Paper Info
Title
Automated Detection of Information Flow Vulnerabilities in UML State Charts and C Code
Abstract
Information flow vulnerabilities in UML statecharts and C code are detrimental as they can cause data leakagesor unexpected program behavior. Detecting such vulnerabilitieswith static code analysis techniques is challenging because codeis usually not available during the software design phase andprevious knowledge about what should be annotated and trackedis needed. In this paper we propose textual annotations used tointroduce information flow constraints in UML state charts andcode which are afterwards automatically loaded by informationflow checkers that check if imposed constraints hold or not. Weevaluated our approach on 6 open source test cases availablein the National Institute of Standards and Technology (NIST)Juliet test suite for C/C++. Our results show that our approachis effective and can be further applied to other types of UMLmodels and programming languages as well, in order to detectdifferent types of vulnerabilities.
Year
DOI
Venue
2015
10.1109/QRS-C.2015.30
QRS Companion
Keywords
Field
DocType
model-based verification, information flow vulnerability, static code analysis
Test suite,Code coverage,Static program analysis,Programming language,Software engineering,UML tool,Source code,Computer science,KPI-driven code analysis,Applications of UML,Code review
Conference
Citations 
PageRank 
References 
0
0.34
25
Authors
4
Name
Order
Citations
PageRank
Paul Muntean1114.32
Adnan Rabbi200.34
Andreas Ibing37215.39
Claudia Eckert47613.13