دومین کنگره بین‌المللی فناوری ارتباطات و دانش ictck 2015 , 2015-11-11

Title : ( Providing a Source Code Security Analysis Model Using Semantic Web Techniques )

Authors: ala ekramifard , Mohsen Kahani ,

Citation: BibTeX | EndNote

Abstract

Security is one of the main issues in all phases of the software life cycle. Since most software vulnerabilities occur in coding phase, so the secure implementation is very important. Semantic Web ontology expresses the concept of a specific area. According to variety of software systems and manufacturing techniques, the Semantic Web can be effective in production of software systems. Anthology helps to review security holes and bugs in source code and produces appropriate reports. To overcome the problem of variety of source code language, in this paper, an ontology approach for source code security analysis model has been used. In this model, the source code is represented in terms of the RDF triples. The security error patterns are provided in the form of SPARQL queries. The result shows that this approach is promising and can effectively find the security flaw patterns in source codes. Experimental evaluations demonstrate that this approach is feasible and finds bug patterns that implemented. The main advantage of this method is the independence of code analysis and error inference sections so each parts can be developed.

Keywords

, Security analysis, source code, semantic web ontology
برای دانلود از شناسه و رمز عبور پرتال پویا استفاده کنید.

@inproceedings{paperid:1055191,
author = {Ekramifard, Ala and Kahani, Mohsen},
title = {Providing a Source Code Security Analysis Model Using Semantic Web Techniques},
booktitle = {دومین کنگره بین‌المللی فناوری ارتباطات و دانش ictck 2015},
year = {2015},
location = {مشهد, IRAN},
keywords = {Security analysis; source code; semantic web ontology},
}

[Download]

%0 Conference Proceedings
%T Providing a Source Code Security Analysis Model Using Semantic Web Techniques
%A Ekramifard, Ala
%A Kahani, Mohsen
%J دومین کنگره بین‌المللی فناوری ارتباطات و دانش ictck 2015
%D 2015

[Download]