research-article

SAVE: static analysis on versioning entities

Author:

Bastian BraunAuthors Info & Claims

SESS '08: Proceedings of the fourth international workshop on Software engineering for secure systems

Pages 25 - 32

https://doi.org/10.1145/1370905.1370909

Published: 17 May 2008 Publication History

Get Access

Abstract

Insufficiently tested software releases provoque a competition between 'exploiters' versus 'patchers'. Developing secure software from scratch greatly reduces maintenance effort. The integration of regular security checks combined with patch proposals at development time enhances the system's usability and software quality. This paper presents a software development system including version control, security analysis and patching support. As a practical aspect, avoiding flaws becomes easier even for non security experts.

References

[1]

B. W. Boehm. A spiral model of software development and enhancement. Computer, 21(5):61--72, May 1988.

Digital Library

Google Scholar

[2]

J. Merrill. Proceedings of the gcc developers summit. May 2003.

Google Scholar

[3]

S. Neuhaus, T. Zimmermann, C. Holler, and A. Zeller.

Google Scholar

[4]

Predicting vulnerable software components. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 529--540, New York, NY, USA, 2007. ACM.

Digital Library

Google Scholar

[5]

W. Royce. Managing the development of large software systems. In Proc. IEEE Wescon, pages 1--9, August 1970.

Google Scholar

[6]

B. G. Ryder. Incremental data flow analysis. In POPL '83: Proceedings of the 10th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, pages 167--176, New York, NY, USA, 1983. ACM.

Digital Library

Google Scholar

[7]

D. Schreckling and M. Johns. Automatisierter code-audit. Datenschutz und Datensicherheit - DuD, 31:888--893, December 2007.

Crossref

Google Scholar

[8]

M. Weiser. Program slicing. In Proceedings of the 5th International Conference on Software Engineering, pages 439--449. IEEE Computer Society Press, 1981.

Digital Library

Google Scholar

[9]

J. Wilander. Modeling and visualizing security properties of code. In Proceedings of the 5th Conference on Software Engineering Research and Practice in Sweden (SERPS'05), pages 65--74, Vasteras, Sweden, October 2005.

Google Scholar

[10]

J. Wilander and M. Kamkar. A comparison of publicly available tools for static intrusion prevention. In Proceedings of the 7th Nordic Workshop on Secure IT Systems, pages 68--84, Karlstad, Sweden, November 2002.

Google Scholar

[11]

W. Yang, S. Horwitz, and T. Reps. Detecting program components with equivalent behaviors. Technical Report CS-TR-1989-840, University of Wisconsin - Madison, 1989.

Google Scholar

[12]

J.-S. Yur, B. G. Ryder, and W. Landi. An incremental flow- and context-sensitive pointer aliasing analysis. In International Conference on Software Engineering, pages 442--451, 1999.

Digital Library

Google Scholar

[13]

J.-S. Yur, B. G. Ryder, W. Landi, and P. Stocks. Incremental analysis of side effects for c software system. In International Conference on Software Engineering, pages 422--432, 1997.

Digital Library

Google Scholar

Cited By

View all

De Win BLee SMonga MSchäfer WDwyer MGruhn V(2008)The fourth international workshop on software engineering for secure systemsCompanion of the 30th international conference on Software engineering10.1145/1370175.1370251(1069-1070)Online publication date: 10-May-2008
https://dl.acm.org/doi/10.1145/1370175.1370251

Index Terms

SAVE: static analysis on versioning entities
1. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems
      1. System management
        Quality assurance
2. Software and its engineering
  1. Software creation and management
    1. Software post-development issues
      1. Software version control
  2. Software notations and tools
    1. Software configuration management and version control systems

Recommendations

Reviser: efficiently updating IDE-/IFDS-based data-flow analyses in response to incremental program changes
ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Most application code evolves incrementally, and especially so when being maintained after the applications have been deployed. Yet, most data-flow analyses do not take advantage of this fact. Instead they require clients to recompute the entire ...
Incremental and demand-driven points-to analysis using logic programming
PPDP '05: Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming

Several program analysis problems can be cast elegantly as a logic program. In this paper we show how recently-developed techniques for incremental evaluation of logic programs can be refined and used for deriving practical implementations of ...
Precise flow-insensitive may-alias analysis is NP-hard

Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SESS '08: Proceedings of the fourth international workshop on Software engineering for secure systems

May 2008

72 pages

ISBN:9781605580425

DOI:10.1145/1370905

Program Chairs:
Bart De Win
Katholieke Universiteit Leuven, Belgium
,
Seok-Won Lee
University of North Carolina at Charlotte
,
Mattia Monga
Università a degli Studi di Milano, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 May 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '08

Sponsor:

ICSE '08: International Conference on Software Engineering

May 17 - 18, 2008

Leipzig, Germany

Acceptance Rates

Overall Acceptance Rate 8 of 11 submissions, 73%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
236
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 29 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

De Win BLee SMonga MSchäfer WDwyer MGruhn V(2008)The fourth international workshop on software engineering for secure systemsCompanion of the 30th international conference on Software engineering10.1145/1370175.1370251(1069-1070)Online publication date: 10-May-2008
https://dl.acm.org/doi/10.1145/1370175.1370251

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Reviser: efficiently updating IDE-/IFDS-based data-flow analyses in response to incremental program changes

Incremental and demand-driven points-to analysis using logic programming

Precise flow-insensitive may-alias analysis is NP-hard