Mining security-sensitive operations in legacy code using concept analysis

Vinod Ganapathy; David King; Trent Jaeger; Somesh Jha

doi:10.1109/ICSE.2007.54

Mining security-sensitive operations in legacy code using concept analysis

Vinod Ganapathy, David King, Trent Jaeger, Somesh Jha

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

32 Scopus citations

Abstract

This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive operations performed by a server are characterized by idiomatic resource manipulations, called fingerprints. Candidate fingerprints are automatically mined by clustering resource manipulations using concept analysis. These fingerprints are then used to identify security-sensitive operations performed by the server. Case studies with three real-world servers show that the approach can be used to identify security-sensitive operations with a few hours of manual effort and modest domain knowledge.

Original language	English (US)
Title of host publication	Proceedings - 29th International Conference on Software Engineering, ICSE 2007
Pages	458-467
Number of pages	10
DOIs	https://doi.org/10.1109/ICSE.2007.54
State	Published - 2007
Event	29th International Conference on Software Engineering, ICSE 2007 - Minneapolis, MN, United States Duration: May 20 2007 → May 26 2007

Publication series

Name	Proceedings - International Conference on Software Engineering
ISSN (Print)	0270-5257

Other

Other	29th International Conference on Software Engineering, ICSE 2007
Country/Territory	United States
City	Minneapolis, MN
Period	5/20/07 → 5/26/07

All Science Journal Classification (ASJC) codes

Software

Access to Document

10.1109/ICSE.2007.54

Cite this

@inproceedings{3ce35c3d06414afda0fdc3716b246dd6,

title = "Mining security-sensitive operations in legacy code using concept analysis",

abstract = "This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive operations performed by a server are characterized by idiomatic resource manipulations, called fingerprints. Candidate fingerprints are automatically mined by clustering resource manipulations using concept analysis. These fingerprints are then used to identify security-sensitive operations performed by the server. Case studies with three real-world servers show that the approach can be used to identify security-sensitive operations with a few hours of manual effort and modest domain knowledge.",

author = "Vinod Ganapathy and David King and Trent Jaeger and Somesh Jha",

year = "2007",

doi = "10.1109/ICSE.2007.54",

language = "English (US)",

isbn = "0769528287",

series = "Proceedings - International Conference on Software Engineering",

pages = "458--467",

booktitle = "Proceedings - 29th International Conference on Software Engineering, ICSE 2007",

note = "29th International Conference on Software Engineering, ICSE 2007 ; Conference date: 20-05-2007 Through 26-05-2007",

}

Ganapathy, V, King, D, Jaeger, T & Jha, S 2007, Mining security-sensitive operations in legacy code using concept analysis. in Proceedings - 29th International Conference on Software Engineering, ICSE 2007., 4222607, Proceedings - International Conference on Software Engineering, pp. 458-467, 29th International Conference on Software Engineering, ICSE 2007, Minneapolis, MN, United States, 5/20/07. https://doi.org/10.1109/ICSE.2007.54

Mining security-sensitive operations in legacy code using concept analysis. / Ganapathy, Vinod; King, David; Jaeger, Trent et al.
Proceedings - 29th International Conference on Software Engineering, ICSE 2007. 2007. p. 458-467 4222607 (Proceedings - International Conference on Software Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Mining security-sensitive operations in legacy code using concept analysis

AU - Ganapathy, Vinod

AU - King, David

AU - Jaeger, Trent

AU - Jha, Somesh

PY - 2007

Y1 - 2007

N2 - This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive operations performed by a server are characterized by idiomatic resource manipulations, called fingerprints. Candidate fingerprints are automatically mined by clustering resource manipulations using concept analysis. These fingerprints are then used to identify security-sensitive operations performed by the server. Case studies with three real-world servers show that the approach can be used to identify security-sensitive operations with a few hours of manual effort and modest domain knowledge.

AB - This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive operations performed by a server are characterized by idiomatic resource manipulations, called fingerprints. Candidate fingerprints are automatically mined by clustering resource manipulations using concept analysis. These fingerprints are then used to identify security-sensitive operations performed by the server. Case studies with three real-world servers show that the approach can be used to identify security-sensitive operations with a few hours of manual effort and modest domain knowledge.

UR - http://www.scopus.com/inward/record.url?scp=34548734722&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34548734722&partnerID=8YFLogxK

U2 - 10.1109/ICSE.2007.54

DO - 10.1109/ICSE.2007.54

M3 - Conference contribution

AN - SCOPUS:34548734722

SN - 0769528287

SN - 9780769528281

T3 - Proceedings - International Conference on Software Engineering

SP - 458

EP - 467

BT - Proceedings - 29th International Conference on Software Engineering, ICSE 2007

T2 - 29th International Conference on Software Engineering, ICSE 2007

Y2 - 20 May 2007 through 26 May 2007

ER -

Mining security-sensitive operations in legacy code using concept analysis

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this