Privacy and security constraints for code contributions. (5th August 2020)
- Record Type:
- Journal Article
- Title:
- Privacy and security constraints for code contributions. (5th August 2020)
- Main Title:
- Privacy and security constraints for code contributions
- Authors:
- Andrade, Rodrigo
Borba, Paulo - Abstract:
- Summary: In collaborative software development, developers submit their contributions to repositories that are used to integrate code from various collaborators. To avoid privacy and security issues, code contributions are often reviewed before integration. Although careful manual code review can detect such issues, it might be time‐consuming, expensive, and error‐prone. Automatic analysis tools can also detect privacy and security issues, but they often demand significant developer effort, or are domain specific, considering fixed framework specific vulnerability sources and sinks. To reduce these problems, in this paper we propose the Salvum policy language to support the specification of constraints that help to protect sensitive information from being inadvertently accessed by specific code contributions. We implement a tool that automatically checks Salvum policies for systems of different technical domains. We also investigate whether Salvum can find policy violations for a number of open‐source projects. We find evidence that Salvum helps to detect violations even for well‐supported and highly active projects. Moreover, our tool helps to find 80 violations in benchmark projects.
- Is Part Of:
- Software, practice & experience. Volume 50:Number 10(2020)
- Journal:
- Software, practice & experience
- Issue:
- Volume 50:Number 10(2020)
- Issue Display:
- Volume 50, Issue 10 (2020)
- Year:
- 2020
- Volume:
- 50
- Issue:
- 10
- Issue Sort Value:
- 2020-0050-0010-0000
- Page Start:
- 1905
- Page End:
- 1929
- Publication Date:
- 2020-08-05
- Subjects:
- collaborative software development -- information flow control -- policy language -- privacy -- security
Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.2872 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 13973.xml