elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

Provenance-Based Security Audits and Its Application to COVID-19 Contact Tracing Apps

Schreiber, Andreas and Sonnekalb, Tim and Heinze, Thomas and Kurnatowski, Lynn and Gonzalez-Barahona, Jesus M. and Packer, Heather (2021) Provenance-Based Security Audits and Its Application to COVID-19 Contact Tracing Apps. Lecture Notes in Computer Science, 12839, pp. 88-105. Springer. doi: 10.1007/978-3-030-80960-7_6. ISSN 0302-9743.

[img] PDF - Only accessible within DLR - Preprint version (submitted draft)
4MB

Official URL: https://link.springer.com/chapter/10.1007/978-3-030-80960-7_6

Abstract

Software repositories contain information about source code, software development processes, and team interactions. We combine the provenance of development processes with code security analysis results to provide fast feedback on the software’s design and security issues. Results from queries of the provenance graph drives the security analysis, which are conducted on certain events—such as commits or pull requests by external contributors. We evaluate our method on Open Source projects that are developed under time pressure and use Germany’s COVID-19 contact tracing app ‘Corona-Warn-App’ as a case study.

Item URL in elib:https://elib.dlr.de/143225/
Document Type:Article
Title:Provenance-Based Security Audits and Its Application to COVID-19 Contact Tracing Apps
Authors:
AuthorsInstitution or Email of AuthorsAuthor's ORCID iD
Schreiber, AndreasAndreas.Schreiber (at) dlr.dehttps://orcid.org/0000-0001-5750-5649
Sonnekalb, TimTim.Sonnekalb (at) dlr.dehttps://orcid.org/0000-0002-0067-1790
Heinze, Thomasthomas.heinze (at) dlr.dehttps://orcid.org/0000-0001-8816-7013
Kurnatowski, LynnLynn.Kurnatowski (at) dlr.dehttps://orcid.org/0000-0001-5144-702X
Gonzalez-Barahona, Jesus M.jgb (at) gsyc.urjc.eshttps://orcid.org/0000-0001-9682-460X
Packer, Heatherhp3 (at) ecs.soton.ac.ukUNSPECIFIED
Date:9 July 2021
Journal or Publication Title:Lecture Notes in Computer Science
Refereed publication:Yes
Open Access:No
Gold Open Access:No
In SCOPUS:Yes
In ISI Web of Science:No
Volume:12839
DOI :10.1007/978-3-030-80960-7_6
Page Range:pp. 88-105
Editors:
EditorsEmailEditor's ORCID iD
Glavic, BorisUNSPECIFIEDUNSPECIFIED
Braganholo, VanessaUNSPECIFIEDUNSPECIFIED
Koop, DavidUNSPECIFIEDUNSPECIFIED
Publisher:Springer
Series Name:Provenance and Annotation of Data and Processes
ISSN:0302-9743
Status:Published
Keywords:Program analysis, Provenance, Software security, Repository mining, Open source software, COVID-19
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:Space System Technology
DLR - Research area:Raumfahrt
DLR - Program:R SY - Space System Technology
DLR - Research theme (Project):R - Secure Software Technology, R - Analytics and visualization of large space software systems
Location: Jena , Köln-Porz , Oberpfaffenhofen
Institutes and Institutions:Institute for Software Technology
Institute for Software Technology > Intelligent and Distributed Systems
Institute of Data Science
Institute of Data Science > Secure Digital Systems
Deposited By: Schreiber, Andreas
Deposited On:19 Jul 2021 12:24
Last Modified:19 Jul 2021 12:24

Repository Staff Only: item control page

Browse
Search
Help & Contact
Information
electronic library is running on EPrints 3.3.12
Copyright © 2008-2017 German Aerospace Center (DLR). All rights reserved.