Abstract
The system titled Secure Coding Assistant was developed to automate early detection for a subset of the Java secure coding rules specified by the SEI CERT at the Carnegie Mellon University. This system can help Java programmers significantly reduce security vulnerabilities in their code caused by the violations of secure coding rules. Since other software defects can also lead to security vulnerabilities, efforts have been taken to extend Secure Coding Assistant aiming at empowering programmers to detect, locate and remove code errors during coding time. This paper presents an enhancement to Secure Coding Assistant by a combination of Design by Contract and Programming Logic. Java programmers using this system are advised to provide their design contracts, i.e., logic assertions, for program structures of methods, if-then-else statements and while-loop statements. The design contracts defined by programmers can be automatically checked at the time of their program execution. To further facilitate the process of detecting and locating of code errors, using the programmers-defined design contracts, sub-design contracts can be automatically generated by the system based on the inference rules for the if-then-else statement and the while-loop statement in programming logic. The sub-design contracts generated by the system can also be automatically checked at dynamic time. In addition, based on the assignment axiom and the inference rule for the sequence statement in programming logic, the weakest pre-conditions of certain assignment sequences can be automatically generated from the post-conditions of the sequences, enabling programmers to statically analyze the correctness of the corresponding design contracts they specify. With the enhancement presented, Secure Coding Assistant can assist programmers for the early detections of not only secure coding rule violations but also errors in code. These early detections are performed in unison with the coding process to pursue software security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aldausari, N., Zhang, C., Dai. J.: Combining design by contract and inference rules of programming logic towards software reliability. In: Proceedings of SECRYPT 2018 (2018)
Bartetzko, D., Fischer, C., Möller, M., Wehrheim, H.: Jass — Java with assertions. Electron. Notes Theor. Comput. Sci. 55(2), 103–117 (2001)
Cybercrime Facts and Statistics. https://1c7fab3im83f5gqiow2qqs2k-wpengine.netdna-ssl.com/wp-content/uploads/2021/01/Cyberwarfare-2021-Report.pdf
Kramer, R.: iContract - the Java(tm) design by contract(tm) tool. In: Proceedings of the Technology of Object-Oriented Languages and Systems (1998)
Li, C., Dai. J., Zhang, C.: Enhancing secure coding assistant with error correction and contract programming. In: Proceedings of the National Cyber Summit, 6–8 June 2017 (2017)
Le, N.M.: Cofoja github page. http://github.com/nhatminhle/cofoja
Liang, W.: Combining design by contract and programming logic to enhance secure coding assistant system. MS Project Report, California State University, Sacramento, May 2021
Meyer, B.: Eiffel: a language for software engineering. Technical Report TR-CS-85-19 University of California, Santa Barbara (1985)
Meyer, B.: Applying ‘design by contract.’ Computer 25(10), 40–51 (1992). https://doi.org/10.1109/2.161279
Meyer, B.: Introduction to the Theory of Programming Languages. Prentice Hall, Hoboken (1990)
Melnik, V., Dai, J., Zhang, C., White, B.: Enforcing secure coding rules for the C programming language using the eclipse development environment. In: Choo, K.-K.R., Morris, T.H., Peterson, G.L. (eds.) NCS 2019. AISC, vol. 1055, pp. 140–152. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-31239-8_12
OpenJML. http://www.openjml.org/
Slonneger, K., Kurtz, B.L.: Formal Syntax and Semantics of Programming Languages. Addison Wesley, Boston (1995)
SEI CERT Coding Standards. https://wiki.sei.cmu.edu/confluence/display/seccode
SEI CERT C Coding Standard. https://wiki.sei.cmu.edu/confluence/display/c/SEI+CERT+C+Coding+Standard
SEI CERT Oracle Coding Standard for Java. https://wiki.sei.cmu.edu/confluence/display/java/SEI+CERT+Oracle+Coding+Standard+for+Java
The Hidden Costs of Cybercrime. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf
White, B., Dai. J., Zhang, C.: Secure coding assistant: enforcing secure coding practices using the eclipse development environment. National Cyber Summit (2016)
White, B., Dai, J., Zhang, C.: An early detection tool in eclipse to support secure coding practices. Int. J. Inf. Priv. Secur. Integr. 3(4), 284–309 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Liang, W., Zhang, C., Dai, J. (2022). Enhancing Secure Coding Assistant System with Design by Contract and Programming Logic. In: Choo, KK.R., Morris, T., Peterson, G., Imsand, E. (eds) National Cyber Summit (NCS) Research Track 2021. NCS 2021. Lecture Notes in Networks and Systems, vol 310. Springer, Cham. https://doi.org/10.1007/978-3-030-84614-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-84614-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84613-8
Online ISBN: 978-3-030-84614-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)