research-article

Abstract runtime structure for reasoning about security: poster

Authors:
Marwan Abi-Antoun

Wayne State University, Detroit, MI

Wayne State University, Detroit, MI
View Profile

,
Ebrahim Khalaj

Wayne State University, Detroit, MI

Wayne State University, Detroit, MI
View Profile

,
Radu Vanciu

Wayne State University, Detroit, MI

Wayne State University, Detroit, MI
View Profile

,
Ahmad Moghimi

Wayne State University, Detroit, MI

Wayne State University, Detroit, MI
View Profile

HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of SecurityApril 2016Pages 1–3https://doi.org/10.1145/2898375.2898377

Published:19 April 2016Publication History

HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of Security

Pages 1–3

ABSTRACT

We propose an interactive approach where analysts reason about the security of a system using an abstraction of its runtime structure, as opposed to looking at the code. They interactively refine a hierarchical object graph, set security properties on abstract objects or edges, query the graph, and investigate the results by studying highlighted objects or edges or tracing to the code. Behind the scenes, an inference analysis and an extraction analysis maintain the soundness of the graph with respect to the code.

References

M. Abi-Antoun and J. Aldrich. Static Extraction and Conformance Analysis of Hierarchical Runtime Architectural Structure using Annotations. In OOPSLA, 2009. Google ScholarDigital Library
J. Aldrich and C. Chambers. Ownership Domains: Separating Aliasing Policy from Mechanism. In ECOOP, 2004.Google ScholarCross Ref
F. Long, D. Mohindra, R. C. Seacord, D. F. Sutherland, and D. Svoboda. The CERT Oracle Secure Coding Standard for Java. Addison-Wesley, 2011. Google ScholarDigital Library
SEI CERT Oracle Coding Standard for Java, 2016. www.securecoding.cert.org/confluence/display/java/.Google Scholar
R. Vanciu and M. Abi-Antoun. Finding architectural flaws using constraints. In ASE, 2013.Google ScholarDigital Library

Index Terms

Abstract runtime structure for reasoning about security: poster
1. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Software architectures
        Object oriented architectures

Recommendations

Object-Oriented Structure Refinement -- A Graph Transformational Approach

In UML, the general structure of objects, their attributes and relations are modeled as a class graph, and an instance of a class graph is defined as an object graph. The class graph of a system determines the general properties of objects and how ...
Read More
Static extraction and conformance analysis of hierarchical runtime architectural structure using annotations
OOPSLA '09

An object diagram makes explicit the object structures that are only implicit in a class diagram. An object diagram may be missing and must extracted from the code. Alternatively, an existing diagram may be inconsistent with the code, and must be ...
Read More
Are Object Graphs Extracted Using Abstract Interpretation Significantly Different from the Code?
SCAM '14: Proceedings of the 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation

To evolve object-oriented code, one must understand both the code structure in terms of classes, and the runtime structure in terms of abstractions of objects that are being created and relations between those objects. To help with this understanding, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of Security
April 2016
138 pages
ISBN:9781450342773
DOI:10.1145/2898375
General Chairs:
William L. Scherlis
Carnegie Mellon University
,
David Brumley
Carnegie Mellon University
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 April 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
graph query
object graphs
ownership type inference
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate34of60submissions,57%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 108
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract runtime structure for reasoning about security: poster

HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Object-Oriented Structure Refinement -- A Graph Transformational Approach

Static extraction and conformance analysis of hierarchical runtime architectural structure using annotations

Are Object Graphs Extracted Using Abstract Interpretation Significantly Different from the Code?