On the Effects of Program Slicing for Vulnerability Detection during Code Inspection: Extended Abstract

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

[Background]: Slicing has been first introduced to support debugging as a fault localization technique. Yet, program slicing as support for identifying vulnerabilities during code inspection has received limited attention. [Aims]: Evaluate the effectiveness of slicing as a general concept to support code inspectors while detecting vulnerabilities into source code. [Method]: We designed a controlled experiment which goal is identifying the vulnerable lines in original or sliced Java files from Apache Tomcat. The designed treatments differ in the pair (Vulnerability, Original/Sliced file) with a balanced design with four vulnerabilities from the OWASP Top 10. The participants are MSc students attending security courses (n = 236). [Observations]: By using a notion of neighborhood based on the context size of the command git diff we observed that slicing helps in 'finding something' as opposed to 'finding nothing'. However, once some correct lines have been found, analyzing a slice and analyzing the original file are statistically equivalent.

Original languageEnglish
Title of host publicationICSE-Companion 2024
Subtitle of host publicationProceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings
PublisherIEEE Computer Society
Pages368-369
Number of pages2
ISBN (Electronic)9798400705021
DOIs
Publication statusPublished - 2024
Event46th International Conference on Software Engineering: Companion, ICSE-Companion 2024 - Lisbon, Portugal
Duration: 14 Apr 202420 Apr 2024

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Conference46th International Conference on Software Engineering: Companion, ICSE-Companion 2024
Country/TerritoryPortugal
CityLisbon
Period14/04/2420/04/24

Bibliographical note

Publisher Copyright:
© 2024 IEEE Computer Society. All rights reserved.

Keywords

  • code inspection
  • controlled experiment
  • program comprehension
  • slicing
  • Vulnerabilities

Fingerprint

Dive into the research topics of 'On the Effects of Program Slicing for Vulnerability Detection during Code Inspection: Extended Abstract'. Together they form a unique fingerprint.

Cite this