LDRA for Security Critical Software Development and Certification

LDRA announced a new security-critical development and certification solution. LDRA has extended its implementation of the CERT C secure coding standard to also meet Multiple Independent Levels of Security (MILS) and new Homeland Security criteria for security-critical software development. Recognizing that static analysis does not expose all software security vulnerabilities, LDRA has integrated this solution into its entire tool suite from analysis through test and requirements traceability.

LDRA tool suite automated process for security-critical software development and certification

LDRA Security-Critical Solution Highlights

  • Structural Coverage Analysis and the determination of code structures which have not been exercised by the requirements-based test procedures.
  • Control Coupling that provides a visual representation of the control coupling dependence of a given software component on those components that call it or are called by it, including calling frequency.
  • Data Coupling that provides information in both the static and dynamic analysis domains, showing all instances of the data items accessed by a software component.
  • Requirements Coverage (Traceability) which focuses on verification of whether code properly implements security requirements and the adequacy of those requirements.
  • Testing and Structural Code Coverage Measurement that imposes strict structural coverage analysis objectives on the software according to the Common Criteria standard.

With the latest release, LDRA brings together two primary types of security that: (1) Can be enforced by static analysis and involves adherence to specific coding rules and creating a firewall that protects a system from the outside world and (2) Requires a security critical development process and the partitioning of one security level from another within the same system. By combining both of the approaches, LDRA enables developers to not only identify errant and vulnerable code at the language level, but to also find algorithmically deviant code such as a malformed HTTP request which may be correctly coded, but represents a security breach.

LDRA also enhanced its Zero Defect Software Development methodology which integrates and automates software processes from requirements traceability through code, quality, and design review to unit test and test verification with the practices required by MILS/Common Criteria.

The LDRA tool suite is available for C, C++, Ada 83, Ada 95 and Assembly systems. It is a highly scalable solution that works with large-scale commercial and production systems and is excellent for both legacy code and new code development verification.

More info: LDRA Technology