메뉴 건너뛰기




Volumn , Issue , 2008, Pages 12-21

Securing java code: Heuristics and an evaluation of static analysis tools

Author keywords

Design principles; Secure code; Static analysis; Taxonomy

Indexed keywords

DESIGN PRINCIPLES; JAVA CODES; SECURE CODE; SECURE CODING;

EID: 57449101131     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1394504.1394506     Document Type: Conference Paper
Times cited : (19)

References (35)
  • 1
    • 0034174059 scopus 로고    scopus 로고
    • Coping with Java Programming Stress
    • April
    • R. Alexander, J. Bieman, and J. Viega, "Coping with Java Programming Stress," IEEE Computer, vol. 33, no. 4, pp. 30-38, April 2000.
    • (2000) IEEE Computer , vol.33 , Issue.4 , pp. 30-38
    • Alexander, R.1    Bieman, J.2    Viega, J.3
  • 3
    • 84863931706 scopus 로고    scopus 로고
    • Reluctance to Trust
    • Cigital Inc, Online, Available:, Accessed: January 17, 2008
    • S. Barnum and M Gegick, "Reluctance to Trust," Build Security In: Setting a Higher Standard for Software Assurance, Cigital Inc., 2005. [Online]. Available: https://buildsecurityin.us-cert.gov/daisy/bsi/articles/ knowledge/principles/355.html. [Accessed: January 17, 2008].
    • (2005) Build Security In: Setting a Higher Standard for Software Assurance
    • Barnum, S.1    Gegick, M.2
  • 4
    • 33845521537 scopus 로고    scopus 로고
    • Naval Postgraduate School: Monterey, California, Tech Rep. NPS-CS-05-010, September, Available:, Accessed: Sept. 5, 2007
    • T. V. Benzel, C. E. Irvine, T. E. Levin, G. Bhaskara, and P. C. Nguyen, "Design Principles for Security," Naval Postgraduate School: Monterey, California, Tech Rep. NPS-CS-05-010, September 2005. Available: http://handle.dtic.mil/100.2/ADA437854. [Accessed: Sept. 5, 2007].
    • (2005) Design Principles for Security
    • Benzel, T.V.1    Irvine, C.E.2    Levin, T.E.3    Bhaskara, G.4    Nguyen, P.C.5
  • 6
    • 57449110087 scopus 로고    scopus 로고
    • Online, Available:, Accessed: March 1, 2008
    • O. Burn, "Checkstyle 4.4," [Online]. Available: http://checkstyle.sourceforge.net. [Accessed: March 1, 2008].
    • Checkstyle 4.4
    • Burn, O.1
  • 7
    • 84939437331 scopus 로고    scopus 로고
    • CERT, Software Engineering Institute: Carnegie Mellon, Online, Available:, Accessed: February, 16, 2008
    • CERT, "Secure Coding," Software Engineering Institute: Carnegie Mellon, [Online]. Available: https://www.cert.org/secure-coding. [Accessed: February, 16, 2008].
    • Secure Coding
  • 9
    • 57449104988 scopus 로고    scopus 로고
    • CLASP, Comprehensive Lightweight Application Security Process, Secure Software, Inc, Version 2.0, 2006, Online, Available:, Accessed December 5, 2007
    • CLASP, "Comprehensive Lightweight Application Security Process," Secure Software, Inc., Version 2.0, 2006. [Online]. Available: http://searchsoftwarequality.techtarget.com/searchAppSecurit y/downloads/clasp-v20.pdf. [Accessed December 5, 2007].
  • 10
    • 57449090788 scopus 로고    scopus 로고
    • Fortify Source Code Analysis (SCA)
    • Fortify Software Inc, Online, Available
    • Fortify Software Inc., "Fortify Source Code Analysis (SCA)," Fortify Software Inc. [Online]. Available: http://www.fortify.com/ products/sca.
    • Fortify Software Inc
  • 11
    • 57449120801 scopus 로고    scopus 로고
    • Introduction to Software Engineering Design:, Boston, MA: Addison-Wesley
    • C. Fox, Introduction to Software Engineering Design: Processes, Principles, and Patterns with UML2. Boston, MA: Addison-Wesley, 2006.
    • (2006) Processes, Principles, and Patterns with UML2
    • Fox, C.1
  • 14
    • 14544301479 scopus 로고    scopus 로고
    • Finding Bugs is Easy
    • December
    • D. Hovemeyer and W. Pugh, "Finding Bugs is Easy," in SIGPLAN Notices, vol. 39, no. 12, December 2004, pp. 92-206.
    • (2004) SIGPLAN Notices , vol.39 , Issue.12 , pp. 92-206
    • Hovemeyer, D.1    Pugh, W.2
  • 15
    • 0010729284 scopus 로고    scopus 로고
    • 2nd ed. Redmond, Washington: Microsoft Press
    • M. Howard and D. Lipner, Writing Secure Code, 2nd ed. Redmond, Washington: Microsoft Press, 2003.
    • (2003) Writing Secure Code
    • Howard, M.1    Lipner, D.2
  • 16
    • 57449119986 scopus 로고    scopus 로고
    • Online, Available
    • InfoEther, "PMD," [Online]. Available: http://pmd.sourceforge. net.
    • PMD
    • InfoEther1
  • 17
    • 57449093681 scopus 로고    scopus 로고
    • Online, Available
    • Jlint, "About Jlint," [Online]. Available: http://jlint. sourceforge.net.
    • About Jlint
  • 18
    • 39449084957 scopus 로고    scopus 로고
    • Java Insecurity: Accounting for Subtleties That Can Compromise Code
