Title :
Traceability for the maintenance of secure software
Author :
Yu, Yijun ; Jürjens, Jan ; Mylopoulos, John
Author_Institution :
Dept. of Comput., Open Univ., Milton Keynes
fDate :
Sept. 28 2008-Oct. 4 2008
Abstract :
Traceability links among different software engineering artifacts make explicit how a software system was implemented to accommodate its requirements. For secure and dependable software system development, one must ensure the linked entities are truly traceable to each other and the links are updated to reflect true traceability among changed entities. However, traditional traceability relationships link recovery techniques are not accurate enough. To address this problem, we propose a traceability technique based on refactoring, which is then continuously integrated with other software maintenance activities. Applying our traceability technique to the proven SSL protocol design, we found a significant vulnerability bug in its open-source implementation. The results also demonstrate the level of accuracy and change resilience of our technique that enable reuse of the traceability-related analysis on different implementations.
Keywords :
program debugging; public domain software; software maintenance; SSL protocol design; maintenance traceability; open-source implementation; software engineering artifacts; software security; traceability relationships link recovery techniques; vulnerability bug; Cryptography; Java; Open source software; Protocols; Resilience; Security; Software engineering; Software maintenance; Software systems; Unified modeling language; maintenance; refactoring; security; traceability;
Conference_Titel :
Software Maintenance, 2008. ICSM 2008. IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-2613-3
Electronic_ISBN :
1063-6773
DOI :
10.1109/ICSM.2008.4658078
