Information Technology Security Evaluation Using CERT C Secure Coding Standard
نویسندگان
چکیده
IT products developed without due consideration of security issues have caused many security accidents over the last ten years. As a result, the importance of security in software development is increasing. It is important to ensure that no known vulnerabilities remain in the design, development, and test stage, in order to develop secure IT products. Even when an IT product is designed securely, various security vulnerabilities can occur, such as buffer overflow, if the general coding technique is used at the development stage. Therefore, the introduction of secure coding rules becomes most critical in developing a robust information security product. This paper proposes a method of applying a secure coding standard in the CC evaluation process. The proposed method is expected to contribute to improving the security of IT products in the CC evaluation process.
منابع مشابه
Coccinelle: Tool support for automated CERT C Secure Coding Standard certification
Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the version currently being worked on) enumerates 122 rules and ...
متن کاملAn Online Learning Approach to Information Systems Security Education
ISBN 1-933510-96-X/$15.00 2011 CISSE Abstract –The demand for information systems security education has never been higher, while the availability of high-quality information systems security instruction and of well-qualified instructors are both extremely limited. Meeting the demand requires converting teaching from an individual activity to a community-based research activity. As a result, ...
متن کاملClang and Coccinelle: Synergising program analysis tools for CERT C Secure Coding Standard certification
Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the current version) enumerates 118 rules and 182 recommendation...
متن کاملMISRA C, for Security's Sake!
Athird of United States new cellular subscriptions in Q1 2016 were for cars. There are now more than 112 million vehicles connected around the world. The percentage of new cars shipped with Internet connectivity is expected to rise from 13% in 2015 to 75% in 2020, and 98% of all vehicles are likely to be connected by 2025. Moreover, the news is often reporting about “white hat” hackers intrudin...
متن کاملAn efficient secure channel coding scheme based on polar codes
In this paper, we propose a new framework for joint encryption encoding scheme based on polar codes, namely efficient and secure joint secret key encryption channel coding scheme. The issue of using new coding structure, i.e. polar codes in Rao-Nam (RN) like schemes is addressed. Cryptanalysis methods show that the proposed scheme has an acceptable level of security with a relatively smaller ke...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011