A Source code analysis Toolbox for software security AssuraNCE

Latest news

Frama-C Day 2016

 

In a society driven by information technologies and communication, the safety and security of software have become crucial challenges. Frama-C is a software analysis platform that enables the design, implementation, and dissemination of formal verification solutions.

Speakers at the Frama-C Day will demonstrate and discuss innovative approaches to software analysis, from both academic and industrial points of views.

In addition to invited presentations, this will be a space for community discussions, updates on new developments, and upcoming projects.

Click here for more details

Read More

STANCE is quoted among the technical projects in the FP7 Handbook published by the project SECCORD

The project SECCORD - organiser of the Cybersecurity and Privacy Forum - has assembled and edited two overviews of Trust and Security projects in FP7. The handbook provides a comprehensive view of the European Commission's FP7 activities in the field of cybersecurity and online privacy.

Click here to download the document

Read More

Publications

Shield Synthesis: Runtime Enforcement for Reactive Systems

Roderick Bloem, Bettina Könighofer, Robert Könighofer, Chao Wang

Synthesizing cooperative reactive mission plans

Rüdiger Ehlers, Robert Könighofer, Roderick Bloem

Cooperative Reactive Synthesis

Roderick Bloem, Rüdiger Ehlers, Robert Könighofer

A Source code analysis Toolbox for software security AssuraNCE


STANCE is a multi-disciplinary initiative with the objective of driving scientific and technological breakthroughs in the domain of software security. Over three years, STANCE will define, implement and validate a set of program analysis tools capable of verifying the security of complex software systems made in C, C++ and Java. STANCE proposes to build on existing assets: formal methods, state-of-the-art static and dynamic program analysis tools, security evaluation expertise, and industry-specific knowledge will be used and significantly extended. The resulting program analysis toolbox and supporting methods will increase the trustworthiness and the cost-effectiveness of existing security-oriented processes. These innovations will durably alter the domain of software security assurance, with broad consequences on its legal, societal, and economic aspects.

More specifically, the objective of STANCE is to define, implement and distribute a toolbox – a set of source code analysis tools – capable of verifying the security properties of applications written in C, C++, and Java. STANCE will rely on existing analysis tools:

  • The Frama-C platform, an extensible and collaborative platform dedicated to the source-code analysis of C software
  • The VeriFast verifier, an analyser for C and Java source code annotated with formulas written in separation logic
  • The Flinder tool, which does injection-based white box security testing, allowing deep inspection of function-level code constructs


 

 

 

STANCE is a project funded by the European Commission, under the ICT theme of the Seventh Framework Programme