Secure Coding Analysis of an AADL Code Generator's Runtime System

Abstract

Architecture Analysis and Design Language (AADL) is a foundation for creating model-based reliable systems. Its roots are in the safety community, specifically transportation engineering. The conditions for assuring safety and security often overlap, but they are not identical. As part of an investigation into using AADL for security applications, this paper describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator. The overall quality of the code is found to be high. However, several potential out-of-bounds stores were discovered, which opens up the possibility of buffer overflow attacks. The techniques for finding these situations are described, along with recommendations for their elimination and prevention.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2015
Accession Number
AD1128167

Entities

People

  • David Keaton

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • C Programming Language
  • Computer Programming
  • Computer Programs
  • Computers
  • Denial Of Service Attack
  • Department Of Defense
  • Device Drivers
  • Engineering
  • Failure Mode And Effect Analysis
  • Guarantees
  • High Level Languages
  • International Organizations
  • Language
  • Mobile Phones
  • Operating Systems
  • Programming Languages
  • Software Development
  • Standards
  • United States
  • Vulnerability

Fields of Study

  • Computer science
  • Engineering

Readers

  • Aviation Safety Risk Assessment.
  • Parallel and Distributed Computing.
  • Software Engineering.