Accession Number:

ADB381215

Title:

Embedded Information Systems Technology Support (EISTS). Task Order 0006: Vulnerability Path Analysis and Demonstration (VPAD). Volume 2 - White Box Definitions of Software Fault Patterns

Descriptive Note:

Final rept. 31 Mar 2009-30 Nov 2011

Corporate Author:

LOCKHEED MARTIN INC FORT WORTH TX

Personal Author(s):

• Calloni, Ben A.
• Campana, Djenana
• Mansourov, Nikolai

Report Date:

2011-12-01

Pagination or Media Count:

176.0

Abstract:

AFRLs Embedded Information Systems Technology Support EISTS contract vehicle was used to support the Vulnerability Path Analysis and Demonstration VPAD project sponsored by the Office of the Assistant Secretary of Defense OASD for Network and Information Integration NII - Department of Defense DoD Chief Information Officer CIO, supporting the Globalization Task Force Information Assurance. In this effort, LM Aero and KDM Analytics were tasked to support OASD in providing continued research in the area of Software Assurance SwA and to further work toward the development of SwA Ecosystem based on Object Management Group OMG standards. Focus of this effort was to advance semantic formalisms of Software Fault Patterns weaknesses and to create a Test Case Generator TCG capable of automatically generate various programming language test cases of fault code constructs. Such constructs could then serve as test cases to test the effectiveness of various static code analysis tools, thus providing enhanced tooling to reduce software vulnerabilities. This volume focuses on the Software Fault Pattern work performed by KDM Analytics.

Descriptors:

• *COMPUTER NETWORK SECURITY
• *EMBEDDED SYSTEMS
• *INFORMATION ASSURANCE
• *INFORMATION SYSTEMS
• *VULNERABILITY
• COMPUTER PROGRAMS
• SOFTWARE ENGINEERING

Subject Categories:

• Information Science
• Computer Programming and Software
• Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE