Rechercher des projets européens

A Source code analysis Toolbox for software security AssuraNCE (STANCE)
Date du début: 1 oct. 2012, Date de fin: 30 sept. 2015 PROJET  TERMINÉ 

The immunity of a system to malicious third parties trying to modify its behaviour (e.g. to perform unauthorized actions) is called security. Ensuring this feature in information and communication technologies is a requirement for establishing a trustworthy Information Society. Several strategies can be explored to deal with this problem. One of them, called program analysis, relies on formal techniques to semi-automatically detect unintended behaviours in software systems. This approach allows the verification and secure exploitation of legacy and commercial-off-the-shelf components.Yet in the domain of security, program analysis techniques are still in infancy. They face several challenges, among which the incomplete detection of security flaws, and limited support both for programming languages and industrial verification procedures. These challenges are hindering the adoption of program analysis tools as part of security assurance practices and certification standards compliance checks.The objective of STANCE is to drive scientific and technological breakthroughs in the domain of software security. Over three years, STANCE will define, implement and validate a set of program analysis tools capable of verifying the security of complex software systems made in C, C++ and Java. STANCE proposes to build on existing assets: formal methods, state-of-the-art static and dynamic program analysis tools, security evaluation expertise, and industry-specific knowledge will be used and significantly extended. The resulting program analysis toolbox and supporting methods will increase the trustworthiness and the cost-effectiveness of existing security-oriented processes. These innovations will durably alter the domain of software security assurance, with broad consequences on its legal, societal, and economic aspects.STANCE gathers the expertise of 10 organisations from 5 countries, including 4 leading industrial partners, 2 SMEs and 4 academic and research partners.



9 Participants partenaires