Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Tools for Authentication

Conference ·
OSTI ID:945642
Many recent Non-proliferation and Arms Control software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool must be based on a complete language compiler infrastructure, that is, one that can parse and digest the full language through its standard grammar. ROSE is precisely such a compiler infrastructure developed within DOE. ROSE is a robust source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C, C++, and FORTRAN. This year, it has been extended to support the automated analysis of binaries. We continue to extend ROSE to address a number of security-specific requirements and apply it to software authentication for Non-proliferation and Arms Control projects. We will give an update on the status of our work.
Research Organization:
Lawrence Livermore National Laboratory (LLNL), Livermore, CA
Sponsoring Organization:
USDOE
DOE Contract Number:
W-7405-ENG-48
OSTI ID:
945642
Report Number(s):
LLNL-CONF-405315
Country of Publication:
United States
Language:
English

Similar Records

Using Rose and Compass for Authentication
Conference · Thu Jul 09 00:00:00 EDT 2009 · OSTI ID:962808
Strengthening Software Authentication with the ROSE Software Suite
Conference · Thu Jun 15 00:00:00 EDT 2006 · OSTI ID:891724
An Extensible Open-Source Compiler Infrastructure for Testing
Conference · Thu Dec 08 23:00:00 EST 2005 · OSTI ID:928163

Related Subjects

99 GENERAL AND MISCELLANEOUS
ARMS CONTROL
COMPUTERS
DEFECTS
FORTRAN
NUCLEAR MATERIALS MANAGEMENT
OPTIMIZATION
PROLIFERATION
SECURITY