elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper

Sonnekalb, Tim and Heinze, Thomas S. and Kurnatowski, Lynn and Schreiber, Andreas and Gonzalez-Barahona, Jesus M. and Packer, Heather (2020) Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper. In: 3rd ACM SIGSOFT International Workshop on Security Awareness from Design to Deployment, SEAD 2020, pp. 15-18. ACM. 3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment, 9. Nov. 2020, Virtual. doi: 10.1145/3416507.3423190. ISBN 978-1-4503-8126-0.

[img] PDF
755kB

Official URL: https://doi.org/10.1145/3416507.3423190

Abstract

Software repositories contain information about source code, software development processes, and team interactions. We combine provenance of the development process with code security analysis to automatically discover insights. This provides fast feedback on the software's design and security issues, which we evaluate on projects that are developed under time pressure, such as Germany's COVID-19 contact tracing app 'Corona-Warn-App'.

Item URL in elib:https://elib.dlr.de/137400/
Document Type:Conference or Workshop Item (Speech)
Title:Towards Automated, Provenance-Driven Security Audit for git-Based Repositories: Applied to Germany's Corona-Warn-App: Vision Paper
Authors:
AuthorsInstitution or Email of AuthorsAuthor's ORCID iD
Sonnekalb, TimTim.Sonnekalb (at) dlr.dehttps://orcid.org/0000-0002-0067-1790
Heinze, Thomas S.thomas.heinze (at) dlr.deUNSPECIFIED
Kurnatowski, LynnLynn.Kurnatowski (at) dlr.dehttps://orcid.org/0000-0001-5144-702X
Schreiber, AndreasAndreas.Schreiber (at) dlr.dehttps://orcid.org/0000-0001-5750-5649
Gonzalez-Barahona, Jesus M.jgb (at) gsyc.urjc.esUNSPECIFIED
Packer, Heatherhp3 (at) ecs.soton.ac.ukUNSPECIFIED
Date:2020
Journal or Publication Title:3rd ACM SIGSOFT International Workshop on Security Awareness from Design to Deployment, SEAD 2020
Refereed publication:Yes
Open Access:Yes
Gold Open Access:No
In SCOPUS:No
In ISI Web of Science:No
DOI :10.1145/3416507.3423190
Page Range:pp. 15-18
Publisher:ACM
ISBN:978-1-4503-8126-0
Status:Published
Keywords:program analysis, provenance, software security, repository mining, open source software, covid-19
Event Title:3rd ACM SIGSOFT International Workshop on Software Security from Design to Deployment
Event Location:Virtual
Event Type:Workshop
Event Dates:9. Nov. 2020
Organizer:ACM
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:other
DLR - Research area:Raumfahrt
DLR - Program:R - no assignment
DLR - Research theme (Project):R - no assignment
Location: Jena
Institutes and Institutions:Institute of Data Science > Secure Digital Systems
Institute for Software Technology > Intelligent and Distributed Systems
Institute of Data Science
Institute for Software Technology
Deposited By: Heinze, Thomas
Deposited On:13 Nov 2020 14:07
Last Modified:13 Nov 2020 14:07

Repository Staff Only: item control page

Browse
Search
Help & Contact
Information
electronic library is running on EPrints 3.3.12
Copyright © 2008-2017 German Aerospace Center (DLR). All rights reserved.