    • January/February
    • C. Lai, "Java Insecurity: Accounting for Subtleties That Can Compromise Code," IEEE Software, vol. 25, no. 1, pp. 13-19, January/February 2008.
    • (2008) IEEE Software , vol.25 , Issue.1 , pp. 13-19
    • Lai, C.1
  • 20
    • 84906987800 scopus 로고    scopus 로고
    • National Institute of Standards and Technology, Online, Available:, Accessed: February 5, 2008
    • National Institute of Standards and Technology, "SAMATE: Software Assurance Metrics and Tool Evaluation," National Institute of Standards and Technology. [Online]. Available: http://samate.nist.gov. [Accessed: February 5, 2008],
    • SAMATE: Software Assurance Metrics and Tool Evaluation
  • 21
    • 0015482049 scopus 로고
    • On the Criteria To Be Used in Decomposing Systems into Modules
    • D. L. Parnas, "On the Criteria To Be Used in Decomposing Systems into Modules," in Communications of the ACM, vol. 15, no. 12, 1972, pp. 1053-1058.
    • (1972) Communications of the ACM , vol.15 , Issue.12 , pp. 1053-1058
    • Parnas, D.L.1
  • 23
    • 57449098756 scopus 로고    scopus 로고
    • S. Redwine, Jr., Ed., Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software, Workforce Education and Training Working Group, U.S. Department of Homeland Security, Draft Version 1.1, September 2006.
    • S. Redwine, Jr., Ed., Software Assurance: A Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software, Workforce Education and Training Working Group, U.S. Department of Homeland Security, Draft Version 1.1, September 2006.
  • 24
    • 57449096876 scopus 로고    scopus 로고
    • S. Redwine Jr., Towards an Organization for Software System Security Principles and Guidelines, Institute for Infrastructure and Information Assurance, James Madison University: Harrisonburg, VA, Tech. Rep. 08-01, Version 1.0, February 2008.
    • S. Redwine Jr., "Towards an Organization for Software System Security Principles and Guidelines," Institute for Infrastructure and Information Assurance, James Madison University: Harrisonburg, VA, Tech. Rep. 08-01, Version 1.0, February 2008.
  • 26
    • 0016555241 scopus 로고
    • The Protection of Information in Computer Systems
    • Available
    • M. D. Schroeder, and J. H. Saltzer, "The Protection of Information in Computer Systems," in Proceedings of the IEEE, vol. 63, no. 9, 1975, pp. 1278-1308. Available: http://web.mit.edu/Saltzer/www/publications/protection.
    • (1975) Proceedings of the IEEE , vol.63 , Issue.9 , pp. 1278-1308
    • Schroeder, M.D.1    Saltzer, J.H.2
  • 27
    • 57449109222 scopus 로고    scopus 로고
    • Secure Coding Standards
    • NIST Special Publication 500-262, July, Available
    • R. Seacord, "Secure Coding Standards," in Proceedings of the Static Analysis Summit, NIST Special Publication 500-262, July 2006. Available: http://samate.nist.gov/docs/NIST-Special-Publication-500-262.pdf.
    • (2006) Proceedings of the Static Analysis Summit
    • Seacord, R.1
  • 28
    • 57449114642 scopus 로고    scopus 로고
    • Sun Microsystems, Inc., Secure Coding Guidelines for the Java Programming Language, version 2.0, Sun Microsystems, Inc. [Online]. Available: http://java.sun.com/security/seccodeguide.html, [Accessed: Aug. 30, 2007].
    • Sun Microsystems, Inc., "Secure Coding Guidelines for the Java Programming Language, version 2.0," Sun Microsystems, Inc. [Online]. Available: http://java.sun.com/security/seccodeguide.html, [Accessed: Aug. 30, 2007].
  • 29
    • 57449114256 scopus 로고    scopus 로고
    • Common Weaknesses Enumeration: A Community-Developed Dictionary of Software Weakness Types
    • The MITRE Corporation, The MITRE Corporation, Online, Available:, Accessed: October 28, 2007
    • The MITRE Corporation, "Common Weaknesses Enumeration: A Community-Developed Dictionary of Software Weakness Types," Draft 7, The MITRE Corporation, 2007. [Online]. Available: http://cwe.mitre.org. [Accessed: October 28, 2007].
    • (2007) Draft , vol.7
  • 31
    • 57449095278 scopus 로고    scopus 로고
    • utils.com, Lint4j, [Online]. Available: http://www.jutils. com.
    • utils.com, "Lint4j," [Online]. Available: http://www.jutils. com.
  • 35
    • 57449101188 scopus 로고    scopus 로고
    • Writing secure Java code: Taxonomy of heuristics and an evaluation of static analysis tools,
    • M.S. Thesis, James Madison University, Available
    • M. S. Ware, "Writing secure Java code: taxonomy of heuristics and an evaluation of static analysis tools," M.S. Thesis, James Madison University, 2008. Available: http://peregrin.jmu.edu/-warems.
    • (2008)
    • Ware, M.S.1


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.