TY - GEN
T1 - Securing legacy code with the TRACER platform
AU - Stroggylos, Kostantinos
AU - Mitropoulos, Dimitris
AU - Tzermias, Zacharias
AU - Papadopoulos, Panagiotis
AU - Rafailidis, Fotios
AU - Spinellis, Diomidis
AU - Ioannidis, Sotiris
AU - Katsaros, Panagiotis
PY - 2014/10/2
Y1 - 2014/10/2
N2 - Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project. By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly mon- itoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use.
AB - Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project. By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly mon- itoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use.
KW - Legacy software
KW - Software security
KW - Static analysis
KW - Trusted applications
UR - http://www.scopus.com/inward/record.url?scp=84987935096&partnerID=8YFLogxK
U2 - 10.1145/2645791.2645796
DO - 10.1145/2645791.2645796
M3 - Conference contribution
AN - SCOPUS:84987935096
T3 - ACM International Conference Proceeding Series
BT - PCI 2014 - 18th Panhellenic Conference in Informatics
PB - ACM
T2 - 18th Panhellenic Conference on Informatics, PCI 2014
Y2 - 2 October 2014 through 4 October 2014
ER -