Abstract runtime structure for reasoning about security: poster
暂无分享,去创建一个
We propose an interactive approach where analysts reason about the security of a system using an abstraction of its runtime structure, as opposed to looking at the code. They interactively refine a hierarchical object graph, set security properties on abstract objects or edges, query the graph, and investigate the results by studying highlighted objects or edges or tracing to the code. Behind the scenes, an inference analysis and an extraction analysis maintain the soundness of the graph with respect to the code.
[1] Robert C. Seacord,et al. The Cert Oracle Secure Coding Standard for Java , 2011 .
[2] Craig Chambers,et al. Ownership Domains: Separating Aliasing Policy from Mechanism , 2004, ECOOP.
[3] Radu Vanciu,et al. Finding architectural flaws using constraints , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).
[4] Marwan Abi-Antoun,et al. Static extraction and conformance analysis of hierarchical runtime architectural structure using annotations , 2009, OOPSLA '09.