Semi-Automatic Software Security Model Extraction: Semi-Automatic Extraction of Security Relevant Information from Source Code for Formally Based Security Models
dc.contributor.author | FARHAND, NEDA | |
dc.contributor.department | Chalmers tekniska högskola / Institutionen för data och informationsteknik | sv |
dc.contributor.examiner | Steghöfer, Jan-Philipp | |
dc.contributor.supervisor | Tuma, Katja | |
dc.contributor.supervisor | Scandariato, Riccardo | |
dc.date.accessioned | 2019-10-31T09:31:39Z | |
dc.date.available | 2019-10-31T09:31:39Z | |
dc.date.issued | 2019 | sv |
dc.date.submitted | 2019 | |
dc.description.abstract | As society becomes increasingly integrated and dependant on software systems, software security is more relevant than ever before. In order to ensure that software applications are secure, different threat modelling techniques are employed. However, many of these rely a great deal on the availability of a security expert and require significant manual effort, often resulting in high time consumption. This thesis describes the development of a tool which automatically extracts a formally specified representation of the software architecture with extended security annotations. The extracted architectural model is known as a “SecDFD”, which is a graph-like representation of software architecture populated with security relevant information from source code, which in turn allows for automated analysis of information flow properties. The SecDFD extraction tool performs semi-automatic extraction of architectural security information from the implementation by processing textual representation of call-graphs together with the source code of the project under analysis. The tool was evaluated by black box testing, and controlled empirical experiments. Our evaluation shows that, while the tool requires further work, it holds potential for use in threat modelling activities. | sv |
dc.identifier.coursecode | DATX05 | sv |
dc.identifier.uri | https://hdl.handle.net/20.500.12380/300502 | |
dc.language.iso | eng | sv |
dc.setspec.uppsok | Technology | |
dc.subject | Software | sv |
dc.subject | Security | sv |
dc.subject | Automation | sv |
dc.subject | Extraction | sv |
dc.subject | eDFD | sv |
dc.subject | Threat Modeling | sv |
dc.title | Semi-Automatic Software Security Model Extraction: Semi-Automatic Extraction of Security Relevant Information from Source Code for Formally Based Security Models | sv |
dc.type.degree | Examensarbete för masterexamen | sv |
dc.type.uppsok | H |
Ladda ner
Original bundle
1 - 1 av 1
Hämtar...
- Namn:
- CSE 19-110 ODR Farhand.pdf
- Storlek:
- 1.39 MB
- Format:
- Adobe Portable Document Format
- Beskrivning:
- Semi-Automatic Software Security Model Extraction
License bundle
1 - 1 av 1
Hämtar...
- Namn:
- license.txt
- Storlek:
- 1.14 KB
- Format:
- Item-specific license agreed upon to submission
- Beskrivning: