srcSlice: very efficient and scalable forward static slicing

A highly efficient lightweight forward static slicing approach is presented and evaluated. The approach does not compute the program/system dependence graph but instead dependence and control information is com-puted as needed while computing the slice on a variable. The result is a list of line numbers, dependent vari-ables, aliases, and function calls that are part of the slice for all variables (both local and global) for the entire system. The method is implemented as a tool, called srcSlice, on top of srcML, an XML representation of source code. The approach is highly scalable and can generate the slices for all variables of the Linux kernel in approximately 20min on a typical desktop. Benchmark results are compared with the CodeSurfer slicing tool from GrammaTech Inc., and the approach compares well with regard to accuracy of slices. Copyright

Reverse-Engineering and Analysis of Access Control Models in Web Applications

RÉSUMÉ De nos jours, les applications Web sont omniprésentes et gèrent des quantités toujours plus importantes de données confidentielles. Afin de protéger ces données contre les attaques d'usagers mal intentionnés, des mécanismes de sécurité doivent être mis en place. Toutefois, sécuriser un logiciel est une tâche extrêmement ardue puisqu'une seule brèche est souvent suffisante pour compromettre la sécurité d'un système tout entier. Il n'est donc pas surprenant de constater que jour après jour les nouvelles font état de cyber attaques et de fuites de données confidentielles dans les systèmes informatiques. Afin de donner au lecteur une vague idée de l'ampleur du problème, considérons que différents organismes spécialisés en sécurité informatique rapportent qu'entre 85% et 98% des sites Web contiennent au moins une vulnérabilité sérieuse. Dans le cadre de cette thèse, nous nous concentrerons sur un aspect particulier de la sécurité logicielle, à savoir les modèles de contrôle d'accès. Les modèles de contrôle d'accès définissent les actions qu'un usager peut et ne peut pas faire dans un système. Malheureusement, années après années, les failles dans les modèles de contrôle d'accès trônent au sommet des palmarès des failles les plus communes et les plus critiques dans les applications Web. Toutefois, contrairement à d'autres types de faille de sécurité comme les injections SQL (SQLi) et le cross-site scripting (XSS), les failles de contrôle d'accès ont comparativement reçu peu d'attention de la communauté de recherche scientifique. Par ce travail de recherche, nous espérons renverser cette tendance. Bien que la sécurité des applications et les modèles de contrôle d'accès constituent les principaux thèmes sous-jacents de cette thèse, notre travail de recherche est aussi fortement teinté par le génie logiciel. Vous observerez en effet que notre travail s'applique toujours à des applications réelles et que les approches que nous développons sont toujours construites de manière à minimiser le fardeau de travail supplémentaire pour les développeurs. En d'autres mots, cette thèse porte sur la sécurité des applications en pratique. Dans le contexte de cette thèse, nous aborderons l'imposant défi d'investiguer des modèles de contrôle d'accès non spécifiés et souvent non documentés, tels que rencontrés dans les applications Web en code ouvert. En effet, les failles de contrôle d'accès se manifestent lorsqu'un usager est en mesure de faire des actions qu'il ne devrait pas pouvoir faire ou d'accéder à des données auxquelles il ne devrait pas avoir accès. En absence de spécifications de sécurité, déterminer qui devrait avoir les autorisations pour effectuer certaines actions ou accéder à certaines données n'est pas simple. Afin de surmonter ce défi, nous avons d'abord développé une nouvelle approche, appelée analyse de Traversement de Patrons de Sécurité (TPS), afin de faire la rétro-ingénierie de modèles de contrôle d'accès à partir du code source d'applications Web et ce, d'une manière rapide, précise et évolutive. Les résultats de l'analyse TPS donnent un portrait du modèle de contrôle d'accès tel qu'implémenté dans une application et servent de point de départ à des analyses plus poussées. Par exemple, les applications Web réelles comprennent souvent des centaines de privilèges qui protègent plusieurs centaines de fonctions et modules différents. En conséquence, les modèles de contrôle d'accès, tel qu'extraits par l'analyse TPS, peuvent être difficiles à interpréter du point de vue du développeur, principalement à cause de leurs taille. Afin de surmonter cette limitation, nous avons exploré comment l'analyse formelle de concepts peut faciliter la compréhension des modèles extraits en fournissant un support visuel ainsi qu'un cadre formel de raisonnement. Les résultats ont en effet démontrés que l'analyse formelle de concepts permet de mettre en lumière plusieurs propriétés des modèles de contrôle d'accès qui sont enfouies profondément dans le code des applications, qui sont invisibles aux administrateurs et aux développeurs, et qui peuvent causer des incompréhensions et des failles de sécurité. Au fil de nos investigations et de nos observations de plusieurs modèles de contrôle d'accès, nous avons aussi identifié des patrons récurrents, problématiques et indépendants des applications qui mènent à des failles de contrôle d'accès. La seconde partie de cette thèse présente les approches que nous avons développées afin de tirer profit des résultats de l'analyse TPS pour identifier automatiquement plusieurs types de failles de contrôle d'accès communes comme les vulnérabilités de navigation forcée, les erreurs sémantiques et les failles basées sur les clones à protection incohérentes. Chacune de ces approches interprète en effet les résultats de l'analyse TPS sous des angles différents afin d'identifier différents types de vulnérabilités dans les modèles de contrôle d'accès. Les vulnérabilités de navigation forcée se produisent lorsque des ressources sensibles ne sont pas adéquatement protégées contre les accès direct à leur URL. En utilisant les résultats de l'analyse TPS, nous avons montré comment nous sommes en mesure de détecter ces vulnérabilités de manière précise et très rapide (jusqu'à 890 fois plus rapidement que l'état de l'art). Les erreurs sémantiques se produisent quand des ressources sensibles sont protégées par des privilèges qui sont sémantiquement incorrects. Afin d'illustrer notre propos, dans le contexte d'une application Web, protéger l'accès à des ressources administratives avec un privilège destiné à restreindre le téléversement de fichiers est un exemple d'erreur sémantique. À notre connaissance, nous avons été les premiers à nous attaquer à ce problème et à identifier avec succès des erreurs sémantiques dans des modèles de contrôle d'accès. Nous avons obtenu de tels résultats en interprétant les résultats de l'analyse TPS à la lumière d'une technique de traitement de la langue naturelle appelée Latent Dirichlet Allocation. Finalement, en investiguant les résultats de l'analyse