Mining Security-Sensitive Operations in Legacy Cod Using Concept Analysis
Vinod Ganapathy, Dave King, Trent Jaeger, Somesh Jha
We present an approach based on concept analysis to retrofit legacy servers with mechanisms for authorization policy enforcement. Our approach is based upon the observation that security-sensitive operations are characterized by idiomatic resource manipulations, called fingerprints. We statically mine fingerprints using concept analysis and then use them to identify security-sensitive operations and locate where they are performed by the server. Case studies with three real-world servers show that our approach is affordable and effective. We were able to identify security-sensitive operations for each of these servers with a few hours of manual effort and modest domain knowledge.
Download this report (PDF)
Return to tech report index