有哪些信誉好的足球投注网站- 1、本文档共15页,可阅读全部内容。
- 2、有哪些信誉好的足球投注网站(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
Mining Security-Sensitive Operations in Legacy Code using Concept Analysis
Published in ICSE’07: Proceedings of the
29th International Conference on Software Engineering, Minneapolis, Minnesota, May 2007
Mining Security-Sensitive Operations in Legacy Code using Concept Analysis
Vinod Ganapathy
University of Wisconsin
vg@
David King Trent Jaeger
Pennsylvania State University
{dhking,tjaeger}@
Somesh Jha
University of Wisconsin
jha@
Abstract
This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization pol-
icy enforcement. The approach is based upon the observation that security-sensitive operations performed by
a server are characterized by idiomatic resource manipulations, called fingerprints. Candidate fingerprints are
automatically mined by clustering resource manipulations using concept analysis. These fingerprints are then
used to identify security-sensitive operations performed by the server. Case studies with three real-world servers
show that the approach can be used to identify security-sensitive operations with a few hours of manual effort and
modest domain knowledge.
1 Introduction
Software systems must protect shared resources that they manage from unauthorized access. This is achieved
by formulating and enforcing an appropriate authorization policy (also called access control policy). The policy
specifies the set of security-sensitive operations that a user can perform on a resource. For example, a popular
policy on UNIX-like systems allows only the root to perform the security-sensitive operations Read and Write on
the /etc/passwd file (the resource). Operating systems have historically had mechanisms such as reference mon-
itors [4] to enforce authorization policies. It is also important for user-space servers, such as middleware, web-,
proxy and window-management servers, to implement such mechanisms because they manage shared resources on
behalf of their clients. Unfortunately, economic and practical considerations force developers to choose function-
ality and performance over sec
您可能关注的文档
- LabVIEW开发者必备技巧宝典第一部分.pdf
- Lactose hydrogen breath test versus lactose.pdf
- lactose in lactose-intolerant humans.pdf
- Lactose Intolerance in Thai Adults.pdf
- Lactose Malabsorption and Intolerance in the Elderly.doc
- Lactose malabsorption in Greek.pdf
- Lactose malabsorption in Bangladeshi village.pdf
- Lactose-Application-Guide.pdf
- Lactose-Intoleranc-Malabsorption.pdf
- Lake and Climate Models Linkage A 3D Hydrodynamic Contribution.pdf
最近下载
- 精品解析:2023-2024学年浙江省温州市乐清市统编版六年级上册期末考试语文试卷(解析版).docx VIP
- 浙江省温州市乐清市2023-2024学年三年级上学期语文期末试卷 解析版.docx VIP
- 研讨会(一):战略设计的思维、方法与实践 30Aug2011 LY-BEI-C.pptx VIP
- 彩云追月完整版本.ppt VIP
- 2023年济宁医学院临床医学专业《病理学》科目期末考试卷B.docx VIP
- 《环境监测技术》课程标准.doc VIP
- 浙江省温州市龙湾区2023-2024学年四年级上学期语文期末试卷 解析版.docx VIP
- 东瑞制药搬迁项目环评报告(全本公示版).pdf
- 24DX002-1建筑电气与智能化通用规范图示.pdf VIP
- 五年级语文上册课外必读书《非洲民间故事》练习题及答案全.pdf VIP
文档评论(0)