TPS à la lumière des informations fournies par une analyse de clones logiciels, nous avons été en mesure d'identifier davantage de nouvelles failles de contrôle d'accès. En résumé, nous avons exploré l'intuition selon laquelle il est attendu que les clones logiciels, qui sont des blocs de code syntaxiquement similaires, effectuent des opérations similaires dans un système et, conséquemment, qu'ils soient protégés de manière similaire. En investiguant les clones qui ne sont pas protégés de manière similaire, nous avons effectivement été en mesure de détecter et rapporter plusieurs nouvelles failles de sécurité dans les systèmes étudiés. En dépit des progrès significatifs que nous avons accomplis dans cette thèse, la recherche sur les modèles de contrôle d'accès et les failles de contrôle d'accès, spécialement d'un point de vue pratique n'en est encore qu'à ses débuts. D'un point de vue de génie logiciel, il reste encore beaucoup de travail à accomplir en ce qui concerne l'extraction, la modélisation, la compréhension et les tests de modèles de contrôle d'accès. Tout au long de cette thèse, nous discuterons comment les travaux présentés peuvent soutenir ces activités et suggérerons plusieurs avenues de recherche à explorer.----------ABSTRACT Nowadays, Web applications are ubiquitous and deal with increasingly large amounts of confidential data. In order to protect these data from malicious users, security mechanisms must be put in place. Securing software, however, is an extremely difficult task since a single breach is often sufficient to compromise the security of a system. Therefore, it is not surprising that day after day, we hear about cyberattacks and confidential data leaks in the news. To give the reader an idea, various reports suggest that between 85% and 98% of websites contain at least one serious vulnerability. In this thesis, we focus on one particular aspect of software security that is access control models. Access control models are critical security components that define the actions a user can and cannot do in a system. Year after year, several security organizations report access control flaws among the most prevalent and critical flaws in Web applications. However, contrary to other types of security flaws such as SQL injection (SQLi) and cross-site scripting (XSS), access control flaws comparatively received little attention from the research community. This research work attempts to reverse this trend. While application security and access control models are the main underlying themes of this thesis, our research work is also strongly anchored in software engineering. You will observe that our work is always based on real-world Web applications and that the approaches we developed are always built in such a way as to minimize the amount of work on that is required from developers. In other words, this thesis is about practical software security. In the context of this thesis, we tackle the highly challenging problem of investigating unspecified and often undocumented access control models in open source Web applications. Indeed, access control flaws occur when some user is able to perform operations he should not be able to do or access data he should be denied access to. In the absence of security specifications, determining who should have the authorization to perform specific operations or access specific data is not straightforward. In order to overcome this challenge, we first developed a novel approach, called the Security Pattern Traversal (SPT) analysis, to reverse-engineer access control models from the source code of applications in a fast, precise and scalable manner. Results from SPT analysis give a portrait of the access control model as implemented in an application and serve as a baseline for further analyzes. For example, real-world Web application, often define several hundred privileges that protect hundreds of different functions and modules. As a consequence, access control models, as reverse-engineered by SPT analysis, can be difficult to interpret from a developer point of view, due to their size. In order to provide better support to developers, we explored how Formal Concept Analysis (FCA) could facilitate comprehension by providing visual support as well as automated reasoning about the extracted access control models. Results indeed revealed how FCA could highlight properties about implemented access control models that are buried deep into the source code of applications, that are invisible to administrators and developers, and that can cause misunderstandings and vulnerabilities. Through investigation and observation of several Web applications, we also identified recurring and cross-application error-prone patterns in access control models. The second half of this thesis presents the approaches we developed to leverage SPT results to automatically capture these patterns that lead to access control flaws such as forced browsing vulnerabilities, semantic errors and security-discordant clone based errors. Each of these approaches interpret SPT analysis results from different angles to identify different kinds of access control flaws in Web applications. Forced browsing vulnerabilities occur when security-sensitive resources are not protected against direct access to their URL. Using results from SPT, we showed how we can detect such vulnerabilities in a precise and very fast (up to 890 times faster than state of the art) way. Semantic errors occur when security-sensitive resources are protected by semantically wrong privileges. To give the reader an idea, in the context of a Web application, protecting access to administrative resources with a privilege that is designed to restrict file uploads is an example of semantic error. To our knowledge, we were the first to tackle this problem and to successfully detect semantic errors in access control models. We achieved such results by interpreting results from SPT in the light of a natural language processing technique called Latent Dirichlet Allocation. Finally, by investigating SPT results in the light of software clones, we were able to detect yet other novel access control flaws. Simply put, we explored the intuition that code clones, that are blocks of code that are syntactically similar, are expected to perform similar operations in a system and, consequently, be protected by similar privileges. By investigating clones that are protected in different ways, called security-discordant clones, we were able to report several novel access control flaws in the investigated systems. Despite the significant advancements that were made through this thesis, research on access control models and access control flaws, especially from a practical, application-centric point of view, is still in the early stages. From a software engineering perspective, a lot of work remains to be done from the extraction, modelling, understanding and testing perspectives. Throughout this thesis we discuss how the presented work can help in these perspectives and suggest further lines of research

Path-based dynamic impact analysis

Successful software systems evolve over their lifetimes through the cumulative changes made by software maintainers. As software evolves, the problems resulting from software change worsen, exacerbated by increased system size and complexity, lack of program understanding, amount of effort required to make changes, and number of personnel involved. Experience shows that software changes made without visibility into their effects can lead to poor effort estimates, delays in release schedules, degraded software design, unreliable software products, increased costs, and premature retirement of the software system. Software change impact analysis, impact analysis, is a software maintenance technique meant to address these problems, by assessing the effects of changes made to a software system. While impact analysis is frequently cited as a motivation or a potential application for program analysis and software maintenance research, research specific to the task of impact analysis has languished for more than 10 years. In addition, few researchers have examined the empirical factors underlying common impact analysis techniques or the tradeoffs inherent in known techniques, and none have performed empirical studies comparing impact analysis techniques. In this dissertation we introduce a new impact analysis approach, named PathImpact, that addresses a set of tradeoffs not addressed by any current impact analysis approach. Ours is the first fully-dynamic impact analysis approach. PathImpact uses light-weight instrumentation to record program execution at the level of procedure calls and returns, then efficiently builds a compressed representation that can be directly used to estimate change impact. We next extend PathImpact to accomodate system evolution yielding a technique we call EvolveImpact. EvolveImpact updates the impact representation after a system change, whereas PathImpact requires a complete recompution. In addition, we show how our approaches can be extended to a large class of emerging software architectures, including Java component-based systems and large-scale systems. Finally, we discuss the implementation of our approaches, present the first cost models for impact analysis techniques, and report the results of the first empirical studies that compare impact analysis techniques. We also empirically examine the performance of our approaches and the factors affecting the use of our techniques in practice. We found that our approach has linear time and space complexity (in the size of the dynamic information collected) and achieved a mean compression value of 0.955 on the subjects we used in our experiments. Our investigation of program evolution across multiple versions of three of our subject programs showed that, depending on the level of change activity, EvolveImpact can update the impact representation more efficiently than recomputing it in a majority of cases

