research-article

Computing legacy software behavior to understand functionality and security properties: an IBM/370 demonstration

Authors:

T. Scott AnkrumAuthors Info & Claims

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Article No.: 43, Pages 1 - 4

https://doi.org/10.1145/2459976.2460025

Published: 08 January 2013 Publication History

Get Access

Abstract

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address current cyber threats. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation on a demonstration project to compute behavior of legacy IBM Assembly code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities for code modernization. This paper reports on the first phase, to define functional semantics for IBM instructions and conduct behavior computation experiments.

References

[1]

Allison, L., A Practical Introduction to Denotational Semantics, Cambridge Computer Science Texts 23, Cambridge University Press, 1986.

Digital Library

Google Scholar

[2]

Burns, L. and T. Daly, "FXplorer: Exploration of Computed Software Behavior: A New Approach to Understanding and Verification," Proceedings of Hawaii International Conference on System Sciences (HICSS-42), IEEE Computer Society Press, Los Alimitos, CA, 2009.

Digital Library

Google Scholar

[3]

Collins, R, Linger, R., Walton, G., and Hevner, A., "The Impacts of Function Extraction Technology on Program Comprehension: A Controlled Experiment," Journal of Information & Software Technology, Vol. 50, M. Shepperd, C. Wohlin, and S. Elbaum (eds.), Elsevier Publishers, New York, NY, 2008.

Digital Library

Google Scholar

[4]

Cousot, P. and Cousot, R., "Abstract Interpretation: a Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints", Proceedings of 4th Conference on the Principles of Programming Languages (POPL), Los Angeles, CA, 1977, pp. 238--252.

Digital Library

Google Scholar

[5]

King, James C., "Symbolic execution and program testing", Comm. of the ACM, v. 19, n. 7, 1976, pp. 385--394.

Digital Library

Google Scholar

[6]

Linger, R., Mills, H., and Witt, B., Structured Programming: Theory and Practice, Addison-Wesley, Reading MS, 1979.

Digital Library

Google Scholar

[7]

Pleszkoch, M., Linger, R., Prowell, S., Sayre, K., and Burns, L., "Automated Behavior Computation for Software Analysis and Validation," Proceedings of Hawaii International Conference on System Sciences (HICSS-45), IEEE Computer Society Press, Los Alimitos, CA, 2012 (to appear).

Digital Library

Google Scholar

[8]

Prowell, S., C. Trammell, R. Linger, and J. Poore, Cleanroom Software Engineering: Technology and Practice, Addison Wesley, Reading, MA, 1999.

Digital Library

Google Scholar

[9]

Walton, G., T. Longstaff, and R. Linger, Technology Foundations for Computational Evaluation of Security Attributes, Technical Report CMU/SEI-2006-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, 2006.

Crossref

Google Scholar

Cited By

View all

Bridges ROesch SIannacone MHuffer KJewell BNichols JWeber BVerma MScofield DMiles CPlummer TDaniell MTall ABeaver JSmith J(2023)Beyond the Hype: An Evaluation of Commercially Available Machine Learning–based Malware DetectorsDigital Threats: Research and Practice10.1145/35674324:2(1-22)Online publication date: 10-Aug-2023
https://dl.acm.org/doi/10.1145/3567432

Index Terms

Computing legacy software behavior to understand functionality and security properties: an IBM/370 demonstration
1. Theory of computation
  1. Semantics and reasoning
    1. Program semantics
      1. Denotational semantics

Recommendations

Legacy Systems Reengineering Using Software Patterns
SCCC '99: Proceedings of the 19th International Conference of the Chilean Computer Science Society

In this work we present a case study for legacy systems reengineering using software patterns aiming at both easing the reengineering process and improving future maintenance. The approach used consists basically of three steps: apply reverse ...
Re-implementing a legacy system
Highlights
- Re-implementation as an alternative to redevelopment and conversion.
- Reverse-...
Abstract
Re-implementation is one of the alternatives to migrate a legacy software system next to conversion, wrapping and redevelopment. It is a compromise solution between automated conversion and complete redevelopment. The technical ...
Encapsulation of legacy software: A technique for reusing legacy software components

The following paper reviews the possibilities of encapsulating existing legacy software for reuse in new distributed architectures. It suggests wrapping as an alternative strategy to reengineering and redevelopment. It then defines the levels of ...

Comments

Information & Contributors

Information

Published In

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

January 2013

282 pages

ISBN:9781450316873

DOI:10.1145/2459976

Editors:
Frederick Sheldon
Oak Ridge National Laboratory
,
Annarita Giani
Los Alamos National Laboratory
,
Axel Krings
University of Idaho
,
Robert Abercrombie
Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CSIIRW '13

Sponsor:

Los Alamos National Labs
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
Argonne Natl Lab
Idaho National Lab.
Nevada National Security Site

CSIIRW '13: Cyber Security and Information Intelligence

January 8 - 10, 2013

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
137
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Bridges ROesch SIannacone MHuffer KJewell BNichols JWeber BVerma MScofield DMiles CPlummer TDaniell MTall ABeaver JSmith J(2023)Beyond the Hype: An Evaluation of Commercially Available Machine Learning–based Malware DetectorsDigital Threats: Research and Practice10.1145/35674324:2(1-22)Online publication date: 10-Aug-2023
https://dl.acm.org/doi/10.1145/3567432

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Legacy Systems Reengineering Using Software Patterns

Re-implementing a legacy system

Encapsulation of legacy software: A technique for reusing legacy software components

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations