Originally published on dl.acm.org.
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems, SESS 2011, Waikiki, Honolulu, HI, USA, May 22, 2011
Michele Co, Jack W. Davidson, Jason D. Hiser, John C. Knight, Anh Nguyen-Tuong, David Cok, Denis Gopan, David Melski, Wenke Lee, Chengyu Song, Thomas Bracewell, David Hyde and Brian Mastropietro
Because software provides much of the critical services for modern society, it is vitally important to provide methodologies and tools for building and deploying reliable software. While there have been many advances towards this goal, much research remains to be done. For example, a recent evaluation of five state-of-the-art C/C++ static analysis tools applied to a corpus of code containing common weaknesses revealed that 41% of the potential vulnerabilities were detected by no tool. The problem of deploying resilient software is further complicated because modern software is often assembled from components from many sources. Consequently, it is difficult to know who built a particular component and what processes were used in its construction. Our research goal is to develop and demonstrate technology that provides comprehensive, automated techniques that allow end users to safely execute new software of uncertain provenance. This paper presents an overview of our vision for realizing these goals and outlines some of the challenging research problems that must be addressed to realize our vision. We call our vision PEASOUP and have begun implementing and evaluating these ideas.