Automated Tracing and Visualization of Software Security Structure and Properties

Download Now
Provided by: Association for Computing Machinery
Topic: Security
Format: PDF
Visualizing a program's structure and security characteristics is the intrinsic part of in-depth software security assessment. Such an assessment is typically an analyst-driven task. The visualization for security analysis is usually labor-intensive, since analysts need to read documents and source code, synthesize trace data from multiple sources (e.g., system utilities like lsof or strace). To help address this problem, the authors propose SecSTAR, a tool that dynamically collects the key information from a system and automatically produces the necessary diagrams to support the first steps of widely used security analysis methodologies, such as Microsoft threat modeling and UW/UAB First Principles Vulnerability Assessment (FPVA).
Download Now

Find By Topic