6,059 research outputs found
Lightweight Multilingual Software Analysis
Developer preferences, language capabilities and the persistence of older
languages contribute to the trend that large software codebases are often
multilingual, that is, written in more than one computer language. While
developers can leverage monolingual software development tools to build
software components, companies are faced with the problem of managing the
resultant large, multilingual codebases to address issues with security,
efficiency, and quality metrics. The key challenge is to address the opaque
nature of the language interoperability interface: one language calling
procedures in a second (which may call a third, or even back to the first),
resulting in a potentially tangled, inefficient and insecure codebase. An
architecture is proposed for lightweight static analysis of large multilingual
codebases: the MLSA architecture. Its modular and table-oriented structure
addresses the open-ended nature of multiple languages and language
interoperability APIs. We focus here as an application on the construction of
call-graphs that capture both inter-language and intra-language calls. The
algorithms for extracting multilingual call-graphs from codebases are
presented, and several examples of multilingual software engineering analysis
are discussed. The state of the implementation and testing of MLSA is
presented, and the implications for future work are discussed.Comment: 15 page
Recommended from our members
Defense Against REST-based Web Service Attacks for Enterprise Systems
In recent years, Representational State Transfer or REST-based Web Services have become popular for building Web systems. They have become an integral and critical part of information systems to facilitate and integrate the business processes across the enterprise. However, the simplicity of a REST-based implementation has caused the neglect of its systematic security threat analysis and design. One of the issues of systems built with REST services integration is their susceptibility to JSON input attacks. Such attacks could compromise the integrity of critical data in enterprise business processes. We analyze such a security issue in this paper. Some mechanisms used to secure Web sites and servers, such as encryption via HTTPS, static source code analysis, and input validation, can be integrated to defend against the attack
Annotation-Based Static Analysis for Personal Data Protection
This paper elaborates the use of static source code analysis in the context
of data protection. The topic is important for software engineering in order
for software developers to improve the protection of personal data during
software development. To this end, the paper proposes a design of annotating
classes and functions that process personal data. The design serves two primary
purposes: on one hand, it provides means for software developers to document
their intent; on the other hand, it furnishes tools for automatic detection of
potential violations. This dual rationale facilitates compliance with the
General Data Protection Regulation (GDPR) and other emerging data protection
and privacy regulations. In addition to a brief review of the state-of-the-art
of static analysis in the data protection context and the design of the
proposed analysis method, a concrete tool is presented to demonstrate a
practical implementation for the Java programming language
- …