Open Access Thesis
Date of Award
The cost of security vulnerabilities of a software system is high. As a result,
many techniques have been developed to find the vulnerabilities at development time. Of particular interest are static analysis techniques that can consider all possible executions of a system. But, static analysis can suffer from a large number of false positives.
A recently developed approach, Scoria, is a semi-automated static analysis that requires security architects to annotate the code, typecheck the annotations, extract a hierarchical object graph and write constraints in order to find security vulnerabilities in a system.
This thesis evaluates Scoria on three systems (sizes 6 KLOC, 6 KLOC and
25 KLOC) from different application domains (Android and Web) and confirms that Scoria can find security vulnerabilities in those systems without an excessive number of false positives.
Haque, Mohammad Anamul, "Evaluation Of An Architectural-Level Approach For Finding Security Vulnerabilities" (2015). Wayne State University Theses. 424.