A Catalog of Security-oriented Program Transformations
نویسندگان
چکیده
Security requirements change, but the typical way of improving system security by patches is ad hoc and has not produced good results. Security improvements should be systematic, just as new features can be added to software systematically. It would be easier to improve the security of a system if we had a catalog of security-oriented program transformations that could be used to plan changes, to divide the work to make changes, and as a target of automation. This paper describes a catalog of security-oriented program transformations that were derived from security patterns. It describes several ways of categorizing these transformations, our first attempts at validating the catalog, and how the catalog can be used to improve the security of systems.
منابع مشابه
Object-oriented transformations for extracting aspects
In the migration of object-oriented systems towards the aspect technology, after locating fragments of code presenting a crosscutting behavior and before extracting such code to aspects, transformations may be needed in the base program. Such transformations aim to associate crosscutting code to points of the base program that can be captured using the pointcut descriptor model of aspect-orient...
متن کاملSEIMCHA: a new semantic image CAPTCHA using geometric transformations
As protection of web applications are getting more and more important every day, CAPTCHAs are facing booming attention both by users and designers. Nowadays, it is well accepted that using visual concepts enhance security and usability of CAPTCHAs. There exist few major different ideas for designing image CAPTCHAs. Some methods apply a set of modifications such as rotations to the original imag...
متن کاملDwarf Frankenstein is still in your memory: tiny code reuse attacks
Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...
متن کاملProgram Transformations for Distributed Control Systems
This article focuses on programming support for the application area of distributed control systems. Program transformations are introduced to modify properties of distributed programs. Based on a specification-oriented version of CSP transformations are applied to solve standard problems of distributed programming. Equally transformations are used to map specification-oriented CSP-programs to ...
متن کاملA Catalog of Object Model Transformations
The process of software development is gradually achieving more rigor. Proficient developers now construct software indirectly through the abstraction of models. Models allow a developer to focus on the essential aspects of an application and defer details. Transformations extend the power of models, as the developer can substitute refinement and optimization of models for tedious manipulation ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009