Title :
Mining Security-Sensitive Operations in Legacy Code Using Concept Analysis
Author :
Ganapathy, Vinod ; King, David ; Jaeger, Trent ; Jha, Somesh
Author_Institution :
Univ. of Wisconsin, Milwaukee, WI
Abstract :
This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive operations performed by a server are characterized by idiomatic resource manipulations, called fingerprints. Candidate fingerprints are automatically mined by clustering resource manipulations using concept analysis. These fingerprints are then used to identify security-sensitive operations performed by the server. Case studies with three real-world servers show that the approach can be used to identify security-sensitive operations with a few hours of manual effort and modest domain knowledge.
Keywords :
authorisation; data mining; pattern clustering; program diagnostics; safety-critical software; software maintenance; authorization policy enforcement; candidate fingerprint; concept analysis; idiomatic resource manipulation; legacy code; pattern clustering; security-sensitive operation mining; static analysis; Access control; Authorization; File servers; Fingerprint recognition; Lattices; Linux; Manuals; Pattern analysis; Resource management; Software systems;
Conference_Titel :
Software Engineering, 2007. ICSE 2007. 29th International Conference on
Conference_Location :
Minneapolis, MN
Print_ISBN :
0-7695-2828-7
DOI :
10.1109/ICSE.2007.54
