Securing legacy code with the TRACER platform

Conference paper (2014)

Authors

Kostantinos Stroggylos Athens University of Economics and Business
Dimitris Mitropoulos Athens University of Economics and Business
Zacharias Tzermias Foundation for Research and Technology - Hellas (FORTH)
P. Papadopoulos Foundation for Research and Technology - Hellas (FORTH)
Fotios Rafailidis Aristotle University of Thessaloniki
D. Spinellis Athens University of Economics and Business
Sotiris Ioannidis Foundation for Research and Technology - Hellas (FORTH)
Panagiotis Katsaros Aristotle University of Thessaloniki
Affiliation
External organisation
Static analysis Software security Legacy software Trusted applications
More Info
expand_more

Published Date

02-10-2014

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Affiliation

External organisation

Abstract

Software vulnerabilities can severely affect an organization's infrastructure and cause significant financial damage to it. A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects. However, since the requirements for running such tools and the formats in which they store and present their results vary wildly, it is difficult to utilize many of them in the scope of a project. By simplifying the process of running a variety of vulnerability detectors and collecting their results in an efficient, automated manner during development, the task of tracking security defects throughout the evolution history of software projects is bolstered. In this paper we present tracer, a software framework and platform to support the development of more secure applications by constantly mon- itoring software projects for vulnerabilities. The platform allows the easy integration of existing tools that statically detect software vulnerabilities and promotes their use during software development and maintenance. To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their use.