Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

Secure Coding Analysis of an AADL Code Generator's Runtime System

  • September 2015
  • By David Keaton
  • This paper describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator.
  • Cybersecurity Engineering
  • Publisher: Software Engineering Institute
  • Abstract

    Architecture Analysis and Design Language (AADL) is a foundation for creating model-based reliable systems. Its roots are in the safety community, specifically transportation engineering. The conditions for assuring safety and security often overlap, but they are not identical. As part of an investigation into using AADL for security applications, this paper describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator. The overall quality of the code is found to be high. However, several potential out-of-bounds stores were discovered, which opens up the possibility of buffer overflow attacks. The techniques for finding these

  • Download