Software Security: A Formal Perspective
Security depends not only on the properties of security models and designs but also on implementation details. Flaws, at any level, can result in vulnerabilities that attackers may be able to exploit. Weaknesses in software security have been numerous, some-times startling, and often serious. Many of them stem from apparently small low-level errors (e.g., buffer over flows). Ideally, those errors should be avoided by design, or at least fixed after the fact. In practice, on the other hand, the authors may have to tolerate some vulnerabilities, with appropriate models, architectures, and tools.