Idea: Towards Architecture-Centric Security Analysis of Software

Idea: Towards Architecture-Centric Security Analysis of Software,10.1007/978-3-642-11747-3_6,Karsten Sohr,Bernhard Berger

Idea: Towards Architecture-Centric Security Analysis of Software   (Citations: 2)
BibTex | RIS | RefWorks Download
Static security analysis of software has made great progress over the last years. In particular, this applies to the detection of low- level security bugs such as buer overows, Cross-Site Scripting and SQL injection vulnerabilities. Complementarily to commercial static code re- view tools, we present an approach to the static security analysis which is based upon the software architecture using a reverse engineering tool suite called Bauhaus. This allows one to analyze software on a more ab- stract level, and a more focused analysis is possible, concentrating on software modules regarded as security-critical. In addition, certain secu- rity aws can be detected at the architectural level such as the circum- vention of APIs or incomplete enforcement of access control. We discuss our approach in the context of a business application and Android's Java-based middleware.
Published in 2010.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
Sort by: