Title | Secure Codecity with Evolution: Visualizing Security Vulnerability Evolution of Software Systems |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Sinhabahu, Nadun, Wimalaratne, Prasad, Wijesiriwardana, Chaman |
Conference Name | 2020 20th International Conference on Advances in ICT for Emerging Regions (ICTer) |
Keywords | 3D graphics, 3D software visualization, Buildings, compositionality, Human Behavior, human-computer interaction, Metrics, pubcrawl, Re-engineering, Resiliency, security, Task Analysis, Three-dimensional displays, Urban areas, usability, visualization, vulnerability analysis, vulnerability detection, Vulnerability Evolution |
Abstract | The analysis of large-scale software and finding security vulnerabilities while its evolving is difficult without using supplementary tools, because of the size and complexity of today's systems. However just by looking at a report, doesn't transmit the overall picture of the system in terms of security vulnerabilities and its evolution throughout the project lifecycle. Software visualization is a program comprehension technique used in the context of the present and explores large amounts of information precisely. For the analysis of security vulnerabilities of complex software systems, Secure Codecity with Evolution is an interactive 3D visualization tool that can be utilized. Its studies techniques and methods are used for graphically illustrating security aspects and the evolution of software. The Main goal of the proposed Framework defined as uplift, simplify, and clarify the mental representation that a software engineer has of a software system and its evolution in terms of its security. Static code was visualised based on a city metaphor, which represents classes as buildings and packages as districts of a city. Identified Vulnerabilities were represented in a different color according to the severity. To visualize a number of different aspects, A large variety of options were given. Users can evaluate the evolution of the security vulnerabilities of a system on several versions using Matrices provided which will help users go get an overall understanding about security vulnerabilities varies with different versions of software. This framework was implemented using SonarQube for software vulnerability detection and ThreeJs for implementing the City Metaphor. The evaluation results evidently show that our framework surpasses the existing tools in terms of accuracy, efficiency and usability. |
DOI | 10.1109/ICTer51097.2020.9325429 |
Citation Key | sinhabahu_secure_2020 |