Security framework to verify the low level implementation codes

  • Authors:

  • Haeng-Kon Kim;Hae-Sool Yang

  • Affiliations:

  • Department of Computer Information & Communication Engineering, Catholic University of Daegu;Graduate School of Venture, HoSeo Univ., Chung-Nam, South Korea

  • Venue:
  • ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

With the development of web-application, especially E-commerce, many software designers need to incorporate either low-level security functionalities into their programs. This involves the implementation of security features using Java Cryptography Architecture (JCA), Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE) API provided by Sun Corporation [1]. Through our discovery, we find that many functional security related features in software systems are usually implemented by a few methods. The use of these methods results to some necessary structural patterns in reduced control flow graph of the program. In this papers, we present our way to recover the security features by recognizing these methods invocations automatically and transform the reduced control flow graph to state transition diagram through functional abstractions. We believe that it would not only facilitate the comprehension of the security framework implemented in the program, but also make the further verification of the security features possible.