Static Analysis for Proactive Security

Michael Huth, Flemming Nielson

Research output: Chapter in Book/Report/Conference proceedingBook chapterResearchpeer-review

Abstract

We reflect on current problems and practices in system security, distinguishing between reactive security - which deals with vulnerabilities as they are being exploited - and proactive security - which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to proactive security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what security assurances it can attain. Next we argue that security models such as those for access control can also be statically analyzed to support proactive security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for proactive security in the practice of designing, implementing, and assuring future ICT systems.
Original languageEnglish
Title of host publicationComputing and Software Science
PublisherSpringer
Publication date2019
Pages374-92
Chapter19
ISBN (Print)978-3-319-91907-2
DOIs
Publication statusPublished - 2019
SeriesLecture Notes in Computer Science
Volume10000
ISSN0302-9743

Cite this

Huth, M., & Nielson, F. (2019). Static Analysis for Proactive Security. In Computing and Software Science (pp. 374-92). Springer. Lecture Notes in Computer Science, Vol.. 10000 https://doi.org/10.1007/978-3-319-91908-9_19
Huth, Michael ; Nielson, Flemming. / Static Analysis for Proactive Security. Computing and Software Science. Springer, 2019. pp. 374-92 (Lecture Notes in Computer Science, Vol. 10000).
@inbook{ea3613633ee14c63b718f3736a3cb9c8,
title = "Static Analysis for Proactive Security",
abstract = "We reflect on current problems and practices in system security, distinguishing between reactive security - which deals with vulnerabilities as they are being exploited - and proactive security - which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to proactive security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what security assurances it can attain. Next we argue that security models such as those for access control can also be statically analyzed to support proactive security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for proactive security in the practice of designing, implementing, and assuring future ICT systems.",
author = "Michael Huth and Flemming Nielson",
year = "2019",
doi = "10.1007/978-3-319-91908-9_19",
language = "English",
isbn = "978-3-319-91907-2",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "374--92",
booktitle = "Computing and Software Science",

}

Huth, M & Nielson, F 2019, Static Analysis for Proactive Security. in Computing and Software Science. Springer, Lecture Notes in Computer Science, vol. 10000, pp. 374-92. https://doi.org/10.1007/978-3-319-91908-9_19

Static Analysis for Proactive Security. / Huth, Michael; Nielson, Flemming.

Computing and Software Science. Springer, 2019. p. 374-92 (Lecture Notes in Computer Science, Vol. 10000).

Research output: Chapter in Book/Report/Conference proceedingBook chapterResearchpeer-review

TY - CHAP

T1 - Static Analysis for Proactive Security

AU - Huth, Michael

AU - Nielson, Flemming

PY - 2019

Y1 - 2019

N2 - We reflect on current problems and practices in system security, distinguishing between reactive security - which deals with vulnerabilities as they are being exploited - and proactive security - which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to proactive security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what security assurances it can attain. Next we argue that security models such as those for access control can also be statically analyzed to support proactive security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for proactive security in the practice of designing, implementing, and assuring future ICT systems.

AB - We reflect on current problems and practices in system security, distinguishing between reactive security - which deals with vulnerabilities as they are being exploited - and proactive security - which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to proactive security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what security assurances it can attain. Next we argue that security models such as those for access control can also be statically analyzed to support proactive security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for proactive security in the practice of designing, implementing, and assuring future ICT systems.

U2 - 10.1007/978-3-319-91908-9_19

DO - 10.1007/978-3-319-91908-9_19

M3 - Book chapter

SN - 978-3-319-91907-2

T3 - Lecture Notes in Computer Science

SP - 374

EP - 392

BT - Computing and Software Science

PB - Springer

ER -

Huth M, Nielson F. Static Analysis for Proactive Security. In Computing and Software Science. Springer. 2019. p. 374-92. (Lecture Notes in Computer Science, Vol. 10000). https://doi.org/10.1007/978-3-319-91908-9_19