skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Tools for Authentication

Conference ·
OSTI ID:945642

Many recent Non-proliferation and Arms Control software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs of each project (projects can have both common and custom rules to detect flaws and security holes). Any such extensible tool must be based on a complete language compiler infrastructure, that is, one that can parse and digest the full language through its standard grammar. ROSE is precisely such a compiler infrastructure developed within DOE. ROSE is a robust source-to-source analysis and optimization infrastructure currently addressing large, million-line DOE applications in C, C++, and FORTRAN. This year, it has been extended to support the automated analysis of binaries. We continue to extend ROSE to address a number of security-specific requirements and apply it to software authentication for Non-proliferation and Arms Control projects. We will give an update on the status of our work.

Research Organization:
Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
W-7405-ENG-48
OSTI ID:
945642
Report Number(s):
LLNL-CONF-405315; TRN: US0901041
Resource Relation:
Conference: Presented at: Institute of Nuclear Materials Management, Nashville, TN, United States, Jul 13 - Jul 17, 2008
Country of Publication:
United States
Language:
English

Similar Records

Strengthening Software Authentication with the ROSE Software Suite
Conference · Thu Jun 15 00:00:00 EDT 2006 · OSTI ID:945642
Using Rose and Compass for Authentication
Conference · Thu Jul 09 00:00:00 EDT 2009 · OSTI ID:945642
Parallel Object-Oriented Framework Optimization
Conference · Tue May 01 00:00:00 EDT 2001 · OSTI ID:945642

Related Subjects

99 GENERAL AND MISCELLANEOUS
ARMS CONTROL
COMPUTERS
DEFECTS
FORTRAN
NUCLEAR MATERIALS MANAGEMENT
OPTIMIZATION
PROLIFERATION
SECURITY