Tools for Authentication [electronic resource].
- Washington, D.C. : United States. Dept. of Energy, 2008.
Oak Ridge, Tenn. : Distributed by the Office of Scientific and Technical Information, U.S. Dept. of Energy.
- Physical Description:
- PDF-file: 8 pages; size: 0.1 Mbytes
- Additional Creators:
- Lawrence Berkeley National Laboratory
United States. Department of Energy
United States. Department of Energy. Office of Scientific and Technical Information
- Many recent Non-proliferation and Arms Control software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool must be based on a complete language compiler infrastructure, that is, one that can parse and digest the full language through its standard grammar. ROSE is precisely such a compiler infrastructure developed within DOE. ROSE is a robust source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C, C++, and FORTRAN. This year, it has been extended to support the automated analysis of binaries. We continue to extend ROSE to address a number of security-specific requirements and apply it to software authentication for Non-proliferation and Arms Control projects. We will give an update on the status of our work.
- Published through SciTech Connect.
Presented at: Institute of Nuclear Materials Management, Nashville, TN, United States, Jul 13 - Jul 17, 2008.
- Funding Information:
View MARC record | catkey: 14344204