Evaluation Of An Architectural-Level Approach For Finding Security Vulnerabilities

Author

Mohammad Anamul Haque, Wayne State UniversityFollow

Access Type

Open Access Thesis

Date of Award

January 2015

Degree Type

Thesis

Degree Name

M.S.

Department

Computer Science

First Advisor

Marwan Abi-Antoun

Abstract

The cost of security vulnerabilities of a software system is high. As a result,

many techniques have been developed to find the vulnerabilities at development time. Of particular interest are static analysis techniques that can consider all possible executions of a system. But, static analysis can suffer from a large number of false positives.

A recently developed approach, Scoria, is a semi-automated static analysis that requires security architects to annotate the code, typecheck the annotations, extract a hierarchical object graph and write constraints in order to find security vulnerabilities in a system.

This thesis evaluates Scoria on three systems (sizes 6 KLOC, 6 KLOC and

25 KLOC) from different application domains (Android and Web) and confirms that Scoria can find security vulnerabilities in those systems without an excessive number of false positives.

Recommended Citation

Haque, Mohammad Anamul, "Evaluation Of An Architectural-Level Approach For Finding Security Vulnerabilities" (2015). Wayne State University Theses. 424.
https://digitalcommons.wayne.edu/oa_theses/424