Skip to main content
SpringerLink
Log in

Security Framework to Verify the Low Level Implementation Codes

  • Conference paper
Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3481))

Included in the following conference series:

Abstract

With the development of web-application, especially E-commerce, many software designers need to incorporate either low-level security functionalities into their programs. This involves the implementation of security features using Java Cryptography Architecture (JCA), Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE) API provided by Sun Corporation [1]. Through our discovery, we find that many functional security related features in software systems are usually implemented by a few methods. The use of these methods results to some necessary structural patterns in reduced control flow graph of the program. In this papers, we present our way to recover the security features by recognizing these methods invocations automatically and transform the reduced control flow graph to state transition diagram through functional abstractions. We believe that it would not only facilitate the comprehension of the security framework implemented in the program, but also make the further verification of the security features possible.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sun Microsystems, The Java Enterprise JavaBeans, 2nd edn. Wisley (2002)

    Google Scholar 

  2. Antoniol, G., Fiutem, R., Lutteri, G., Tonella, P., Zanfei, S., Merlo, E.: Program understanding and maintenance with the CANTO environment. In: International Conference on Software Maintenance, pp. 72–81 (1997)

    Google Scholar 

  3. Ball, T., Eick, S.G.: Visualizing program slices. In: IEEE Symposium on Visual Languages, pp. 288–295 (1994)

    Google Scholar 

  4. Balmas, F.: Displaying dependence graphs: a hierarchical approach. In: Proc. Eighth Working Conference on Reverse Engineering, pp. 261–270 (2001)

    Google Scholar 

  5. Deng, Y., Kothari, S., Namara, Y.: Program slice browser. In: Ninth International Workshop on Program Comprehension (IWPC 2001), pp. 50–59 (2001)

    Google Scholar 

  6. Krinke, J.: Evaluating context-sensitive slicing and chopping. In: International Conference on Software Maintenance, pp. 22–31 (2002)

    Google Scholar 

  7. Chen, Z., Xu, B.: Slicing Object-Oriented Java Programs. ACM SIGPLAN Notices 36(4) (April 2001)

    Google Scholar 

  8. Corbett, J., Dwyer, M., Hatcliff, J., Laubach, S., Pasareanu, C., Robby, Z.H.: Extracting finite-state models from Java. In: Proceedings of 22nd international conference on software Engineering, Limerick, Ireland. ACM Press, New York (2000)

    Google Scholar 

  9. Weiser, M.: Program slicing. IEEE Transaction on Software Engineering 10(4), 352–357 (1984)

    Article  Google Scholar 

  10. Joy, B., Steele, G., Godling, J., Bracha, G.: The Java Language Specification. Addison- wesley, Reading, available from, http://java.sun.com/docs/books/jls/index.html

  11. Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Transaction on Programming Languages and Systems 12(1), 26–60 (1990)

    Article  Google Scholar 

  12. Larsen, L., Harrold, M.: Slicing object oriented software. In: 18th International Conference on Software Engineering, March 1996, pp. 495–505 (1996)

    Google Scholar 

  13. Liang, D., Harrold, M.: Slicing objects using system dependence graphs. In: International Conference on Software Maintenance, November 1998, pp. 358–367 (1998)

    Google Scholar 

  14. Zhao, J.: Applying program dependence analysis to java software. In: Proc. Workshop on Software Engineering and Database Systems, Taiwan, December 1998, pp. 162–169 (1998)

    Google Scholar 

  15. Tonella, P., et al.: Flow in-sensitive c++ pointers and polymorphism analysis and its application to slicing. In: 19th International Conference on Software Engineering, May 1997, pp. 433–443 (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Information & Communication Engineering, Catholic University of Daegu,  

    Haeng-Kon Kim

  2. Graduate School of Venture, HoSeo Univ., Bae-Bang myon, A-San, Chung-Nam, 336-795, South Korea

    Hae-Sool Yang

Authors
  1. Haeng-Kon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hae-Sool Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, P.O. Box, I-06123, Perugia, Italy

    Antonio Laganà

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, P.O. Box, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, HK., Yang, HS. (2005). Security Framework to Verify the Low Level Implementation Codes. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_6

Download citation

  • DOI: https://doi.org/10.1007/11424826_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25861-2

  • Online ISBN: 978-3-540-32044-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation