Acceso al sitio web del Consejo de Políticas de Infraestructura
REVISTA
Computers

   
Redirigiendo al acceso original de articulo en 16 segundos...
Inicio  /  Computers  /  Vol: 12 Par: 12 (2023)  /  Artículo
ARTÍCULO
TITULO

Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager

Midya Alqaradaghi    
Muhammad Zafar Iqbal Nazir and Tamás Kozsik    

Resumen

Static analysis is a software testing technique that analyzes the code without executing it. It is widely used to detect vulnerabilities, errors, and other issues during software development. Many tools are available for static analysis of Java code, including SpotBugs. Methods that perform a security check must be declared private or final; otherwise, they can be compromised when a malicious subclass overrides the methods and omits the checks. In Java, security checks can be performed using the SecurityManager class. This paper addresses the aforementioned problem by building a new automated checker that raises an issue when this rule is violated. The checker is built under the SpotBugs static analysis tool. We evaluated our approach on both custom test cases and real-world software, and the results revealed that the checker successfully detected related bugs in both with optimal metrics values.

PÁGINAS
pp. 0 - 0

 Artículos similares

       
 
António Roque, Duarte M. Sousa, Pedro J. Sebastião, Vítor Silva and Elmano Margato    
The performance of FFC-NMR power supplies is evaluated not only considering the technique requirements but also comparing efficiencies and power consumption. Since the characteristics of FFC-NMR power supplies depend on the power circuit topology and on ... ver más

 
Ali A. Hammadi and Zaid H. Nasralla    
As the Internet grows in capacity, the energy consumption of Information and Communication Technologies (ICT) are significantly increasing. Significant research efforts on energy conservation have been devoted to devise different technological solutions ... ver más
Revista: Applied Sciences

 
Fang Liu, Zexiao Liu, Jialu Gao and Yingchao Jing    
Existing research on integrated innovation primarily focuses on the integration of product functions or technologies in the engineering field, with limited exploration of cross-domain integration of biological knowledge. Various organisms exhibit various... ver más
Revista: Applied Sciences

 
Daudi Mashauri Migayo, Shubi Kaijage, Stephen Swetala and Devotha G. Nyambo    
Applying deep learning models requires design and optimization when solving multifaceted artificial intelligence tasks. Optimization relies on human expertise and is achieved only with great exertion. The current literature concentrates on automating des... ver más
Revista: Computers

 
Mouadh Guesmi, Mohamed Amine Chatti, Shoeb Joarder, Qurat Ul Ain, Clara Siepmann, Hoda Ghanbarzadeh and Rawaa Alatrash    
Significant attention has been paid to enhancing recommender systems (RS) with explanation facilities to help users make informed decisions and increase trust in and satisfaction with an RS. Justification and transparency represent two crucial goals in e... ver más
Revista: Information