SECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS
Security smells found in code could be a subtle sign of security vulnerability in the future. Developers could do security code review to find those signs, however it takes a lot of time in a large codebase. In this research, we focus on using 2 different techniques: Mining Software Repository (MSR)...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Subjects: | |
| Online Access: | https://digilib.itb.ac.id/gdl/view/63812 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:63812 |
|---|---|
| spelling |
id-itb.:638122022-03-17T10:20:47ZSECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS Paramitha, Ranindya Teknik (Rekayasa, enjinering dan kegiatan berkaitan) Indonesia Theses security smell, smelly file, graph analysis, mining software repository INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/63812 Security smells found in code could be a subtle sign of security vulnerability in the future. Developers could do security code review to find those signs, however it takes a lot of time in a large codebase. In this research, we focus on using 2 different techniques: Mining Software Repository (MSR) analysis for detecting smelly files using metrics and graph analysis for finding security smells. Those techniques are expected to support security code review and increase its efficiency. MSR analysis found that ordinal value of LOC, commit count, and author count have positive correlation with the likelihood of a file being smelly. Because those correlations are not completely definitive, we also analyzed the feature combinations and found that combination of ordinal LOC and commit count has the highest positive correlation score, followed by combination of all 3 ordinal features. We then implemented a simple tool and used it to validate the analysis. This validation correlations between smelly files with the occurrence of identified security smells and known security vulnerability. In association with reducing manual security code review time, we found that usage of MSR analysis could reach 84.63% review time reduction. For security smells extraction and detection, we did some literature researches and empirical studies to classify 7 security smells for Java projects. We then did analysis about code representations, mostly about graph, and after that, we built 2 tool modules that utilized graph analysis. Using the graph analysis tools, we found 7 security smells from 2 test projects. Finally, after evaluating both techniques’ performances, we concluded that both techniques could not replace security vulnerability detection. However, both of these techniques could be used as complementary or supporting technique to analyze security risks, especially in risk-averse software development. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| topic |
Teknik (Rekayasa, enjinering dan kegiatan berkaitan) |
| spellingShingle |
Teknik (Rekayasa, enjinering dan kegiatan berkaitan) Paramitha, Ranindya SECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS |
| description |
Security smells found in code could be a subtle sign of security vulnerability in the future. Developers could do security code review to find those signs, however it takes a lot of time in a large codebase. In this research, we focus on using 2 different techniques: Mining Software Repository (MSR) analysis for detecting smelly files using metrics and graph analysis for finding security smells. Those techniques are expected to support security code review and increase its efficiency.
MSR analysis found that ordinal value of LOC, commit count, and author count have positive correlation with the likelihood of a file being smelly. Because those correlations are not completely definitive, we also analyzed the feature combinations and found that combination of ordinal LOC and commit count has the highest positive correlation score, followed by combination of all 3 ordinal features. We then implemented a simple tool and used it to validate the analysis. This validation correlations between smelly files with the occurrence of identified security smells and known security vulnerability. In association with reducing manual security code review time, we found that usage of MSR analysis could reach 84.63% review time reduction.
For security smells extraction and detection, we did some literature researches and empirical studies to classify 7 security smells for Java projects. We then did analysis about code representations, mostly about graph, and after that, we built 2 tool modules that utilized graph analysis. Using the graph analysis tools, we found 7 security smells from 2 test projects.
Finally, after evaluating both techniques’ performances, we concluded that both techniques could not replace security vulnerability detection. However, both of these techniques could be used as complementary or supporting technique to analyze security risks, especially in risk-averse software development. |
| format |
Theses |
| author |
Paramitha, Ranindya |
| author_facet |
Paramitha, Ranindya |
| author_sort |
Paramitha, Ranindya |
| title |
SECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS |
| title_short |
SECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS |
| title_full |
SECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS |
| title_fullStr |
SECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS |
| title_full_unstemmed |
SECURITY SMELL STUDIES IN JAVA LANGUAGE APPLICATIONS |
| title_sort |
security smell studies in java language applications |
| url |
https://digilib.itb.ac.id/gdl/view/63812 |
| _version_ |
1822932256745848832 |