Static Analysis for Proactive Security

Michael Huth, Flemming Nielson

Research output: Chapter in Book/Report/Conference proceedingBook chapterResearchpeer-review


We reflect on current problems and practices in system security, distinguishing between reactive security - which deals with vulnerabilities as they are being exploited - and proactive security - which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to proactive security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what security assurances it can attain. Next we argue that security models such as those for access control can also be statically analyzed to support proactive security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for proactive security in the practice of designing, implementing, and assuring future ICT systems.
Original languageEnglish
Title of host publicationComputing and Software Science
Publication date2019
ISBN (Print)978-3-319-91907-2
Publication statusPublished - 2019
SeriesLecture Notes in Computer Science

Cite this

Huth, M., & Nielson, F. (2019). Static Analysis for Proactive Security. In Computing and Software Science (pp. 374-92). Springer. Lecture Notes in Computer Science, Vol.. 10000