Mining security-sensitive operations in legacy code using concept analysis

Proceedings - International Conference on Software Engineering

Volumn , Issue , 2007, Pages 458-467

  Ganapathy, Vinod ^a   King, David ^b   Jaeger, Trent ^b   Jha, Somesh ^a  

^a UNIVERSITY OF WISCONSIN   (United States)

^b PENNSYLVANIA STATE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CLUSTER ANALYSIS; CODES (SYMBOLS); LEGACY SYSTEMS; SECURITY OF DATA; SERVERS; STATISTICAL METHODS;

CONCEPT ANALYSIS; RESOURCE MANIPULATIONS; SECURITY SENSITIVE OPERATIONS;

DATA MINING;

EID: 34548734722     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSE.2007.54     Document Type: Conference Paper

References (32)

1. http://www.cs.wise.edu/~vg/papers/icse2007.
2. PennMUSH multi-user dungeon, http://pennmush.org.
3. G. Ammons, D. Mandelin, R. Bodik, and J. R. Larus. Debugging temporal specifications with concept analysis. In PLDI, 2003.
4. J. P. Anderson. Computer security technology planning study, volume II. Technical Report ESD-TR-73-51, Deputy for Command & Mgmt. Systems, Bedford, MA, 1972.
5. Aspect-oriented software development glossary. http://aosd.net/wiki/ index.php?title=Glossary.
6. L. Bauer, J. Ligatti, and D. Walker. Composing security policies with Polymer. In PLDI, 2005.
7. J. Berger, J. Picciotto, J. Woodward, and P. Cummings. Compartmented mode workstation: Prototype highlights. IEEE TSE, 16(6), 1990.
8. M. Ceccato, M. Marin, K. Mens, L. Moonen, P. Tonella, and T. Tourwe. A quantitative comparison of three aspect mining techniques. In 13th Wkshp. Prog. Comprehension, 2005.
9. T. Eisenbarth, R. Koschke, and D. Simon. Locating features in source code. IEEE TSE, 29(3), 2003.
10. J. Epstein, J. McHugh, H. Orman, R. Pascale, A.-M. Squires, B. Danner, C. Martin, M. Branstad, G. Benson, and D. Rothnie. A high assurance window system prototype. Jour. Computer Security, 2(2-3), 1993.
11. U. Erlingsson. The Mined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Cornell, 2004.
12. D. Evans and A. Twyman. Flexible policy-directed code safety. In IEEE Symp. on Security Sr Privacy, 1999.
13. B. Fletcher. Case study: Open source and commercial applications in a Java-based SELinux cross-domain solution. In 2nd Security-enhanced Linux Symp., 2006.
14. V. Ganapathy, T. Jaeger, and S. Jha. Automatic placement of authorization hooks in the Linux security modules framework. In ACM Conf. Comp. Sr Comm. Security, 2005.
15. V. Ganapathy, T. Jaeger, and S. Jha. Retrofitting legacy code for authorization policy enforcement. In IEEE Symp. on Security & Privacy, 2006.
16. R. Godin, R. Missaoui, and H. Alaoui. Incremental concept formation algorithms based on Galois (concept) lattices. Computational Intelligence, 11(2), 1995.
17. M. Hocking, K. Macmillan, and D. Shankar. Case study: Enhancing IBM Websphere with SELinux. In 2nd Security-enhanced Linux Symp., 2006.
18. T. Jaeger, A. Edwards, and X. Zhang. Consistency analysis of authorization hook placement in the Linux security modules framework. ACM TISSEC, 7(2), 2004.
19. G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin. Aspect-oriented programming. In ECOOP, 1997.
20. D. Kilpatrick, W. Salamon, and C. Vance. Securing the X Window system with SELinux. Technical Report 03-006, NAI Labs, 2003.
21. C. Lindig and G. Snelting. Assesing modular structure of legacy code based on mathematical concept analysis. In ICSE, 1997.
22. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In USENIX Annual Technical Conf. (FREENIX), 2001.
23. G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Conf. Compiler Construction, 2002.
24. M. Siff. Techniques for Software Renovation. PhD thesis, University of Wisconsin-Madison, 1998.
25. G. Snelting and F. Tip. Reengineering class hierarchies using concept analysis. In ACM SIGSOFT FSE, 1998.
26. P. Tonella and M. Ceccato. Aspect mining through the formal concept analysis of execution traces. In 11th Conf. on Reverse Engineering, 2004.
27. T. Tourwe and K. Mens. Mining aspectual views using formal concept analysis. In 4th Wkshp. on Source code Analysis Sr Manipulation, 2004.
28. A. van Duersen and T. Kuipers. Identifying objects using cluster and concept analysis. In ICSE, 1999.
29. R. Wille. Restructuring lattice theory: An approach based on hierarchies of concepts. Ordered Sets, 1982.
30. C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux security modules: General security support for the Linux kernel. In USENIX Security Symp., 2002.
31. The X11 Server, version X11R6.8 (X.OrgFoundation).
32. X. Zhang, A. Edwards, and T. Jaeger. Using CQUAL for static analysis of authorization hook placement. In USENIX Security Symp., 2002.