Skip to main content

Secure and Safe Systems based on Static Analysis

Article Category

Article available in the folowing languages:

Analyses solver engine to outperform XSB Prolog

Known as the Succinct Solver V2.0, an analysis engine for solving data and control flow problems has been developed. Whereas this is nothing special in itself, this particular engine is written in Standard Manipulation Language; which means that it can significantly outperform XSB Prolog.

Digital Economy

In recent years static analysis of programs has become proven technology for the implementation of compilers and interpreters. And, two good examples of where static analyses techniques have been used are, the software re-engineering techniques used in the Y2K problem and software validations as for Ariane V. The objectives of the originating project were to assess the scalability of static analyses technology and validate its security and safety aspects for realistic languages and applications. This led to the identification of two all important security sectors, namely smart cards and Internet programming, whereupon the focused efforts concentrated on Java and its dialect Java card. The Succinct Solver itself was facilitated via Reqs, a program analyser back-end created by Inria. This was developed within a constraint-based static analyser that uses the Carmel language, an intermediate representation of Java Card byte code. Reqs solves systems of constraints over lattices, whilst the analyser itself is implemented using a modular constraint generation technique, and is designed to analyse fragments of Java programs. Providing a secure basis for studying Java components and interfaces, the constraint-based static analyser coupled with a modular verification technique analyses fragments of Java programs. As for the Succinct Solver, it was benchmarked against other solvers that mainly use XSB Prolog and DeMoney as the main test program, so that it could outperform the competition. Hence, this solver is particularly useful for security properties of Java Card byte-code, access control features of mobile and discretionary ambients', and validation of protocol narrations in suitable algebra processes. Therefore developments such as the Succinct Solver, Reqs and the constraint-based static analyser should ensure the safety and security for visibility modifiers and shareable interfaces for the future to come.

Discover other articles in the same domain of application