Component-Based Software (October 1997)
Certifying Security in Electronic Commerce Components
Design a rigorous process and core testing technologies for assuring the security of software components, a key enabling technology for Internet-based electronic commerce.
Sponsor: Cigital, Inc. (formerly Reliable Software Technologies Corporation)21515 Ridgetop Circle
Sterling, VA 20166
Many mainstream businesses are using the Internet to distribute information and to pursue electronic commerce, but concerns about the security of private information have hindered the growth of electronic commerce. Electronic commerce over the open Internet has the potential to radically expand the market for software components and to eliminate barriers to software distribution, expanding the market in available components and reducing barriers to entry for new component vendors; however, the Internet also involves security risks. Current encryption approaches secure the data transmission medium while leaving the server and client software communicating over that medium potentially vulnerable. Hackers can attack the relatively unprotected software at either end of a transaction rather than the relatively secure link between them. Security is not typically addressed during software development. Reliable Software Technologies proposes to move security analysis from ad-hoc penetrate-and-patch methods to a rigorous, mathematically sound methodology. RST will implement this methodology in testing technology for assuring the security of software components used to build Internet-based commerce applications. While the proposed methodology and testing technology will be generally applicable, this project will focus initially on components for the Java framework which has received broad acceptance from the distributed and network software development communities. The proposed security certification pipeline would integrate various component-testing tools and processes (e.g., fault injection to determine the effect of program corruptions on security) and analysis of system-level interfaces to determine whether a failure in one component will corrupt other components. The key technical challenges are to develop broadly applicable rigorous analysis methods, implement these in tools, and integrate these tools into a mathematically sound comprehensive security testing process. The company will build a prototype environment for testing complete systems. Once a component is tested and found to meet minimum thresholds, a "stamp of approval" would be issued in the form of a digital signature, which would assure a user that no alterations had been made since the security certification. If successful, the project will pave the way for growth in electronic commerce. Even if electronic commerce fails to attain the projected annual market of $100 billion or more, the direct and indirect benefits of software security are estimated at $10 billion annually.