Title :
An Ontology-Based Approach to Software Comprehension - Reasoning about Security Concerns
Author :
Zhang, Yonggang ; Rilling, Juergen ; Haarslev, Volker
Author_Institution :
Comput. Sci. & Software Eng., Concordia Univ., Montreal, Que.
Abstract :
There exists a large variety of techniques to detect and correct software security vulnerabilities at the source code level, including human code reviews, testing, and static analysis. In this article, we present a static analysis approach that supports both the identification of security flaws and the reasoning about security concerns. We introduce an ontology-based program representation that lets security experts and programmers specify their security concerns as part of the ontology. Within our tool implementation, we support complex queries on the underlying program model using either predefined or user-defined concepts and relations. Queries regarding security concerns, such as exception handling, object accessibility etc. are demonstrated in order to show the applicability and flexibility of our approach
Keywords :
ontologies (artificial intelligence); program diagnostics; security of data; software engineering; ontology-based program representation; security flaw identification; software comprehension; software security; source code level; static analysis; Application software; Cognitive science; Computer security; Manuals; Ontologies; Programming profession; Software maintenance; Software systems; Software tools; Switches;
Conference_Titel :
Computer Software and Applications Conference, 2006. COMPSAC '06. 30th Annual International
Conference_Location :
Chicago, IL
Print_ISBN :
0-7695-2655-1
DOI :
10.1109/COMPSAC.2006.27
