Static Analysis for Proactive Security

Michael Huth, Flemming Nielson

Research output: Chapter in Book/Report/Conference proceedingBook chapterResearchpeer-review

Abstract

We reflect on current problems and practices in system security, distinguishing between reactive security - which deals with vulnerabilities as they are being exploited - and proactive security - which means to make vulnerabilities un-exploitable by removing them from a system entirely. Then we argue that static analysis is well poised to support approaches to proactive security, since it is sufficiently expressive to represent many vulnerabilities yet sufficiently efficient to detect vulnerabilities prior to system deployment. We further show that static analysis interacts well with both confidentiality and integrity aspects and discuss what security assurances it can attain. Next we argue that security models such as those for access control can also be statically analyzed to support proactive security of such models. Finally, we identify research problems in static analysis whose solutions would stand to improve the effectiveness and adoption of static analysis for proactive security in the practice of designing, implementing, and assuring future ICT systems.
Original languageEnglish
Title of host publicationComputing and Software Science
PublisherSpringer
Publication date2019
Pages374-92
Chapter19
ISBN (Print)978-3-319-91907-2
DOIs
Publication statusPublished - 2019
SeriesLecture Notes in Computer Science
Volume10000
ISSN0302-9743

Cite this

Huth, M., & Nielson, F. (2019). Static Analysis for Proactive Security. In Computing and Software Science (pp. 374-92). Springer. Lecture Notes in Computer Science, Vol.. 10000 https://doi.org/10.1007/978-3-319-91908-9_19