MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Analyzing xfig Using the Bauhaus Tool
WCRE '00 Proceedings of the Seventh Working Conference on Reverse Engineering (WCRE'00)
WCRE '03 Proceedings of the 10th Working Conference on Reverse Engineering
Software Security: Building Security In
Software Security: Building Security In
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Bounded Verification of Voting Software
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Understanding Android Security
IEEE Security and Privacy
Automated analysis of security-design models
Information and Software Technology
Bauhaus: a tool suite for program analysis and reverse engineering
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
An architecture-centric approach to detecting security patterns in software
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Authorization enforcement usability case study
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Security Evaluation of Service-Oriented Systems Using the SiSOA Method
International Journal of Secure Software Engineering
Automated software architecture security risk analysis using formalized signatures
Proceedings of the 2013 International Conference on Software Engineering
| Hi-index | 0.00 |
Static security analysis of software has made great progress over the last years. In particular, this applies to the detection of low-level security bugs such as buffer overflows, Cross-Site Scripting and SQL injection vulnerabilities. Complementarily to commercial static code review tools, we present an approach to the static security analysis which is based upon the software architecture using a reverse engineering tool suite called Bauhaus. This allows one to analyze software on a more abstract level, and a more focused analysis is possible, concentrating on software modules regarded as security-critical. In addition, certain security flaws can be detected at the architectural level such as the circumvention of APIs or incomplete enforcement of access control. We discuss our approach in the context of a business application and Android's Java-based middleware.