Mining Security-Sensitive Operations in Legacy Cod Using Concept Analysis
Show full item record
File(s):
- Author(s)
-
Ganapathy, Vinod; King, Dave; Jaeger, Trent; Jha, Somesh
- Publisher
- University of Wisconsin-Madison Department of Computer Sciences
- Date
- Mar 15, 2012
- Abstract
- We present an approach based on concept analysis to retrofit legacy servers
with mechanisms for authorization policy enforcement. Our approach is based
upon the observation that security-sensitive operations are characterized by
idiomatic resource manipulations, called fingerprints. We statically mine
fingerprints using concept analysis and then use them to identify
security-sensitive operations and locate where they are performed by the
server. Case studies with three real-world servers show that our approach is
affordable and effective. We were able to identify security-sensitive
operations for each of these servers with a few hours of manual effort and
modest domain knowledge.
- Permanent link
-
http://digital.library.wisc.edu/1793/60534
- Export
-
Export to RefWorks
Part of
Show full item record
