Call graph delta analysis and security vulnerability assessment with static analysis | Kütüphane.osmanlica.com
Aramaya Dön

Call graph delta analysis and security vulnerability assessment with static analysis

İsim Call graph delta analysis and security vulnerability assessment with static analysis
Yazar Sozer, Hasan
Basım Tarihi: 2024-01-01
Basım Yeri - IEEE
Konu Software evolution, Security vulnerabilities, Attack surface, Call graphs, Static code analysis
Tür Belge
Dil İngilizce
Dijital Evet
Yazma Hayır
Kütüphane: Özyeğin Üniversitesi
Demirbaş Numarası 2836-3787
Kayıt Numarası dab831d0-e6aa-4e20-b372-01152c3bbde6
Lokasyon Computer Science
Tarih 2024-01-01
Notlar TÜBİTAK ; EUREKA cluster ITEA
Örnek Metin Several quality attributes like maintainability, reliability and security tend to degrade as software evolves. We aim at monitoring the impact of changes on software systems and identify potential vulnerabilities that are introduced by these changes. We apply static analysis on successive versions of source code to extract call graphs throughout its evolution. These graph models are analyzed and compared with each other to quantify the impact of software evolution and the risk for potential vulnerabilities. Graph edit distance metric is used for quantifying delta between graph models. The risk for security vulnerabilities is evaluated based on the dependencies of the source code on a set of functions that are known to be vulnerable, and distances of these functions to the entry points of the program in the call graph. We apply our approach on a set of open source projects. We show that versions with drastic changes and potential vulnerabilities can be highlighted.
DOI 10.1109/COMPSAC61105.2024.00387
Kaynağa git Özyeğin Üniversitesi Özyeğin Üniversitesi
Aramaya Dön
Özyeğin Üniversitesi Özyeğin Üniversitesi
Kaynağa git

Call graph delta analysis and security vulnerability assessment with static analysis

Yazar Sozer, Hasan
Basım Tarihi 2024-01-01
Basım Yeri - IEEE
Konu Software evolution, Security vulnerabilities, Attack surface, Call graphs, Static code analysis
Tür Belge
Dil İngilizce
Dijital Evet
Yazma Hayır
Kütüphane Özyeğin Üniversitesi
Demirbaş Numarası 2836-3787
Kayıt Numarası dab831d0-e6aa-4e20-b372-01152c3bbde6
Lokasyon Computer Science
Tarih 2024-01-01
Notlar TÜBİTAK ; EUREKA cluster ITEA
Örnek Metin Several quality attributes like maintainability, reliability and security tend to degrade as software evolves. We aim at monitoring the impact of changes on software systems and identify potential vulnerabilities that are introduced by these changes. We apply static analysis on successive versions of source code to extract call graphs throughout its evolution. These graph models are analyzed and compared with each other to quantify the impact of software evolution and the risk for potential vulnerabilities. Graph edit distance metric is used for quantifying delta between graph models. The risk for security vulnerabilities is evaluated based on the dependencies of the source code on a set of functions that are known to be vulnerable, and distances of these functions to the entry points of the program in the call graph. We apply our approach on a set of open source projects. We show that versions with drastic changes and potential vulnerabilities can be highlighted.
DOI 10.1109/COMPSAC61105.2024.00387
Özyeğin Üniversitesi
Özyeğin Üniversitesi yönlendiriliyorsunuz...

Lütfen bekleyiniz.