FB3 TZI | ||||||
> | ">Deutsch
|
|||||
ASKS |
||||||
The project ASKS (Architecture-Centric Security
Analysis of Business Applications) aims to analyze business-critical software
(e.g., JEE and .NET applications) with respect to security. The software is
analyzed based upon the software architecture which allows one to focus the
analyses to the security-critical data and modules. Typical security problems
which shall be identified with this architecture-centric approach are 1. Erroneous role-models of
JEE applications, 2. Missing enforcement of
access control restrictions and circumvention of security-protected APIs, 3. Security holes induced
by erroneous trust relationships between software components, 4. Missing cryptographic
protection of data and communications channels within applications, 5. Violations of
compartment boundaries. The security analyses are implemented with the help of
the Bauhaus tool, a reverse engineering tool-suite. Specifically, we envision to employ the reflexion analysis
to detect security violations such as the circumvention of APIs in the source
code. Period: 01/07/2010 -30/06/2012 Partners: Axivion GmbH, bos KG, BEO GmbH |
||||||
Author: |
||||||
|