Security Evaluation and Hardening of FOSS


  1. Charpentier, R.
  2. Debbabi, M.
Corporate Authors
Defence R&D Canada - Valcartier, Valcartier QUE (CAN);Concordia Univ, Montreal QUE (CAN)
Recently, Free and Open Source Software (FOSS) emerged as an alternative to Commercial Off-The-Shelf (COTS) software. Now FOSS are perceived as a viable long-term solution that deserves careful consideration because of its potential for significant cost savings, improved reliability, and support advantages over proprietary software. However, the secure integration of FOSS in IT infrastructures is very demanding and methodologies must be adapted to reliably compose large FOSS-based software systems. A novel approach based on Aspect-Oriented Programming (AOP) was designed and tested in order to automate the security hardening process through a 4-year R&D effort carried-out at Concordia University under the leadership of DRDC Valcartier, Bell Canada and the Natural Sciences and Engineering Research Council of Canada. This paper presents this practical framework with the underlying solid semantic foundations for the security evaluation and hardening of FOSS. It also demonstrates with real-life software packages (eight well-known FOSS) that real-life vulnerabilities can be mitigated by this efficient paradigm (31 rules and 21 recommendations of the CERT standard).
Report Number
DRDC-VALCARTIER-SL-2010-058 — Scientific Literature
Date of publication
01 Mar 2010
Number of Pages
Document Image stored on Optical Disk

Permanent link

Document 1 of 1

Date modified: