Ecole d'ingénieur et centre de recherche en Sciences du numérique

Towards assisted remediation of security vulnerabilities

Serme, Gabriel; De Oliveira, Anderson Santana; Guarnieriy, Marco; El Khoury, Paul

SECURWARE 2012, 6th International Conference on Emerging Security Information, Systems and Technologies, August 19-24, 2012, Rome, Italy

Best Paper Award

Security vulnerabilities are still prevalent in systems despite the existence of their countermeasures for several decades. In order to detect the security vulnerabilities missed by developers, complex solutions are undertaken like static analysis, often after the development phase and with a loss of context. Although vulnerabilities are found, there is also an absence of systematic protection against them. In this paper, we introduce an integrated Eclipse plug-in to assist developers in the detection and mitigation of security vulnerabilities using Aspect-Oriented Programming early in the development life-cycle. The work is a combination of static analysis and protection code generation during the development phase. We leverage the developer interaction with the integrated tool to obtain more knowledge about the system, and to report back a better overview of the different security aspects already applied, then we discuss challenges for such code correction approach. The results are an in-depth solution to assist developers to provide software with higher security standards.

Document Bibtex

Titre:Towards assisted remediation of security vulnerabilities
Mots Clés:Security, AOP, Software Engineering, Static Analysis, Vulnerability Remediation
Département:Sécurité numérique
Eurecom ref:3805
Copyright: IARIA
Bibtex: @inproceedings{EURECOM+3805, year = {2012}, title = {{T}owards assisted remediation of security vulnerabilities }, author = {{S}erme, {G}abriel and {D}e {O}liveira, {A}nderson {S}antana and {G}uarnieriy, {M}arco and {E}l {K}houry, {P}aul}, booktitle = {{SECURWARE} 2012, 6th {I}nternational {C}onference on {E}merging {S}ecurity {I}nformation, {S}ystems and {T}echnologies, {A}ugust 19-24, 2012, {R}ome, {I}taly}, address = {{R}ome, {ITALIE}}, month = {08}, url = {} }
Voir aussi: