An Ontology-Based Approach to Software Comprehension - Reasoning about Security Concerns

14 years 5 months ago

Download users.encs.concordia.ca

There exists a large variety of techniques to detect and correct software security vulnerabilities at the source code level, including human code reviews, testing, and static analysis. In this article, we present a static analysis approach that supports both the identification of security flaws and the reasoning about security concerns. We introduce an ontology-based program representation that lets security experts and programmers specify their security concerns as part of the ontology. Within our tool implementation, we support complex queries on the underlying program model using either predefined or user-defined concepts and relations. Queries regarding security concerns, such as exception handling, object accessibility etc. are demonstrated in order to show the applicability and flexibility of our approach.

Yonggang Zhang, Juergen Rilling, Volker Haarslev

Real-time Traffic

COMPSAC 2006 | Security Concerns | Software Engineering | Software Security Vulnerabilities | Static Analysis |

claim paper

Post Info
More Details (n/a)

Added	10 Jun 2010
Updated	10 Jun 2010
Type	Conference
Year	2006
Where	COMPSAC
Authors	Yonggang Zhang, Juergen Rilling, Volker Haarslev

Comments (0)

Sciweavers

An Ontology-Based Approach to Software Comprehension - Reasoning about Security Concerns

COMPSAC 2006 | Security Concerns | Software Engineering | Software Security Vulnerabilities | Static Analysis |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers