Project Proposal Author: Saurabh ShuklaVerifying security properties for systems written in JavaProblem Statement:Study the different security features of software systems. Study the security featuresprovided by the Java programming language. Identify tools that can be used to verify the securityof systems written in Java.Description:Security functions help you to protect your programs and data from harm, to keep datashielded and private. Security can be provided at different levels. The environment in which thesystem runs may provide various security features. As an example a software system running ona Linux machine will receive different level of security than a system running on a Windowsmachine. The programming language also provides various security features. Lastly, by writingsecure code we can enhance the security of the system.In this project, we will first study the security features that are common to all softwaresystems. Most of these features are provided by the environment in which the system runs. Thenwe will look at the various features provided by the Java programming language to ensure thatthe system is secure. We will also study the java coding guidelines published by SUN to ensurethe security of the system. Another important part of the project is to use tools to verify that the java system issecure. In this part we will study different tools and methods available to test that the systemconforms to the security specifications. Expected Result:We will understand different security features provided by the Java programminglanguage, techniques of using them efficiently, coding style to use to ensure safety of the systemwritten in java. Analysis of different tools and methods used to verify the security of a systemwritten in Java.References:1. Gary McGraw. Software Security: Building Security In. Boston: Addison-Wesley, 2006.2. Scot Oaks. Java Security. Published by O'Reilly, 2001. ISBN 05960015763. Li Gong, Gary Ellison, and Mary Dageforde. Inside Java 2 Platform Security. Boston, MA: Addison-Wesley, 2003.4. SUN. Java SE Security. http://java.sun.com/javase/technologies/security/index.jsp5. SUN. Secure Coding Guidelines for the Java Programming Language, version 2.0http://java.sun.com/security/seccodeguide.html6. Klaus Havelund, Jens Ulrik Skakkebaek. Applying Model Checking in Java Verification. In Proceedings of 6th SPIN Workshop, Toulouse, Sep 1999.Tools: 1. Java Application Verification Kit (AVK) - http://java.sun.com/j2ee/avk/2. JACK - http://www-sop.inria.fr/everest/soft/Jack/jack.html3. Java PathFinder - http://javapathfinder.sourceforge.net/4. ESC/Java - http://kind.ucd.ie/products/opensource/ESCJava2/1Project Proposal Author: Saurabh ShuklaProject Plan:Milestone Completion DateSurvey of security properties of software systems 5st October 2008Survey of security properties provided by Java 25th OctoberAnalysis of different tools for verifying security properties systems written in Java10th November 2008Project Report 1st Dec
View Full Document