Detalhes bibliográficos
Ano de defesa: |
2018 |
Autor(a) principal: |
ANDRADE, Rodrigo Cardoso Amaral de |
Orientador(a): |
BORBA, Paulo Henrique Monteiro |
Banca de defesa: |
Não Informado pela instituição |
Tipo de documento: |
Tese
|
Tipo de acesso: |
Acesso aberto |
Idioma: |
eng |
Instituição de defesa: |
Universidade Federal de Pernambuco
|
Programa de Pós-Graduação: |
Programa de Pos Graduacao em Ciencia da Computacao
|
Departamento: |
Não Informado pela instituição
|
País: |
Brasil
|
Palavras-chave em Português: |
|
Link de acesso: |
https://repositorio.ufpe.br/handle/123456789/30616
|
Resumo: |
Developers must protect privacy and security of sensitive information handled by software systems. In collaborative software development, like GitHub’s pull-based environment, developers submit code contributions using pull requests containing commits. These code contributions might carelessly or maliciously violate sensitive information privacy and security. If we do not appropriately detect this problem in the repository, the harmful code could remain unnoticed for a long time. This way, developers must be concerned about how to protect sensitive information from specific code c ontributions. One potential solution is to execute manual code review. Albeit commonly necessary, it is expensive, time-consuming, and error-prone. There are also automatic analysis tools to find violations throughout the source code. Nonetheless, they could be designed to work only for a specific technical domain, like Android, or they could demand a significant effort to specify policies and c onstraints. To mitigate these issues, we propose a new policy language named Salvum to allow the specification of constraints that help to protect sensitive information from specific contributions. Salvum allows a non-security specialist to define c onstraints t o s afeguard t his i nformation, a nd c onsequently avoid critical violations. We implement a tool to automatically enforce these constraints in two different ways. The first one allows us to check whether merged code contributions introduced violations of specified c onstraints. The second one allows us to automatically enforce constraints before integrating code contributions into the repository. Salvum supports the specification of constraints to determine the information that can and cannot flow to or be altered by specific contributions for Java projects. To determine whether there are such information flows, we use an existing set of Information Flow Control analyses called JOANA in our tool implementation. We evaluate our proposal regarding its ability to find violations of sensitive information for real software projects. Thus, we write policies and constraints for each selected project and execute our tool. We also investigate whether developers fix violations b efore m erging code contributions on GitHub and whether unmerged code contributions are related to violations of sensitive information. We conclude that Salvum can indeed find such v iolations, m ainly for poorly-supported projects. Moreover, there is no evidence: (i) that developers solve these issues before merging their contributions and (ii) that the unmerged code contributions are related to violations of sensitive information. We also investigate whether Salvum helps to reduce the effort of reviewing contributions to find violations. Thus, we compare the effort with and without our tool based on metrics like the number of lines of code to be reviewed. We conclude that Salvum can significantly reduce the effort to find violations of specified con straints. Furthermore, we assess the Information Flow Control analysis we use in our tool regarding precision, recall, and accuracy to find i ssues. Our results indicate that this analysis has high r ecall, but low precision and accuracy. Thus, the analyses could miss a few issues, but it could present high rates of false-positives. At last, the result of our work can mitigate privacy and security problems in the context of collaborative software development. |