Campus Units

Electrical and Computer Engineering

Document Type

Conference Proceeding

Conference

COMPSAC 2019: Data Driven Intelligence for a Smarter World

Publication Version

Accepted Manuscript

Publication Date

2019

Journal or Book Title

COMPSAC 2019: Data Driven Intelligence for a Smarter World

First Page

1

Last Page

6

Conference Title

COMPSAC 2019: Data Driven Intelligence for a Smarter World

Conference Date

July 15-19, 2019

City

Milwaukee, WI

Abstract

Companies develop their software in versions and iterations. Ensuring the security of each additional version using code review is costly and time consuming. This paper investigates automated tracing of the impacts of code changes on the security of a given software. To this end, we use call graphs to model the software code, and security assurance cases to model the security requirements of the software. Then we relate assurance case elements to code through the entry point methods of the software, creating a map of monitored security functions. This mapping allows to evaluate the security requirements that are affected by code changes. The approach is implemented in a set of tools and evaluated using three open-source ERP/Ecommerce software applications. The limited evaluation showed that the approach is effective in identifying the impacts of code changes on the security of the software. The approach promises to considerably reduce the security assessment time of the subsequent releases and iterations of software, keeping the initial security state throughout the software lifetime.

Comments

This is a manuscript of the proceeding Abdelkhalek, Moataz, Ameerah-Muhsina Jamil, and Lotfi ben Othmane. "Identification of the Impacts of Code Changes on the Security of Software." COMPSAC 2019: Data Driven Intelligence for a Smarter World (2019): 1-6.

Rights

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Copyright Owner

IEEE

Language

en

File Format

application/pdf

Share

Article Location

 
COinS