Idea: Towards Architecture-Centric Security Analysis of Software

14 years 8 months ago

Download www.informatik.uni-bremen.de

Static security analysis of software has made great progress over the last years. In particular, this applies to the detection of lowlevel security bugs such as buﬀer overﬂows, Cross-Site Scripting and SQL injection vulnerabilities. Complementarily to commercial static code review tools, we present an approach to the static security analysis which is based upon the software architecture using a reverse engineering tool suite called Bauhaus. This allows one to analyze software on a more abstract level, and a more focused analysis is possible, concentrating on software modules regarded as security-critical. In addition, certain security ﬂaws can be detected at the architectural level such as the circumvention of APIs or incomplete enforcement of access control. We discuss our approach in the context of a business application and Android’s Java-based middleware.

Karsten Sohr, Bernhard Berger

Real-time Traffic

Commercial Static Code | ESSOS 2010 | Lowlevel Security Bugs | Software Engineering | Static Security Analysis |

claim paper

Post Info
More Details (n/a)

Added	17 Mar 2010
Updated	17 Mar 2010
Type	Conference
Year	2010
Where	ESSOS
Authors	Karsten Sohr, Bernhard Berger

Comments (0)

Sciweavers

Idea: Towards Architecture-Centric Security Analysis of Software

Commercial Static Code | ESSOS 2010 | Lowlevel Security Bugs | Software Engineering | Static Security Analysis |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers