Security Evaluation and Hardening of Free and Open Source Software (FOSS)

Abstract

Recently, Free and Open Source Software (FOSS) emerged as an alternative to Commercial Off The Shelf (COTS) software. Now, FOSS are perceived as a viable long-term solution that deserves careful consideration because of its potential for significant cost savings, improved reliability, and support advantages over proprietary software. However, the secure integration of FOSS in IT infrastructures is very challenging and demanding. Methodologies and technical policies must be adapted to reliably compose large FOSS-based software systems. A DRDC Valcartier-Concordia University feasibility study completed in March 2004 concluded that the most promising approach for securing FOSS is to combine advanced design patterns and Aspect-Oriented Programming (AOP). Following the recommendations of this study a three years project has been conducted as a collaboration between Concordia University, DRDC Valcartier, and Bell Canada. This paper aims at presenting the main contributions of this project. It consists of a practical framework with the underlying solid semantic foundations for the security evaluation and hardening of FOSS.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2010
Accession Number
ADA546462

Entities

People

  • Mourad Debbabi
  • Robert Charpentier

Organizations

  • DRDC Valcartier

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Automata
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Graphical User Interface
  • Hardening
  • Java Programming Language
  • Language
  • Macroprogramming
  • Open Source Software
  • Programming Languages
  • Security
  • Software Development
  • Standards
  • Test And Evaluation
  • User Interface

Fields of Study

  • Computer science
  • Engineering

Readers

  • Defense Technology Research and Development.
  • Software Engineering.
  • Systems Analysis and Design