JMODEX:用于验证web应用程序安全属性的模型提取

2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE) Pub Date : 2014-02-27 DOI:10.1109/CSMR-WCRE.2014.6747216

Petru Florin Mihancea, M. Minea

{"title":"JMODEX:用于验证web应用程序安全属性的模型提取","authors":"Petru Florin Mihancea, M. Minea","doi":"10.1109/CSMR-WCRE.2014.6747216","DOIUrl":null,"url":null,"abstract":"Detecting security vulnerabilities in web applications is an important task before taking them on-line. We present JMODEX, a tool that analyzes the code of web applications to extract behavioral models. The security properties of these models can then be verified with a model checker. An initial evaluation, in which a confirmed security flaw is identified using a model extracted by JMODEX, shows the tool potential.","PeriodicalId":166271,"journal":{"name":"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"JMODEX: Model extraction for verifying security properties of web applications\",\"authors\":\"Petru Florin Mihancea, M. Minea\",\"doi\":\"10.1109/CSMR-WCRE.2014.6747216\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Detecting security vulnerabilities in web applications is an important task before taking them on-line. We present JMODEX, a tool that analyzes the code of web applications to extract behavioral models. The security properties of these models can then be verified with a model checker. An initial evaluation, in which a confirmed security flaw is identified using a model extracted by JMODEX, shows the tool potential.\",\"PeriodicalId\":166271,\"journal\":{\"name\":\"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-02-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSMR-WCRE.2014.6747216\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSMR-WCRE.2014.6747216","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

在web应用程序上线之前，检测其安全漏洞是一项重要的任务。我们提出了JMODEX，一个分析web应用程序代码以提取行为模型的工具。然后可以使用模型检查器验证这些模型的安全属性。在最初的评估中，使用JMODEX提取的模型识别出确认的安全漏洞，显示了该工具的潜力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

JMODEX: Model extraction for verifying security properties of web applications

Detecting security vulnerabilities in web applications is an important task before taking them on-line. We present JMODEX, a tool that analyzes the code of web applications to extract behavioral models. The security properties of these models can then be verified with a model checker. An initial evaluation, in which a confirmed security flaw is identified using a model extracted by JMODEX, shows the tool potential.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE)

自引率

0.00%

发文量