Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Computer Engineering
Evaluation Of An Architectural-Level Approach For Finding Security Vulnerabilities, Mohammad Anamul Haque
Evaluation Of An Architectural-Level Approach For Finding Security Vulnerabilities, Mohammad Anamul Haque
Wayne State University Theses
The cost of security vulnerabilities of a software system is high. As a result,
many techniques have been developed to find the vulnerabilities at development time. Of particular interest are static analysis techniques that can consider all possible executions of a system. But, static analysis can suffer from a large number of false positives.
A recently developed approach, Scoria, is a semi-automated static analysis that requires security architects to annotate the code, typecheck the annotations, extract a hierarchical object graph and write constraints in order to find security vulnerabilities in a system.
This thesis evaluates Scoria on three systems (sizes …