Visual analysis of code security

John R. Goodall, Hassan Radwan, Lenny Halseth

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

34 Scopus citations

Abstract

To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.

Original languageEnglish
Title of host publicationVizSec 2010 - Proceedings of the 7th International Symposium on Visualization for Cyber Security
PublisherAssociation for Computing Machinery
Pages46-51
Number of pages6
ISBN (Print)9781450300131
DOIs
StatePublished - 2010
Externally publishedYes
Event7th International Symposium on Visualization for Cyber Security, VizSec 2010 - Ottawa, ON, Canada
Duration: Sep 14 2010Sep 14 2010

Publication series

NameACM International Conference Proceeding Series

Conference

Conference7th International Symposium on Visualization for Cyber Security, VizSec 2010
Country/TerritoryCanada
CityOttawa, ON
Period09/14/1009/14/10

Keywords

  • data fusion
  • security visualization
  • software analysis
  • software assurance
  • software visualization

Fingerprint

Dive into the research topics of 'Visual analysis of code security'. Together they form a unique fingerprint.

Cite this