In this paper we present our experience in developing a security application using a typed functional language. We describe how the formal grounding of its semantic and compiler have allowed for a trustworthy development and have facilitated the fulfillment of the security specification.
Manually proving software level <i>Freedom From Interference</i> is really difficult because it requires the identification of all code statements where an interference may happen. Static analysis enables the automatic identification of code statement leading to interferences and SafeRiver has developed a static tool for software level interferences… (More)
While the use of XML is pervading all areas of IT, security challenges arise when XML files are used to transfer security data such as security policies. To tackle this issue, we have developed a lightweight secure XML validator and have chosen to base the development on the strongly typed functional language OCaml. The initial development took place as… (More)
— This paper answers an industrial question: " Given the specification of input values, is it possible to verify that the source code of a program is robust with respect to erroneous inputs and memory alterations? ". We show that such verification is possible but quite complex to perform manually and we propose a semi-automatic solution. Our work is… (More)