David P. Gilliam

Learn More
A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Traditionally, software security has been treated as an afterthought leading to a cycle of ‘penetrate and patch.’ Due to its criticality, security should be integrated as a(More)
Formal specification and verification of security has proven a challenging task. There is no single method that has proven feasible. Instead, an integrated approach which combines several formal techniques can increase the confidence in the verification of software security properties. Such an approach which specifies security properties in a library that(More)
Traditionally, security is viewed as an organizational and Information Technology (IT) systems function comprising of firewalls, intrusion detection systems (IDS), system security settings and patches to the operating system (OS) and applications running on it. Until recently, little thought has been given to the importance of security as a formal approach(More)
This paper discusses new joint work by the California Institute of Technology’s Jet Propulsion Laboratory and the University of California at Davis sponsored by the National Aeronautics and Space Administration to develop a security assessment instrument for the sojiware development and maintenance life cycle. The assessment instrument is a collection of(More)
This paper discusses joint work by the California Institute of Technology's Jet Propulsion Laboratov and the University of Califorriia at Davis (UC Davis) sponsored by the National Aeronautics and Space Administration to develop a security assessment instrument for the software development arid niaititetiatice life cysle. The assessment instrument is a(More)
The network security assessment instrument is a comprehensive set of tools that can be used individually or collectively to ensure the security of network aware software applications and systems. Using the various tools collectively provide a distinct advantage for assuring the security of software and systems. Each tool’s resulting output provides feedback(More)