Proceedings of the 29th International Conference on Software Engineering (ICSE 2007); pages 458--467; Minneapolis, Minnesota; May 20-26, 2007.
This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive operations performed by a server are characterized by idiomatic resource manipulations, called fingerprints. Candidate fingerprints are automatically mined by clustering resource manipulations using concept analysis. These fingerprints are then used to identify security-sensitive operations performed by the server. Case studies with three real-world servers show that the approach can be used to identify security-sensitive operations with a few hours of manual effort and modest domain knowledge.
Paper:
[
PDF
|
HTML
]
(© IEEE)
Slides:
[
Powerpoint
|
PDF
]
DOI:
[
10.1109/ICSE.2007.54
]
Data:
[
Concept Lattices
]