Continuous Flow Analysis to Detect Security Problems

September 30, 2019 Β· Declared Dead Β· πŸ› arXiv.org

πŸ‘» CAUSE OF DEATH: Ghosted
No code link whatsoever

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Steven P. Reiss arXiv ID 1909.13683 Category cs.SE: Software Engineering Cross-listed cs.CR Citations 2 Venue arXiv.org Last Checked 4 months ago
Abstract
We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type annotations and system states from their sources to security problems. The flow analysis achieves a balance between performance and accuracy in order to detect security vulnerabilities within seconds, and uses incremental update to provide immediate feedback to the programmer. Resource files are used to specify the specific security constraints of an application and to tune the analysis. The system can also provide detailed information to the programmer as to why it flagged a particular problem. The tool is integrated into the Code Bubbles development environment.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

πŸ“œ Similar Papers

In the same crypt β€” Software Engineering

Died the same way β€” πŸ‘» Ghosted