A strategic turnaround model for distressed properties

The importance of commercial real estate is clearly shown by the role it plays, worldwide, in the sustainability of economic activities, with a substantial global impact when measured in monetary terms. This study responds to an important gap in the built environment and turnaround literature relating to the likelihood of a successful distressed commercial property financial recovery. The present research effort addressed the absence of empirical evidence by identifying a number of important factors that influence the likelihood of a successful distressed, commercial property financial recovery. Once the important factors that increase the likelihood of recovery have been determined, the results can be used as a basis for turnaround strategies concerning property investors who invest in distressed opportunities. A theoretical turnaround model concerning properties in distress, would be of interest to ‘opportunistic investing’ yield-hungry investors targeting real estate transactions involving ‘turnaround’ potential. Against this background, the main research problem investigated in the present research effort was as follows: Determine the important factors that would increase the likelihood of a successful distressed commercial property financial recovery. A proposed theoretical model was constructed and empirically tested through a questionnaire distributed physically and electronically to a sample of real estate practitioners from across the globe, and who had all been involved, directly or indirectly, with reviving distressed properties. An explanation was provided to respondents of how the questionnaire was developed and how it would be administered. The demographic information pertaining to the 391 respondents was analysed and summarised. The statistical analysis performed to ensure the validity and reliability of the results, was explained to respondents, together with a detailed description of the covariance structural equation modelling method used to verify the proposed theoretical conceptual model. vi The independent variables of the present research effort comprised; Obsolescence Identification, Capital Improvements Feasibility, Tenant Mix, Triple Net Leases, Concessions, Property Management, Contracts, Business Analysis, Debt Renegotiation, Cost-Cutting, Market Analysis, Strategic Planning and Demography, while the dependent variable was The Perceived Likelihood of a Distressed Commercial Property Financial Recovery. After analysis of the findings, a revised model was then proposed and assessed. Both validity and reliability were assessed and resulted in the following factors that potentially influence the dependent variables; Strategy, Concessions, Tenant Mix, Debt Restructuring, Demography, Analyse Alternatives, Capital Improvements Feasibility, Property Management and Net Leases while, after analysis, the dependent variable was replaced by two dependent variables; The Likelihood of a Distressed Property Turnaround and The Likelihood of a Distressed Property Financial Recovery. The results showed that Strategy (comprising of items from Strategic Planning, Business Analysis, Obsolescence Identification and Property Management) and Concessions (comprising of items from Concessions and Triple Net Leases) had a positive influence on both the dependent variables. Property Management (comprising of items from Business Analysis, Property Management, Capital Improvements Feasibility and Tenant Mix) had a positive influence on Financial Turnaround variable while Capital Improvements Feasibility (comprising of items from Capital Improvements Feasibility, Obsolescence Identification and Property Management) had a negative influence on both. Demography (comprising of items only from Demography) had a negative influence on the Financial Recovery variable. The balance of the relationships were depicted as non-significant. The present research effort presents important actions that can be used to influence the turnaround and recovery of distressed real estate. The literature had indicated reasons to recover distressed properties as having wide-ranging economic consequences for the broader communities and the countries in which they reside. The turnaround of distressed properties will not only present financial rewards for opportunistic investors but will have positive effects on the greater community and economy and, thus, social and economic stability. Vii With the emergence of the COVID-19 pandemic crisis, issues with climate change and sustainability, global demographic shifts, changing user requirements, shifts in technology, the threat of obsolescence, urbanisation, globalisation, geo-political tensions, shifting global order, new trends and different generational expectations, it is becoming more apparent that the threat of distressed, abandoned and derelict properties is here to stay, and which will present future opportunities for turnaround, distressed property owners, as well as future worries for urban authorities and municipalities dealing with urban decay. The study concluded with an examination of the perceived limitations of the study as well as presenting a comprehensive range of suggestions for further research.Thesis (PhD) -- Faculty of Engineering, Built Environment and Information Technology, School of the built Environment, 202

