Detection of Malicious Code in COTS Software via Certifying Compilers

Abstract

Informtion technology is more and more a vitally important underpinning to our economy and to our society. It is embedded in everyday applications and animates a wide class of systems that range from small to large and from simple to extremely sophisticated. Among the probable threats for military information systems, the presence of malicious code within COTS applications has been identified as a major risk that has not received a lot of attention. Like a virus that has infiltrated an information system during an electronic information exchange, malicious code integrated into a commercial application could remain undetected and present a major risk for the safety of information within a military system. In this paper techniques to detect malicious code within commercial applications are reviewed. Emphasis is placed upon the certifying compiler, which enforces a formal security specification while compiling the source code. This emerging technology offers the most comprehensive and sustainable approach for large applications and for the periodic certification of upgrades.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2000
Accession Number
ADP010671

Entities

People

  • Martin Salois
  • Robert Charpentier

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Assembly
  • Assembly Languages
  • Compilers
  • Computer Program Documentation
  • Computer Programming
  • Computer Programs
  • Computers
  • Detection
  • Information Systems
  • Language
  • Object Code
  • Performance Tests
  • Programming Languages
  • Security
  • Symposia
  • System Software

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Software Engineering.
  • Systems Analysis and Design

Technology Areas

  • Microelectronics