Securing legacy code with the TRACER platform

Kostantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, Panagiotis Katsaros

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project. By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly mon- itoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use.

Original languageEnglish
Title of host publicationPCI 2014 - 18th Panhellenic Conference in Informatics
PublisherAssociation for Computing Machinery (ACM)
ISBN (Electronic)1595930361, 9781450328975
DOIs
Publication statusPublished - 2 Oct 2014
Externally publishedYes
Event18th Panhellenic Conference on Informatics, PCI 2014 - Athens, Greece
Duration: 2 Oct 20144 Oct 2014

Publication series

NameACM International Conference Proceeding Series
Volume02-04-October-2014

Conference

Conference18th Panhellenic Conference on Informatics, PCI 2014
CountryGreece
CityAthens
Period2/10/144/10/14

Keywords

  • Legacy software
  • Software security
  • Static analysis
  • Trusted applications

Fingerprint Dive into the research topics of 'Securing legacy code with the TRACER platform'. Together they form a unique fingerprint.

Cite this