Please use this identifier to cite or link to this item: https://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4230
Title: Secure CodeCity A Framework For Security Vulnerability Visualization
Authors: Abeysinghe, A.A.T.G.
Shalika, M.A.S.
Ahamed, M.S.N.
Mufarrij, S.M.
Issue Date: 26-Jul-2021
Abstract: The conventional practice in the software industry towards the resolution of security issues, is to discover those issues during the testing phase of the Software Development Life Cycle and to implement software patches in order to conceal those issues.Such resolutions have resulted in an upsurge of effort and resources,while being unable to eliminate the root symptoms of the security issues. By obliterating the pitfalls of the above approach,an approach which provides a significant focus on integrating Security with each phase of the software development process has been emerged.This approach is named as Secure Software Development Approach, and is known to be leading to the development of more secure and reliable systems.On the other hand,the fundamental idea behind software visualization is to create visual interfaces in order to help developers in understanding different aspects of a source code.Software Visualization has currently become a major topic in the world of research where a large scale effort to find effective software visualization mechanisms, is undertaken by scientific community.Although Secure Software Development and Software Visualization are sturdy approaches inimitably, Secure Software Development does not incorporate intensive software visualization mechanisms such as metaphors in order to manifest the critical information of security issues in software.The purpose of this research is to bridge the aforementioned gap by introducing software visualization to software security. The research was commenced by analyzing the existing visualization models, for the visualization of security issues in a source code. It was discovered that the ‘CodeCity’ model can be well aligned with the purpose of security vulnerability visualization. Therefore ‘CodeCity’ was selected as the software visualization approach in visualizing security vulnerability information of a particular source code.The research was conducted based on OWASP security vulnerability categorization and related countermeasures. To embrace the aforementioned purpose, a novel framework named ‘Secure CodeCity’ was proposed. The resulting “Secure CodeCity” visualization focuses on providing a structural overview of the software system, while unveiling security vulnerability information in each levels of the software projects in an attractive and effective manner. This solution proposes several functionalities which will assist programmers in resolving software security issues while following the Secure Software Development approach.
URI: http://dl.ucsc.cmb.ac.lk/jspui/handle/123456789/4230
Appears in Collections:2018

Files in This Item:
File Description SizeFormat 
2014CS004 092 135 001.pdf2.26 MBAdobe PDFView/Open


Items in UCSC Digital Library are protected by copyright, with all rights reserved, unless otherwise indicated.