Modeling and Visualizing Security Properties of Code using Dependence Graphs
2005 (English)Conference paper (Other academic)
In this paper we discuss the problem of modeling security properties, including what we call the dual modeling problem, and ranking of potential vulnerabilities. The discussion is based on the results of a brief survey of eight existing static analysis tools and our own experience. We propose dependence graphs decorated with type and range information as a generic way of modeling security properties of code. These models can be used to characterize both good and bad programming practice as shown by our examples. They can also be used to visually explain code properties to the programmer. Finally, they can be used for pattern matching in static security analysis of code.
Place, publisher, year, edition, pages
Security properties; dependence graphs; static analysis
IdentifiersURN: urn:nbn:se:liu:diva-90027OAI: oai:DiVA.org:liu-90027DiVA: diva2:611273
Fifth Conference on Software Engineering Research and Practice in Sweden, October 2o-21, 2005, Västerås, Sweden