Abstract
With the development of web-application, especially E-commerce, many software designers need to incorporate either low-level security functionalities into their programs. This involves the implementation of security features using Java Cryptography Architecture (JCA), Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE) API provided by Sun Corporation [1]. Through our discovery, we find that many functional security related features in software systems are usually implemented by a few methods. The use of these methods results to some necessary structural patterns in reduced control flow graph of the program. In this papers, we present our way to recover the security features by recognizing these methods invocations automatically and transform the reduced control flow graph to state transition diagram through functional abstractions. We believe that it would not only facilitate the comprehension of the security framework implemented in the program, but also make the further verification of the security features possible.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sun Microsystems, The Java Enterprise JavaBeans, 2nd edn. Wisley (2002)
Antoniol, G., Fiutem, R., Lutteri, G., Tonella, P., Zanfei, S., Merlo, E.: Program understanding and maintenance with the CANTO environment. In: International Conference on Software Maintenance, pp. 72–81 (1997)
Ball, T., Eick, S.G.: Visualizing program slices. In: IEEE Symposium on Visual Languages, pp. 288–295 (1994)
Balmas, F.: Displaying dependence graphs: a hierarchical approach. In: Proc. Eighth Working Conference on Reverse Engineering, pp. 261–270 (2001)
Deng, Y., Kothari, S., Namara, Y.: Program slice browser. In: Ninth International Workshop on Program Comprehension (IWPC 2001), pp. 50–59 (2001)
Krinke, J.: Evaluating context-sensitive slicing and chopping. In: International Conference on Software Maintenance, pp. 22–31 (2002)
Chen, Z., Xu, B.: Slicing Object-Oriented Java Programs. ACM SIGPLAN Notices 36(4) (April 2001)
Corbett, J., Dwyer, M., Hatcliff, J., Laubach, S., Pasareanu, C., Robby, Z.H.: Extracting finite-state models from Java. In: Proceedings of 22nd international conference on software Engineering, Limerick, Ireland. ACM Press, New York (2000)
Weiser, M.: Program slicing. IEEE Transaction on Software Engineering 10(4), 352–357 (1984)
Joy, B., Steele, G., Godling, J., Bracha, G.: The Java Language Specification. Addison- wesley, Reading, available from, http://java.sun.com/docs/books/jls/index.html
Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Transaction on Programming Languages and Systems 12(1), 26–60 (1990)
Larsen, L., Harrold, M.: Slicing object oriented software. In: 18th International Conference on Software Engineering, March 1996, pp. 495–505 (1996)
Liang, D., Harrold, M.: Slicing objects using system dependence graphs. In: International Conference on Software Maintenance, November 1998, pp. 358–367 (1998)
Zhao, J.: Applying program dependence analysis to java software. In: Proc. Workshop on Software Engineering and Database Systems, Taiwan, December 1998, pp. 162–169 (1998)
Tonella, P., et al.: Flow in-sensitive c++ pointers and polymorphism analysis and its application to slicing. In: 19th International Conference on Software Engineering, May 1997, pp. 433–443 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, HK., Yang, HS. (2005). Security Framework to Verify the Low Level Implementation Codes. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_6
Download citation
DOI: https://doi.org/10.1007/11424826_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25861-2
Online ISBN: 978-3-540-32044-9
eBook Packages: Computer ScienceComputer Science (R0)