Compartmented Mode Workstation: Prototype Highlights
IEEE Transactions on Software Engineering
Assessing modular structure of legacy code based on mathematical concept analysis
ICSE '97 Proceedings of the 19th international conference on Software engineering
Reengineering class hierarchies using concept analysis
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
Locating Features in Source Code
IEEE Transactions on Software Engineering
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Debugging temporal specifications with concept analysis
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Techniques for software renovation
Techniques for software renovation
Consistency analysis of authorization hook placement in the Linux security modules framework
ACM Transactions on Information and System Security (TISSEC)
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Mining Aspectual Views using Formal Concept Analysis
SCAM '04 Proceedings of the Source Code Analysis and Manipulation, Fourth IEEE International Workshop
Aspect Mining through the Formal Concept Analysis of Execution Traces
WCRE '04 Proceedings of the 11th Working Conference on Reverse Engineering
A Qualitative Comparison of Three Aspect Mining Techniques
IWPC '05 Proceedings of the 13th International Workshop on Program Comprehension
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Automatic placement of authorization hooks in the linux security modules framework
Proceedings of the 12th ACM conference on Computer and communications security
Retrofitting Legacy Code for Authorization Policy Enforcement
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
CMV: automatic verification of complete mediation for java virtual machines
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Enforcing authorization policies using transactional memory introspection
Proceedings of the 15th ACM conference on Computer and communications security
AutoISES: automatically inferring security specifications and detecting violations
SS'08 Proceedings of the 17th conference on Security symposium
A security policy oracle: detecting security holes using multiple API implementations
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Unix systems monitoring with FCA
ICCS'11 Proceedings of the 19th international conference on Conceptual structures for discovering knowledge
Leveraging "choice" to automate authorization hook placement
Proceedings of the 2012 ACM conference on Computer and communications security
Granularity of attributes in formal concept analysis
Information Sciences: an International Journal
| Hi-index | 0.00 |
his paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the obser- vation that security-sensitive operations performed by a server are characterized by idiomatic resource manipula- tions, called fingerprints. Candidate fingerprints are auto- matically mined by clustering resource manipulations using concept analysis. These fingerprints are then used to iden- tify security-sensitive operations performed by the server. Case studies with three real-world servers show that the approach can be used to identify security-sensitive opera- tions with a few hours of manual effort and modest domain knowledge.