Computer Engineering Commons^™

Evaluation Of An Architectural-Level Approach For Finding Security Vulnerabilities, Mohammad Anamul Haque

Wayne State University Theses

The cost of security vulnerabilities of a software system is high. As a result,

many techniques have been developed to find the vulnerabilities at development time. Of particular interest are static analysis techniques that can consider all possible executions of a system. But, static analysis can suffer from a large number of false positives.

A recently developed approach, Scoria, is a semi-automated static analysis that requires security architects to annotate the code, typecheck the annotations, extract a hierarchical object graph and write constraints in order to find security vulnerabilities in a system.

This thesis evaluates Scoria on three systems (sizes …