Abstract Details

<< Back to Schedule

10/13/2015  |   3:15 PM - 4:00 PM   |  Pacific II

Secure Coding Frameworks

This presentation explores a unique and innovative approach for developing safe, secure and reliable software from the ground up through the development and application of secure coding frameworks. Mainstream programming languages have built-in numeric flaws that can result in significant security vulnerabilities. The standard libraries have string classes that are often flawed or misused. Standard libraries are rarely robust enough to support secure coding. The truth of the matter is that these programming languages were designed as general purpose development platforms and never really designed with secure coding in mind. By employing static analysis tools, developers can rework their vulnerable source code in accordance with the SEI Secure Coding Standards for supported programming languages (C, C++, Java or Perl) or language agnostic guidelines of the Open Web Application Security Project (OWASP). But developing secure code this way can be prohibitively difficult and expensive. Even the best static analysis tools can find only a fraction of the security vulnerabilities in your code. It is no wonder that developing secure code is so difficult. The proposed solution here to the difficulty associated with developing safe, secure and reliable code is to provide developers with a Secure Coding Framework (SCF). The SCF software architecture provides developers with a solid foundation that eliminates security vulnerabilities of the underlying programming language and provides additional constructs to support needed functionality required of the target development effort. The SCF works through the application of technology referred to as Cybersecurity through Lexical and Symbolic Proxy (CLaSP). CLaSP encapsulates and substitutes lexical elements (primitives) with safe classes. It also encapsulates and substitutes symbolic elements (operators) with safe methods. CLaSP is the patentable idea that defines the entire process of transforming any general purpose object-oriented (OO) programming language (with inherent cyber security vulnerabilities) into a safe, secure and reliable coding platform. As it is planned, the SCF applies only to OO programming languages, but nine (9) out of ten (10) of the most popular programming languages are in fact OO. This presentation will provide a detailed description of the concept, design, benefits and other interesting facts surrounding CLaSP and the SCF. The intent is to share the idea and obtain buy-in from the cybersecurity community.

This presentation has not yet been uploaded.

No handouts have been uploaded.

Tim Kertis (Primary Presenter,Author), Raytheon Intelligence, Information and Services (IIS), timkertis@sbcglobal.net;
Tim Kertis is a Chief Software Architect at Raytheon Intelligence, Information and Services (IIS), Indianapolis. He holds a Master of Science degree in Computer & Information Science from Purdue at Indiana University Purdue University at Indianapolis (IUPUI). He is a Software Architecture Professional through the Software Engineering Institute (SEI), Carnegie-Mellon University. He has over thirty (30) years of diverse software engineering experience. He is the creator of the Secure Coding Framework (SCF), the author of the Java Secure Coding Framework (JSCF) and the inventor of Cybersecurity thru Lexical and Symbolic Proxy (CLaSP) technology.

2013 Sponsors: IEEE and IEEE Computer Society