Email RIS file
Bookmark
Report an Issue

Tools for Authentication [electronic resource].

Published
Washington, D.C. : United States. Dept. of Energy, 2008.
Oak Ridge, Tenn. : Distributed by the Office of Scientific and Technical Information, U.S. Dept. of Energy.
Physical Description
PDF-file: 8 pages; size: 0.1 Mbytes
Additional Creators
Lawrence Berkeley National Laboratory, United States. Department of Energy, and United States. Department of Energy. Office of Scientific and Technical Information
Access Online

Availability

I Want It
I Want It

Finding items...

Restrictions on Access
Free-to-read Unrestricted online access
Summary
Many recent Non-proliferation and Arms Control software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool must be based on a complete language compiler infrastructure, that is, one that can parse and digest the full language through its standard grammar. ROSE is precisely such a compiler infrastructure developed within DOE. ROSE is a robust source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C, C++, and FORTRAN. This year, it has been extended to support the automated analysis of binaries. We continue to extend ROSE to address a number of security-specific requirements and apply it to software authentication for Non-proliferation and Arms Control projects. We will give an update on the status of our work.
Report Numbers
E 1.99:llnl-conf-405315
llnl-conf-405315
Subject(s)
Other Subject(s)
Note
Published through SciTech Connect.
07/09/2008.
"llnl-conf-405315"
Presented at: Institute of Nuclear Materials Management, Nashville, TN, United States, Jul 13 - Jul 17, 2008.
White, G.
Funding Information
W-7405-ENG-48
View MARC record | catkey: 14344204