An Ontology of Information Security

2011 ◽  
pp. 278-301 ◽  
Author(s):  
Almut Herzog ◽  
Nahid Shahmehri ◽  
Claudiu Duma
Keyword(s):  
Information Security ◽  
Source Code ◽  
Buffer Overflow ◽  
Common Language ◽  
Source Code Analysis ◽  
Code Analysis ◽  
Memory Protection ◽  
Asset Classes ◽  
The Moment ◽  
Definition Of

The authors present a publicly available, OWL-based ontology of information security which models assets, threats, vulnerabilities and countermeasures and their relations. The ontology can be used as a general vocabulary, roadmap and extensible dictionary of the domain of information security. With its help, users can agree on a common language and definition of terms and relationships. In addition to browsing for information, the ontology is also useful for reasoning about relationships between its entities, that is, threats and countermeasures. The ontology helps answer questions like: Which countermeasures detect or prevent the violation of integrity of data? Which assets are protected by SSH? Which countermeasures thwart buffer overflow attacks? At the moment, the ontology comprises 88 threat classes, 79 asset classes, 133 countermeasure classes and 34 relations between those classes. The authors provide means for extending the ontology, and provide examples of the extendibility with the countermeasure classes “memory protection” and “source code analysis”. This chapter describes the content of the ontology as well as its usages, potential for extension, technical implementation and tools for working with it.

scholarly journals Atomicity Violation in Multithreaded Applications and Its Detection in Static Code Analysis Process

2020 ◽  
Vol 10 (22) ◽  
pp. 8005
Author(s):  
Damian Giebas ◽  
Rafał Wojszczyk
Keyword(s):  
Parallel Computing ◽  
Source Code ◽  
Code Analysis ◽  
Atomicity Violation ◽  
Code Model ◽  
Analysis Process ◽  
Static Code Analysis ◽  
Violation Detection ◽  
Definition Of

This paper is a contribution to the field of research dealing with the parallel computing, which is used in multithreaded applications. The paper discusses the characteristics of atomicity violation in multithreaded applications and develops a new definition of atomicity violation based on previously defined relationships between operations, that can be used to atomicity violation detection. A method of detection of conflicts causing atomicity violation was also developed using the source code model of multithreaded applications that predicts errors in the software.

scholarly journals Securing Web Applications through a Framework of Source Code Analysis

2019 ◽  
Vol 15 (12) ◽  
pp. 1780-1794
Author(s):  
Alka Agrawal ◽  
Mamdouh Alenezi ◽  
Rajeev Kumar ◽  
Raees Ahmad Khan
Keyword(s):  
Web Applications ◽  
Source Code ◽  
Source Code Analysis ◽  
Code Analysis

An Automated Approach for Constructing Framework Instantiation Documentation

2020 ◽  
Vol 30 (04) ◽  
pp. 575-601
Author(s):  
Raquel Fialho de Queiroz Lafetá ◽  
Thiago Fialho de Queiroz Lafetá ◽  
Marcelo de Almeida Maia
Keyword(s):  
Empirical Study ◽  
Human Subjects ◽  
Source Code ◽  
High Quality ◽  
Source Code Analysis ◽  
Code Analysis ◽  
Empirical Assessment ◽  
Significant Difference ◽  
Api Documentation ◽  
Substantial Effort

A substantial effort, in general, is required for understanding APIs of application frameworks. High-quality API documentation may alleviate the effort, but the production of such documentation still poses a major challenge for modern frameworks. To facilitate the production of framework instantiation documentation, we hypothesize that the framework code itself and the code of existing instantiations provide useful information. However, given the size and complexity of existent code, automated approaches are required to assist the documentation production. Our goal is to assess an automated approach for constructing relevant documentation for framework instantiation based on source code analysis of the framework itself and of existing instantiations. The criterion for defining whether documentation is relevant would be to compare the documentation with an traditional framework documentation, considering the time spent and correctness during instantiation activities, information usefulness, complexity of the activity, navigation, satisfaction, information localization and clarity. We propose an automated approach for constructing relevant documentation for framework instantiation based on source code analysis of the framework itself and of existing instantiations. The proposed approach generates documentation in a cookbook style, where the recipes are programming activities using the necessary API elements driven by the framework features. We performed an empirical study, consisting of three experiments with 44 human subjects executing real framework instantiations aimed at comparing the use of the proposed cookbooks to traditional manual framework documentation (baseline). Our empirical assessment shows that the generated cookbooks performed better or, at least, with non-significant difference when compared to the traditional documentation, evidencing the effectiveness of the approach.

scholarly journals Deadlocks Detection in Multithreaded Applications Based on Source Code Analysis

2020 ◽  
Vol 10 (2) ◽  
pp. 532 ◽  
Author(s):  
Damian Giebas ◽  
Rafał Wojszczyk
Keyword(s):  
Petri Nets ◽  
Source Code ◽  
Source Code Analysis ◽  
C Language ◽  
Code Analysis ◽  
Advantages And Disadvantages ◽  
Code Model

This paper extends multithreaded application source code model and shows how to using it to detect deadlocks in C language applications. Four known deadlock scenarios from literature can be detected using our model. For every scenario we created theorems and proofs whose fulfillment guarantees the occurrence of deadlocks in multithreaded applications. Paper also contains comparison of multithreaded application source code model and Petri nets and describe advantages and disadvantages both of them.

Selected papers from the fourth Source Code Analysis and Manipulation (SCAM 2004) Workshop

2006 ◽  
Vol 79 (9) ◽  
pp. 1217-1218
Author(s):  
Tom Dean ◽  
Mark Harman ◽  
Rainer Koschke ◽  
Michael Van De Vanter
Keyword(s):  
Source Code ◽  
Source Code Analysis ◽  
Code Analysis
Sign in / Sign up

Export Citation Format

Share Document