extracting software security vulnerabilities in SOFL formal specifications |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Emeka, Busalire Onesmus, Liu, Shaoying |
| Conference Name | 2018 International Conference on Electronics, Information, and Communication (ICEIC) |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-4754-7 |
| Keywords | composability, Computer bugs, Formal Language, formal languages, formal specification, formal specifications, formal verification, highly interconnected world, Input variables, Metrics, Natural languages, object oriented security, object-oriented languages, password, pubcrawl, Requirement Specifications, resilience, Resiliency, secure distributed systems, secure software product, security of data, Security Vulnerability Extraction, SOFL, SOFL formal specifications, Software, software development life cycle, software requirement specifications, software security vulnerabilities |
| Abstract | The growth of the internet has brought along positive gains such as the emergence of a highly interconnected world. However, on the flip side, there has been a growing concern on how secure distributed systems can be built effectively and tested for security vulnerabilities prior to deployment. Developing a secure software product calls for a deep technical understanding of some complex issues with regards to the software and its operating environment, as well as embracing a systematic approach of analyzing the software. This paper proposes a method for identifying software security vulnerabilities from software requirement specifications written in Structured Object-oriented Formal Language (SOFL). Our proposed methodology leverages on the concept of providing an early focus on security by identifying potential security vulnerabilities at the requirement analysis and verification phase of the software development life cycle. |
| URL | https://ieeexplore.ieee.org/document/8330613/ |
| DOI | 10.23919/ELINFOCOM.2018.8330613 |
| Citation Key | emeka_assessing_2018 |
- pubcrawl
- software security vulnerabilities
- software requirement specifications
- software development life cycle
- Software
- SOFL formal specifications
- SOFL
- Security Vulnerability Extraction
- security of data
- secure software product
- secure distributed systems
- Resiliency
- resilience
- Requirement Specifications
- composability
- password
- object-oriented languages
- object oriented security
- Natural languages
- Metrics
- Input variables
- highly interconnected world
- formal verification
- formal specifications
- Formal Specification
- formal languages
- Formal Language
- Computer bugs