Type-based enforcement of secure programming guidelines
Security is becoming increasingly important for software development. With the increased connectivity of modern systems, today almost all software is exposed to security threats of some form. To address this issue, expert knowledge of secure software development has been captured in the form of programming guidelines and best practices. However, such guidelines are only if effective if they are applied correctly. This project develops automatic methods for checking adherence to programming guidelines during system development. This helps developers to identify potential security issues already during development.
The GuideForce project develops a lightweight static analysis method for the Java programming language. It combines ideas from type systems and abstract interpretation and improves the state of the art of scalable automatic program analysis methods.
The main goals of the project are: