Using model-driven development to reduce system software security vulnerabilities

Using model-driven development to reduce system software security vulnerabilities

Guy Broadfoot, Verum Software Technologies
embedded.com (March 09, 2014)

The majority of embedded software developers using traditional programming languages such as C and C++ make use of processes and techniques inherent in the language to improve reliability and reduce security flaws. However, another approach that has met with increasing success is the use of model-driven design (MDD).

The premise of MDD is to raise the abstraction of software development from the low-level imperative programming language that is fraught with opportunities to shoot one’s self in the foot to a higher-level modeling language that reduces the distance between design and implementation and by doing so reduces the flaws that lead to security and safety failures.

Modeling lends itself better to formal proofs of specifications and security policies than do traditional programming languages. Indeed, a side benefit of using some MDD platforms – especially the ones that support formal methods and automatic code generation - is the ability to make formal arguments regarding the correspondence between specification, design, and implementation, a core challenge in all formal approaches. The following will deal with MDD methods that lend themselves to formal analysis and therefore raise the assurance of quality, safety, and security.

To read the full article, click here