Mining Security-sensitive Operations in Legacy Code
using Concept Analysis

Vinod Ganapathy, David King, Trent Jaeger and Somesh Jha


This web page contains detailed results for each of the case studies presented in our ICSE'07 paper. Each red node in the concept lattices linked below corresponds to a node marked by Algorithm 2 in the paper, and is hyperlinked to a file that contains the candidate fingerprints associated with that node. Only the nodes marked red in each concept lattice need to be examined by an analyst. Concept analysis guarantees that these nodes will contain fingerprints of all security-sensitive operations.

Click on the links below for the concept lattice of each benchmark. Concept lattices are presented as SVG (Scalable Vector Graphics) format files. You will need an SVG reader to visualize the concept lattices. The Firefox browser has an integrated SVG reader. Adobe also has an SVG reader available for download. Concept lattice are also provided in PDF format, but only the SVG format shows the candidate fingerprints as well.

For technical details of the algorithm, please refer to the ICSE'07 paper:

Mining Security-sensitive Operations in Legacy Code using Concept Analysis
Vinod Ganapathy, David King, Trent Jaeger, and Somesh Jha.
29th International Conference on Software Engineering, Minneapolis, Minnesota, May 2007.
Thanks to Ruud Steltenpool for help with rendering SVG files.
Last modified on December 29th, 2006, by Vinod Ganapathy.