An Ontology-Based Approach to Software Comprehension - Reasoning about Security Concerns

Author

Zhang, Yonggang ; Rilling, Juergen ; Haarslev, Volker

Author_Institution

Comput. Sci. & Software Eng., Concordia Univ., Montreal, Que.

Volume

1

fYear

2006

fDate

17-21 Sept. 2006

Firstpage

333

Lastpage

342

Abstract

There exists a large variety of techniques to detect and correct software security vulnerabilities at the source code level, including human code reviews, testing, and static analysis. In this article, we present a static analysis approach that supports both the identification of security flaws and the reasoning about security concerns. We introduce an ontology-based program representation that lets security experts and programmers specify their security concerns as part of the ontology. Within our tool implementation, we support complex queries on the underlying program model using either predefined or user-defined concepts and relations. Queries regarding security concerns, such as exception handling, object accessibility etc. are demonstrated in order to show the applicability and flexibility of our approach

Keywords

ontologies (artificial intelligence); program diagnostics; security of data; software engineering; ontology-based program representation; security flaw identification; software comprehension; software security; source code level; static analysis; Application software; Cognitive science; Computer security; Manuals; Ontologies; Programming profession; Software maintenance; Software systems; Software tools; Switches;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Software and Applications Conference, 2006. COMPSAC '06. 30th Annual International

Conference_Location

Chicago, IL

ISSN

0730-3157

Print_ISBN

0-7695-2655-1

Type

conf

DOI

10.1109/COMPSAC.2006.27

Filename

4020094