Ponencia
Advisory: vulnerability analysis in software development project dependencies
Autor/es | Márquez Trujillo, Antonio Germán
Galindo Duarte, José Ángel Varela Vaca, Ángel Jesús Gómez López, María Teresa Benavides Cuevas, David Felipe |
Departamento | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos |
Fecha de publicación | 2022 |
Fecha de depósito | 2022-11-02 |
Publicado en |
|
ISBN/ISSN | 978-1-4503-9206-8 |
Resumen | ecurity has become a crucial factor in the development of soft ware systems. The number of dependencies in software systems
is becoming a source of countless bugs and vulnerabilities. In the
past, the product line community ... ecurity has become a crucial factor in the development of soft ware systems. The number of dependencies in software systems is becoming a source of countless bugs and vulnerabilities. In the past, the product line community has proposed several techniques and mechanisms to cope with the problems that arise when dealing with variability and dependency management in such systems. In this paper, we present Advisory, a solution that allows automated dependency analysis for vulnerabilities within software projects based on techniques from the product line community. Advisory first inspects software dependencies, then generates a dependency graph, to which security information about vulnerabilities is attrib uted and translated into a formal model, in this case, based on SMT. Finally, Advisory provides a set of analysis and reasoning operations on these models that allow extracting helpful information about the location of vulnerabilities of the project configuration space, as well as details for advising on the security risk of these projects and their possible configurations. |
Agencias financiadoras | Ministerio de Ciencia e Innovación (MICIN). España Junta de Andalucía |
Identificador del proyecto | PID2020-112540RB-C44 (AETHER-US)
P20-01224 (COPERNICA) METAMORFOSIS (US-1381375) |
Cita | Márquez Trujillo, A.G., Galindo Duarte, J.Á., Varela Vaca, Á.J., Gómez López, M.T. y Benavides Cuevas, D.F. (2022). Advisory: vulnerability analysis in software development project dependencies. En SPLC 2022: 26th ACM International Systems and Software Product Line Conference (99-102), Graz, Austria: ACM: Association for Computing Machinery. |
Ficheros | Tamaño | Formato | Ver | Descripción |
---|---|---|---|---|
3503229.3547058.pdf | 928.5Kb | [PDF] | Ver/ | |