Yu, Yijun; Jurjens, Jan and Mylopoulos, John
Traceability for the maintenance of secure software.
In: IEEE International Conference on Software Maintenance, 28 Sept - 4 Oct 2008, Beijing, China.
Full text available as:
Traceability links among different software engineering artifacts make explicit how a software system was implemented to accommodate its requirements. For secure and dependable software system development, one must ensure the linked entities are truly traceable to each other and the links are updated to reflect true traceability among changed entities. However, traditional traceability relationships link recovery techniques are not accurate enough. To address this problem, we propose a traceability technique based on refactoring, which is then continuously integrated with other software maintenance activities. Applying our traceability technique to the proven SSL protocol design, we found a significant vulnerability bug in its open-source implementation. The results also demonstrate the level of accuracy and change resilience of our technique that enable reuse of the traceability-related analysis on different implementations.
Actions (login may be required)