Static Extraction Of Dataflow Communication For Security

The cost of security vulnerabilities in widely-deployed code such as mobile applications is high. As a result, many companies are using Architectural Risk Analysis (ARA) to find security vulnerabilities before releasing their applications. The existing analyses are focused on finding local coding bugs such as a hard-coded password, rather than architectural flaws such as bypassing the authentication component. During ARA, to find vulnerabilities that are architectural flaws, security architects use a forest-level view of the runtime architecture instead of reading the code. Unfortunately, such a view is often missing from the documentation or is inconsistent with the code. This thesis contributes Scoria, a semi-automated approach for finding architectural flaws that uses a static analysis to extract from code with annotations an approximation of the runtime architecture as an abstract object graph with dataflow edges that refer to abstract objects. The annotations express local, modular hints about architectural tiers, logical containment, and strict encapsulation, such that the extracted object graph is hierarchical, which provides architects with both high-level and detailed understanding of the runtime architecture. Moreover, the abstract object graph is sound such that it has unique representatives for all objects and dataflow communication that may exist at runtime. Architects assisted by Scoria can write as machine-checkable constraints various security policies that are documented only informally. The constraints are in terms of object provenance and indirect communication and can find vulnerabilities missed by constraints that focus only on the presence or the absence of communication, or constraints that track only information flow from sources to sinks. The evaluation consists of expressing several rules from the CERT Secure Coding Standard for Java for which automated detection was previously unavailable. Scoria is also being used to find information disclosure in open-source Android apps. Based on an existing benchmark, Scoria performs better than commercial and research tools in terms of precision and recall. Scoria is thus making Architectural Risk Analysis, which is today mostly manual and informal, a more rigorous, principled and repeatable activity

Static Extraction Of Dataflow Communication For Security

The cost of security vulnerabilities in widely-deployed code such as mobile applications is high. As a result, many companies are using Architectural Risk Analysis (ARA) to find security vulnerabilities before releasing their applications. The existing analyses are focused on finding local coding bugs such as a hard-coded password, rather than architectural flaws such as bypassing the authentication component. During ARA, to find vulnerabilities that are architectural flaws, security architects use a forest-level view of the runtime architecture instead of reading the code. Unfortunately, such a view is often missing from the documentation or is inconsistent with the code. This thesis contributes Scoria, a semi-automated approach for finding architectural flaws that uses a static analysis to extract from code with annotations an approximation of the runtime architecture as an abstract object graph with dataflow edges that refer to abstract objects. The annotations express local, modular hints about architectural tiers, logical containment, and strict encapsulation, such that the extracted object graph is hierarchical, which provides architects with both high-level and detailed understanding of the runtime architecture. Moreover, the abstract object graph is sound such that it has unique representatives for all objects and dataflow communication that may exist at runtime. Architects assisted by Scoria can write as machine-checkable constraints various security policies that are documented only informally. The constraints are in terms of object provenance and indirect communication and can find vulnerabilities missed by constraints that focus only on the presence or the absence of communication, or constraints that track only information flow from sources to sinks. The evaluation consists of expressing several rules from the CERT Secure Coding Standard for Java for which automated detection was previously unavailable. Scoria is also being used to find information disclosure in open-source Android apps. Based on an existing benchmark, Scoria performs better than commercial and research tools in terms of precision and recall. Scoria is thus making Architectural Risk Analysis, which is today mostly manual and informal, a more rigorous, principled and repeatable activity

Um estudo exploratório a partir de um framework para seleção de práticas ágeis

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da ComputaçãoO principal objetivo dos métodos ágeis existentes é promover o desenvolvimento eficiente de software através de práticas que priorizam a comunicação com o cliente e entregas frequentes. Cada método ágil apresenta um conjunto próprio de práticas. Com esta diversidade de práticas torna-se interessante a construção de novos processos ágeis que contemplem apenas as práticas mais adequadas a partir destes métodos. O problema, entretanto, é que a combinação de práticas de diferentes métodos ágeis não garante, necessariamente, que o novo processo definido seja ágil. Este trabalho avalia a agilidade do conjunto de práticas de um framework de práticas ágeis e busca identificar quais práticas apresentam maior harmonia quando usadas no mesmo processo. A agilidade das práticas é avaliada através dos dados de uma grande pesquisa de opinião online e a harmonia entre elas é identificada através da técnica de análise de agrupamentos. Os melhores resultados foram apresentados pelas práticas de Integração contínua, Desenvolvimento lado a lado e Testes de aceitação. A análise de agrupamentos, por sua vez, formou quatro grupos de práticas: o primeiro formado por Projeto da arquitetura do sistema e Lista de requisitos; o segundo por Desenvolvimento coletivo de código, Integração contínua, Refatoração e Testes de aceitação; o terceiro por Projeto da iteração e Modelagem geral; e o quarto por Desenvolvimento lado a lado e Reuniões diárias.The main objective of agile methods is to promote efficient software development through practices that prioritize communication with the client and frequent deliveries. Each agile method presents its unique set of practices. This diversity of practices may lead to the definition of new agile processes that include only the more appropriate practices from these methods. The problem, however, is that combining practices from different methods does not guarantee that the resulting process can be considered agile. This work assesses the agility of a set of practices of a framework for selecting agile practices and seeks to identify which practices provide more harmony when used in the same process. The agility of the practices is evaluated using data from a large online survey and the harmony between them is identified by the technique of cluster analysis. The best results were presented by the practices of Continuous integration, Side by side development and Acceptance tests. The cluster analysis resulted in four practice groups: the first with System architectural design and Requirements list; the second with Collective code ownership, Continuous integration, Refactoring and Acceptance tests; the third with Iteration design and General modeling; and the fourth with Side by side development and Daily meetings

A review of software change impact analysis

Change impact analysis is required for constantly evolving systems to support the comprehension, implementation, and evaluation of changes. A lot of research effort has been spent on this subject over the last twenty years, and many approaches were published likewise. However, there has not been an extensive attempt made to summarize and review published approaches as a base for further research in the area. Therefore, we present the results of a comprehensive investigation of software change impact analysis, which is based on a literature review and a taxonomy for impact analysis. The contribution of this review is threefold. First, approaches proposed for impact analysis are explained regarding their motivation and methodology. They are further classified according to the criteria of the taxonomy to enable the comparison and evaluation of approaches proposed in literature. We perform an evaluation of our taxonomy regarding the coverage of its classification criteria in studied literature, which is the second contribution. Last, we address and discuss yet unsolved problems, research areas, and challenges of impact analysis, which were discovered by our review to illustrate possible directions for further research

Predicting change propagation using domain-based coupling

Most enterprise systems operate in domains where business rules and requirements frequently change. Managing the cost and impact of these changes has been a known challenge, and the software maintenance community has been tackling it for more than two decades. The traditional approach to impact analysis is by tracing dependencies in the design documents and the source code. More recently the software maintenance history has been exploited for impact analysis. The problem is that these approaches are difficult to implement for hybrid systems that consist of heterogeneous components. In today’s computer era, it is common to find systems of systems where each system was developed in a different language. In such environments, it is a challenge to estimate the change propagation between components that are developed in different languages. There is often no direct code dependency between these components, and they are maintained in different development environments by different developers. In addition, it is the domain experts and consultants who raise the most of the enhancement requests; however, using the existing change impact analysis methods, they cannot evaluate the impact and cost of the proposed changes without the support of the developers. This thesis seeks to address these problems by proposing a new approach to change impact analysis based on software domain-level information. This approach is based on the assumption that domain-level relationships are reflected in the software source code, and one can predict software dependencies and change propagation by exploiting software domain-level information. The proposed approach is independent of the software implementation, inexpensive to implement, and usable by domain experts with no requirement to access and analyse the source code. This thesis introduces domain-based coupling as a novel measure of the semantic similarity between software user interface components. The hypothesis is that the domain-based coupling between software components is correlated with the likelihood of the existence of dependencies and change propagation between these components. This hypothesis has been evaluated with two case studies: • A study of one of the largest open source enterprise systems demonstrates that architectural dependencies can be identified with an accuracy of more than 70% solely based on the domain-based coupling. • A study of 12 years’ maintenance history of the five subsystems of a significant sized proprietary enterprise system demonstrates that the co-change coupling derived from over 75,000 change records can be predicted solely using domain-based coupling, with average recall and precision of more than 60%, which is of comparable quality to other state-of-the-art change impact analysis methods. The results of these studies support our hypothesis that software dependencies and change propagation can be predicted solely from software domain-level information. Although the accuracy of such predictions are not sufficiently strong to completely replace the traditional dependency analysis methods; nevertheless, the presented results suggest that the domain-based coupling might be used as a complementary method or where analysis of dependencies in the code and documents is not a viable option

An empirical study on object-oriented software dependencies: logical, structural and semantic

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonThree of the most widely studied software dependency types are the structural, logical and semantic dependencies. Logical dependencies capture the degree of co-change between software artifacts. Semantic dependencies capture the degree to which artifacts, comments and names are related. Structural dependencies capture the dependencies in the source code of artifacts. Prior studies show that a combination of dependency analysis (e.g., semantic and logical analysis) improves accuracy when predicting which artifacts are likely to be impacted by ripple effects of software changes (though not to a large extent) compared to individual approaches. In addition, some dependencies could be hidden dependencies when an analysis of one dependency type (e.g., logical) does not reveal artifacts only linked by another dependency type (semantic). While previous studies have focused on combining dependency information with minimal benefits, this Thesis explores the consistency of these measurements, and whether hidden dependencies arise between artifacts, and in any of the axes studied. In this Thesis, 79 Java projects are empirically studied to investigate (i) the direct influence and the degree of overlap between dependency types on three axes (logical – structural (LSt); logical – semantic (LSe); structural – semantic (StSe)) (structural, logical and semantic), and (ii) the presence of hidden coupling on the axes. The results show that a high proportion of hidden dependencies can be detected on the LSt and StSe axes. Notwithstanding, the LSe axis shows a much smaller proportion of hidden dependencies. Practicable refactoring methods to mitigate hidden dependencies are proposed in the Thesis and discussed with examples