Oct. 01, 2012 to Sep. 30, 2015
The STANCE (Source code analysis Toolbox for software security AssuraNCE) project was tasked with researching and developing technologies that guarantee the security of software against attacks. Ten European partners from science and industry want to provide a toolbox for source code analyses, which can be used to verify that software systems are immune to certain categories of attacks. Whit these technologies, software developers can prove that programs and their functionalities always correspond to their behavior, which was specified beforehand. In the STANCE project, a series of program analysis tools capable of verifying the attack security of complex software systems are to be defined, implemented and validated.
Researchers from SQC are supporting the project in formally describing security requirements and defining specification languages for C++ and Java. They write various examples, which are firstly used as test programs for the newly developed tools and secondly also serve the purpose of familiarizing software developers with these new techniques, in the specification languages.