Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Strengthening Software Authentication with the ROSE Software Suite

Conference ·
OSTI ID:891724
Many recent nonproliferation and arms control software projects include a software authentication regime. These include U.S. Government-sponsored projects both in the United States and in the Russian Federation (RF). This trend toward requiring software authentication is only accelerating. Demonstrating assurance that software performs as expected without hidden ''backdoors'' is crucial to a project's success. In this context, ''authentication'' is defined as determining that a software package performs only its intended purpose and performs said purpose correctly and reliably over the planned duration of an agreement. In addition to visual inspections by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs, both to aid visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary and not extensible. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool has to be based on a complete language compiler. ROSE is precisely such a compiler infrastructure developed within the Department of Energy (DOE) and targeted at the optimization of scientific applications and user-defined libraries within large-scale applications (typically applications of a million lines of code). ROSE is a robust, source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C and C++ (handling the full C, C99, C++ languages and with current collaborations to support Fortran90). We propose to extend ROSE to address a number of security-specific requirements, and apply it to software authentication for nonproliferation and arms control projects.
Research Organization:
Lawrence Livermore National Laboratory (LLNL), Livermore, CA
Sponsoring Organization:
USDOE
DOE Contract Number:
W-7405-ENG-48
OSTI ID:
891724
Report Number(s):
UCRL-CONF-222171
Country of Publication:
United States
Language:
English

Similar Records

Tools for Authentication
Conference · Wed Jul 09 00:00:00 EDT 2008 · OSTI ID:945642
Using Rose and Compass for Authentication
Conference · Thu Jul 09 00:00:00 EDT 2009 · OSTI ID:962808
ROSE Version 1.0
Software · Thu Feb 17 00:00:00 EST 2005 · OSTI ID:1245754

Related Subjects

11 NUCLEAR FUEL CYCLE AND FUEL MATERIALS
98 NUCLEAR DISARMAMENT, SAFEGUARDS, AND PHYSICAL PROTECTION
99 GENERAL AND MISCELLANEOUS
ARMS CONTROL
COMPUTERS
DEFECTS
NUCLEAR MATERIALS MANAGEMENT
OPTIMIZATION
PROLIFERATION
RUSSIAN FEDERATION
SECURITY