Sciweavers

COMPSAC
2006
IEEE

An Ontology-Based Approach to Software Comprehension - Reasoning about Security Concerns

14 years 6 months ago
An Ontology-Based Approach to Software Comprehension - Reasoning about Security Concerns
There exists a large variety of techniques to detect and correct software security vulnerabilities at the source code level, including human code reviews, testing, and static analysis. In this article, we present a static analysis approach that supports both the identification of security flaws and the reasoning about security concerns. We introduce an ontology-based program representation that lets security experts and programmers specify their security concerns as part of the ontology. Within our tool implementation, we support complex queries on the underlying program model using either predefined or user-defined concepts and relations. Queries regarding security concerns, such as exception handling, object accessibility etc. are demonstrated in order to show the applicability and flexibility of our approach.
Yonggang Zhang, Juergen Rilling, Volker Haarslev
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where COMPSAC
Authors Yonggang Zhang, Juergen Rilling, Volker Haarslev
Comments (0)