Font Size: a A A

The Design And Implementation Of Secure Coding Tool

Posted on:2008-08-02Degree:MasterType:Thesis
Country:ChinaCandidate:L LvFull Text:PDF
GTID:2178360245493125Subject:Computer application technology
Abstract/Summary:
Security software engineering produces kinds of methods and standards to develop secure software. An integrated developing environment provides tools for threat modeling secure coding secure testing and secure maintenance according to each phase of the software engineering. The paper provides a methed to find and repair potential security bugs, aiming for reducing the cost of mending extra expense of security bugs.The paper mainly brings up a frame of the secure software developing integrated environment. In addition, also a secure coding auxiliary tool is designed and implemented. According the tool, three function modules are mentioned: threat code analysing module, threat code base module and code obfuscation module. Threat code analysing modul scans the source code, turns it to AST (Abstract Sytax Tree) and discovers the threat code which may induce security bugs. Besides, an expandable threat code base is constructed, by which users can store and manage the threat code segments. At last, code obfuscation module obfuscates the C/C++ source code to protect the software and increase the cost of reverse engineering.The tool is implemented on the Eclipse environment based on the CDT. That makes full use of the flexibility and expansibility of Eclipse Plug-in. The development of secure coding auxiliary tool has played the very important role in developing secure software and reducing security bugs in the implement phase of software engineering.
Keywords/Search Tags:Secure Software Engineering, Secure Coding, Code Obfuscation, AST
Related items