A strategic turnaround model for distressed properties

The importance of commercial real estate is clearly shown by the role it plays, worldwide, in the sustainability of economic activities, with a substantial global impact when measured in monetary terms. This study responds to an important gap in the built environment and turnaround literature relating to the likelihood of a successful distressed commercial property financial recovery. The present research effort addressed the absence of empirical evidence by identifying a number of important factors that influence the likelihood of a successful distressed, commercial property financial recovery. Once the important factors that increase the likelihood of recovery have been determined, the results can be used as a basis for turnaround strategies concerning property investors who invest in distressed opportunities. A theoretical turnaround model concerning properties in distress, would be of interest to ‘opportunistic investing’ yield-hungry investors targeting real estate transactions involving ‘turnaround’ potential. Against this background, the main research problem investigated in the present research effort was as follows: Determine the important factors that would increase the likelihood of a successful distressed commercial property financial recovery. A proposed theoretical model was constructed and empirically tested through a questionnaire distributed physically and electronically to a sample of real estate practitioners from across the globe, and who had all been involved, directly or indirectly, with reviving distressed properties. An explanation was provided to respondents of how the questionnaire was developed and how it would be administered. The demographic information pertaining to the 391 respondents was analysed and summarised. The statistical analysis performed to ensure the validity and reliability of the results, was explained to respondents, together with a detailed description of the covariance structural equation modelling method used to verify the proposed theoretical conceptual model. vi The independent variables of the present research effort comprised; Obsolescence Identification, Capital Improvements Feasibility, Tenant Mix, Triple Net Leases, Concessions, Property Management, Contracts, Business Analysis, Debt Renegotiation, Cost-Cutting, Market Analysis, Strategic Planning and Demography, while the dependent variable was The Perceived Likelihood of a Distressed Commercial Property Financial Recovery. After analysis of the findings, a revised model was then proposed and assessed. Both validity and reliability were assessed and resulted in the following factors that potentially influence the dependent variables; Strategy, Concessions, Tenant Mix, Debt Restructuring, Demography, Analyse Alternatives, Capital Improvements Feasibility, Property Management and Net Leases while, after analysis, the dependent variable was replaced by two dependent variables; The Likelihood of a Distressed Property Turnaround and The Likelihood of a Distressed Property Financial Recovery. The results showed that Strategy (comprising of items from Strategic Planning, Business Analysis, Obsolescence Identification and Property Management) and Concessions (comprising of items from Concessions and Triple Net Leases) had a positive influence on both the dependent variables. Property Management (comprising of items from Business Analysis, Property Management, Capital Improvements Feasibility and Tenant Mix) had a positive influence on Financial Turnaround variable while Capital Improvements Feasibility (comprising of items from Capital Improvements Feasibility, Obsolescence Identification and Property Management) had a negative influence on both. Demography (comprising of items only from Demography) had a negative influence on the Financial Recovery variable. The balance of the relationships were depicted as non-significant. The present research effort presents important actions that can be used to influence the turnaround and recovery of distressed real estate. The literature had indicated reasons to recover distressed properties as having wide-ranging economic consequences for the broader communities and the countries in which they reside. The turnaround of distressed properties will not only present financial rewards for opportunistic investors but will have positive effects on the greater community and economy and, thus, social and economic stability. Vii With the emergence of the COVID-19 pandemic crisis, issues with climate change and sustainability, global demographic shifts, changing user requirements, shifts in technology, the threat of obsolescence, urbanisation, globalisation, geo-political tensions, shifting global order, new trends and different generational expectations, it is becoming more apparent that the threat of distressed, abandoned and derelict properties is here to stay, and which will present future opportunities for turnaround, distressed property owners, as well as future worries for urban authorities and municipalities dealing with urban decay. The study concluded with an examination of the perceived limitations of the study as well as presenting a comprehensive range of suggestions for further research.Thesis (PhD) -- Faculty of Engineering, Built Environment and Information Technology, School of the built Environment, 202