Year
2010
Abstract
Many non-proliferation and arms control software projects require a software authentication component. Authentication is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists with appropriate domain knowledge, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide software development. Many commercial tools are available for portions of the authentication task, but they are proprietary and have limited extensibility. To augment these commercial tools, we are using LLNL’s ROSE software suite. ROSE is an open source, robust analysis and optimization infrastructure currently addressing large, million-line DOE applications inC++, and FORTRAN. It also supports the automated analysis of binaries ( x86 , ARM, aPowerPC). We continue to extend ROSE to address software authentication for nproliferation and arms control projects. We will give an update on the status of our work.