Small and medium enterprises (SMEs) that build individualized software require lightweight solutions to trace cybersecurity concerns across the codebase. This includes tracking where potentially vulnerable assets are handled in the codebase. The solution that provides this tracking should be fully integrated into the developers’ workflow and should be usable by developers who are not cybersecurity experts. To address this need, we propose Security Annotations, which can be added to any codebase regardless of programming language and allows linking blocks of code, functions, or single statements with assets. In order to use the main functionality of the Security Annotations an asset catalog of sufficient quality is needed. These assets can either be identified upfront or while annotating.
We conducted a preliminary evaluation in which four pairs of developers created an asset catalog for a legacy software system and then annotated the code using Security Annotations. All groups successfully identified assets in a code base largely unknown to them. We also found that the annotation patterns differed between pairs but that there were significant overlaps. The workload of identifying assets and performing annotations was demanding, but feasible.
Thu 18 AprDisplayed time zone: Lisbon change
10:30 - 11:00 | |||
10:30 30mPoster | Unleashing the Power of Clippy in Real-World Rust Projects Posters Chunmiao Li National Institute of Informatics, Yijun Yu The Open University, UK, Haitao Wu Huawei Technologies Canada, Luca Carlig Huawei Ireland Research Center, Shijie Nie Fujitsu R&D Center, Lingxiao Jiang Singapore Management University | ||
10:30 30mPoster | The Impact of a Live Refactoring Environment on Software Development Posters Sara Fernandes FEUP, Universidade do Porto, Ademar Aguiar Faculty of Engineering, University of Porto & INESC TEC, André Restivo LIACC, Universidade do Porto, Porto, Portugal | ||
10:30 30mPoster | Tracking assets in source code with Security Annotations Posters Daniel Haak Augsburg Technical University of Applied Sciences, Raphael Mayr Augsburg Technical University of Applied Sciences, Jan-Philipp Steghöfer XITASO GmbH IT & Software Solutions, Alexandra Teynor Augsburg Technical University of Applied Sciences, Phillip Heidegger Augsburg Technical University of Applied Sciences | ||
10:30 30mPoster | eAIEDF: Extended AI Error Diagnosis Flowchart for Automatically Identifying Misprediction Causes in Production Models Posters | ||
10:30 30mPoster | SLIM: a Scalable and Interpretable Light-weight Fault Localization Algorithm for Imbalanced Data in Microservice Posters Rui Ren DAMO Academy, Alibaba Group Hangzhou, China, Jingbang Yang DAMO Academy, Alibaba Group Hangzhou, China, Linxiao Yang DAMO Academy, Alibaba Group Hangzhou, China, Xinyue Gu DAMO Academy, Alibaba Group Hangzhou, China, Liang Sun DAMO Academy, Alibaba Group Hangzhou, China | ||
10:30 30mPoster | Designing Digital Twins for Enhanced Reusability Posters | ||
10:30 30mPoster | MUFIN: Improving Neural Repair Models with Back-Translation Posters André Silva KTH Royal Institute of Technology, João F. Ferreira INESC-ID and IST, University of Lisbon, He Ye Carnegie Mellon University, Martin Monperrus KTH Royal Institute of Technology | ||
10:30 30mPoster | Blocks? Graphs? Why Not Both? Designing and Evaluating a Hybrid Programming Environment for End-users Posters Nico Ritschel University of British Columbia, Felipe Fronchetti Virginia Commonwealth University, Reid Holmes University of British Columbia, Ronald Garcia University of British Columbia, David C. Shepherd Louisiana State University | ||
10:30 30mPoster | Fault Localization on Verification Witnesses Posters | ||
10:30 30mPoster | Analyzing the Impact of Context Representation and Scope in Code Infilling Posters | ||
10:30 30mPoster | Hunting DeFi Vulnerabilities via Context-Sensitive Concolic Verification Posters Yepeng Ding University of Tokyo, Arthur Gervais Imperial College London, Roger Wattenhofer ETHZ, Hiroyuki Sato The University of Tokyo DOI Pre-print Media Attached | ||
10:30 30mPoster | Exploring the Computational Complexity of SAT Counting and Uniform Sampling with Phase Transitions Posters Olivier Zeyen University of Luxembourg, SnT, Maxime Cordy University of Luxembourg, Luxembourg, Gilles Perrouin Fonds de la Recherche Scientifique - FNRS & University of Namur, Mathieu Acher University of Rennes, France / Inria, France / CNRS, France / IRISA, France | ||
10:30 30mPoster | GRAIL: Checking Transaction Isolation Violations with Graph Queries Posters Stefania Dumbrava ENSIIE & Institut Polytechnique de Paris, Zhao Jin ENSIIE, Burcu Kulahcioglu Ozkan Delft University of Technology, Jingxuan Qiu Delft University of Technology | ||