ACUA: API变更和使用审计员

2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI:10.1109/SCAM.2014.33

Wei Wu, Bram Adams, Yann-Gaël Guéhéneuc, G. Antoniol

{"title":"ACUA: API变更和使用审计员","authors":"Wei Wu, Bram Adams, Yann-Gaël Guéhéneuc, G. Antoniol","doi":"10.1109/SCAM.2014.33","DOIUrl":null,"url":null,"abstract":"Modern software uses frameworks through their Application Programming Interfaces (APIs). Framework APIs may change while frameworks evolve. Client programs have to upgrade to new releases of frameworks if security vulnerabilities are discovered in the used releases. Patching security vulnerabilities can be delayed by non-security-related API changes when the frameworks used by client programs are not up to date. Keeping frameworks updated can reduce the reaction time to patch security leaks. Client program upgrades are not cost free, developers need to understand the API usages in client programs and API changes between framework releases before conduct upgrading tasks. In this paper, we propose a tool ACUA to generate reports containing detailed API change and usage information by analyzing the binary code of both frameworks and clients programs written in Java. Developers can use the API change and usage reports generated by ACUA to estimate the work load and decide when to starting upgrading client programs based on the estimation.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"ACUA: API Change and Usage Auditor\",\"authors\":\"Wei Wu, Bram Adams, Yann-Gaël Guéhéneuc, G. Antoniol\",\"doi\":\"10.1109/SCAM.2014.33\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern software uses frameworks through their Application Programming Interfaces (APIs). Framework APIs may change while frameworks evolve. Client programs have to upgrade to new releases of frameworks if security vulnerabilities are discovered in the used releases. Patching security vulnerabilities can be delayed by non-security-related API changes when the frameworks used by client programs are not up to date. Keeping frameworks updated can reduce the reaction time to patch security leaks. Client program upgrades are not cost free, developers need to understand the API usages in client programs and API changes between framework releases before conduct upgrading tasks. In this paper, we propose a tool ACUA to generate reports containing detailed API change and usage information by analyzing the binary code of both frameworks and clients programs written in Java. Developers can use the API change and usage reports generated by ACUA to estimate the work load and decide when to starting upgrading client programs based on the estimation.\",\"PeriodicalId\":407060,\"journal\":{\"name\":\"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SCAM.2014.33\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCAM.2014.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

现代软件通过应用程序编程接口(api)使用框架。框架api可能会随着框架的发展而改变。如果在使用的版本中发现安全漏洞，客户端程序必须升级到框架的新版本。当客户端程序使用的框架不是最新的时，与安全无关的API更改可能会延迟修补安全漏洞。保持框架更新可以减少修补安全漏洞的反应时间。客户端程序升级不是免费的，在进行升级任务之前，开发人员需要了解客户端程序中的API用法以及框架版本之间API的变化。在本文中，我们提出了一个工具ACUA，通过分析用Java编写的框架和客户端程序的二进制代码来生成包含详细的API变化和使用信息的报告。开发人员可以使用ACUA生成的API变更和使用报告来评估工作负载，并根据评估决定何时开始升级客户端程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

ACUA: API Change and Usage Auditor

Modern software uses frameworks through their Application Programming Interfaces (APIs). Framework APIs may change while frameworks evolve. Client programs have to upgrade to new releases of frameworks if security vulnerabilities are discovered in the used releases. Patching security vulnerabilities can be delayed by non-security-related API changes when the frameworks used by client programs are not up to date. Keeping frameworks updated can reduce the reaction time to patch security leaks. Client program upgrades are not cost free, developers need to understand the API usages in client programs and API changes between framework releases before conduct upgrading tasks. In this paper, we propose a tool ACUA to generate reports containing detailed API change and usage information by analyzing the binary code of both frameworks and clients programs written in Java. Developers can use the API change and usage reports generated by ACUA to estimate the work load and decide when to starting upgrading client programs based on the estimation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation

自引率

0.00%

发文量