Rodrigo Andrade scite author profile

Eu dedico esta tese à minha esposa, à minha mãe, ao meu pai e ao meu irmão. First, I would like to thank Paulo for his dedication and patience during the last years. Not only for his Ph.D. supervision, but also for many valuable pieces of advice for my professional life. I take him as a model to be followed. I also want to thank my family support across these tough years. Especially my wife who wants more than me that this Ph.D. is over.

show abstract

Privacy and security constraints for code contributions

Andrade

Borba

2020

Softw Pract Exp

View full text Add to dashboard Cite

Summary In collaborative software development, developers submit their contributions to repositories that are used to integrate code from various collaborators. To avoid privacy and security issues, code contributions are often reviewed before integration. Although careful manual code review can detect such issues, it might be time‐consuming, expensive, and error‐prone. Automatic analysis tools can also detect privacy and security issues, but they often demand significant developer effort, or are domain specific, considering fixed framework specific vulnerability sources and sinks. To reduce these problems, in this paper we propose the Salvum policy language to support the specification of constraints that help to protect sensitive information from being inadvertently accessed by specific code contributions. We implement a tool that automatically checks Salvum policies for systems of different technical domains. We also investigate whether Salvum can find policy violations for a number of open‐source projects. We find evidence that Salvum helps to detect violations even for well‐supported and highly active projects. Moreover, our tool helps to find 80 violations in benchmark projects.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Rodrigo Andrade

AspectJ-Based Idioms for Flexible Feature Binding

Assessing Idioms for a Flexible Feature Binding Time

Assessing Idioms for Implementing Features with Flexible Binding Times

Privacy and security constraints for code contributions

Privacy and security constraints for code contributions

Contact Info

Product

Resources

About