Idea: Towards Architecture-Centric Security Analysis of Software
نویسندگان
چکیده
Static security analysis of software has made great progress over the last years. In particular, this applies to the detection of lowlevel security bugs such as buffer overflows, Cross-Site Scripting and SQL injection vulnerabilities. Complementarily to commercial static code review tools, we present an approach to the static security analysis which is based upon the software architecture using a reverse engineering tool suite called Bauhaus. This allows one to analyze software on a more abstract level, and a more focused analysis is possible, concentrating on software modules regarded as security-critical. In addition, certain security flaws can be detected at the architectural level such as the circumvention of APIs or incomplete enforcement of access control. We discuss our approach in the context of a business application and Android’s Java-based middleware.
منابع مشابه
Towards an Architecture-Centric Approach Dedicated to Model-Based Virtual Integration for Embedded Software Systems
Current embedded systems are increasingly more complex and heterogeneous, but they are expected to be more safe, reliable and adaptive. In consideration of all these aspects, their design is always a great challenge. Developing these systems with conventional design approaches and programming methods turns out to be difficult. In this paper, we mainly present the informative background and the ...
متن کاملTowards Architecture-Centric Software Generation
Architecture-centric software generation has the potential to support flexible design and large-scale reuse. This paper describes the development of an architecture-centric framework that consists of multiple architecture alternatives, from which the architect can select and generate a working prototype in a top-down manner through an user interface rather than building it from scratch. The fra...
متن کاملMemory-Centric Security Architecture
This paper presents a new security architecture for protecting software confidentiality and integrity. Different from the previous process-centric systems designed for the same purpose, the new architecture ties cryptographic properties and security attributes to memory instead of each individual user process. The advantages of such a memory centric design are many folds. First, it provides a b...
متن کاملNext-generation Network Architecture Led by Information-Centric Networking
The Internet was originally aimed at sending and receiving data between host computers. However, developments in recent years have led to it being used as a distribution system for information such as video and music data. There is thus a growing interest in information-centric networking (ICN), a new networking architecture that better supports information-centric Internet usage. The basic ide...
متن کاملComponent - Based Platform for a Virtual University Information System
Design ideas for a Virtual University Information System, VUIS, are presented. The design is an interface-centric component-based architecture. Basic services are decomposed into sets of monadic services, each of which is implemented as a reusable software EJB component. The interaction patterns and communication interfaces between components to realise foreseen and un-foreseen basic services a...
متن کامل