软件开发中的实时隐私漏洞检测技术：系统的文献综述

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-09-16 DOI:10.1016/j.cose.2025.104659

Nadisha Madhushanie , Sugandima Vidanagamachchi , Nalin Arachchilage

{"title":"软件开发中的实时隐私漏洞检测技术：系统的文献综述","authors":"Nadisha Madhushanie , Sugandima Vidanagamachchi , Nalin Arachchilage","doi":"10.1016/j.cose.2025.104659","DOIUrl":null,"url":null,"abstract":"<div><div>Real-time privacy vulnerability detection is one of the major concerns nowadays in developing secure software systems due to the growing complexity of software development and the increased attention to data privacy. This study conducts a Systematic Literature Review (SLR) to explore existing techniques, tools, and frameworks for detecting privacy vulnerabilities in real-time during the software development. We analyze relevant studies to identify key approaches, their effectiveness, and limitations by using the Kitchenham methodology and include it into the PRISMA framework. In addition, we categorize existing approaches into IDE integrated tools, network security solutions, mobile specific techniques, and general analysis tools. Summary tables further synthesize these techniques, tools, and their comparative attributes. Our findings reveal a variety of methods, including static and dynamic analysis, machine learning based detection, and integration of privacy-by-design. We also highlight challenges such as scalability, false positives, and the need for developer friendly tools. This review provides a comprehensive overview of the state-of-the-art in real-time privacy vulnerability detection approaches and offers insights into future research directions to enhance privacy protection in software development environments.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104659"},"PeriodicalIF":5.4000,"publicationDate":"2025-09-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Real-time privacy vulnerability detection techniques in software development: A Systematic Literature Review\",\"authors\":\"Nadisha Madhushanie , Sugandima Vidanagamachchi , Nalin Arachchilage\",\"doi\":\"10.1016/j.cose.2025.104659\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Real-time privacy vulnerability detection is one of the major concerns nowadays in developing secure software systems due to the growing complexity of software development and the increased attention to data privacy. This study conducts a Systematic Literature Review (SLR) to explore existing techniques, tools, and frameworks for detecting privacy vulnerabilities in real-time during the software development. We analyze relevant studies to identify key approaches, their effectiveness, and limitations by using the Kitchenham methodology and include it into the PRISMA framework. In addition, we categorize existing approaches into IDE integrated tools, network security solutions, mobile specific techniques, and general analysis tools. Summary tables further synthesize these techniques, tools, and their comparative attributes. Our findings reveal a variety of methods, including static and dynamic analysis, machine learning based detection, and integration of privacy-by-design. We also highlight challenges such as scalability, false positives, and the need for developer friendly tools. This review provides a comprehensive overview of the state-of-the-art in real-time privacy vulnerability detection approaches and offers insights into future research directions to enhance privacy protection in software development environments.</div></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":\"159 \",\"pages\":\"Article 104659\"},\"PeriodicalIF\":5.4000,\"publicationDate\":\"2025-09-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404825003487\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003487","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着软件开发的日益复杂和人们对数据隐私的日益关注，实时隐私漏洞检测成为当今开发安全软件系统的主要关注点之一。本研究进行了系统文献综述（SLR），以探索在软件开发过程中实时检测隐私漏洞的现有技术、工具和框架。我们分析了相关研究，通过使用Kitchenham方法确定关键方法，其有效性和局限性，并将其纳入PRISMA框架。此外，我们将现有的方法分为IDE集成工具、网络安全解决方案、移动特定技术和通用分析工具。汇总表进一步综合了这些技术、工具及其比较属性。我们的研究结果揭示了多种方法，包括静态和动态分析、基于机器学习的检测以及基于设计的隐私集成。我们还强调了诸如可伸缩性、误报以及对开发人员友好的工具的需求等挑战。本综述全面概述了最新的实时隐私漏洞检测方法，并为未来的研究方向提供了见解，以增强软件开发环境中的隐私保护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Real-time privacy vulnerability detection techniques in software development: A Systematic Literature Review

Real-time privacy vulnerability detection is one of the major concerns nowadays in developing secure software systems due to the growing complexity of software development and the increased attention to data privacy. This study conducts a Systematic Literature Review (SLR) to explore existing techniques, tools, and frameworks for detecting privacy vulnerabilities in real-time during the software development. We analyze relevant studies to identify key approaches, their effectiveness, and limitations by using the Kitchenham methodology and include it into the PRISMA framework. In addition, we categorize existing approaches into IDE integrated tools, network security solutions, mobile specific techniques, and general analysis tools. Summary tables further synthesize these techniques, tools, and their comparative attributes. Our findings reveal a variety of methods, including static and dynamic analysis, machine learning based detection, and integration of privacy-by-design. We also highlight challenges such as scalability, false positives, and the need for developer friendly tools. This review provides a comprehensive overview of the state-of-the-art in real-time privacy vulnerability detection approaches and offers insights into future research directions to enhance privacy protection in software development environments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.