Hermann, Ben ; Reif, Michael ; Eichberg, Michael ; Mezini, Mira (2015)
Getting to Know You: Towards a Capability Model for Java.
Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. New York, NY, USA
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Developing software from reusable libraries lets developers face a security dilemma: Either be efficient and reuse libraries as they are or inspect them, know about their resource usage, but possibly miss deadlines as reviews are a time consuming process. In this paper, we propose a novel capability inference mechanism for libraries written in Java. It uses a coarse-grained capability model for system resources that can be presented to developers. We found that the capability inference agrees by 86.81% on expectations towards capabilities that can be derived from project documentation. Moreover, our approach can find capabilities that cannot be discovered using project documentation. It is thus a helpful tool for developers mitigating the aforementioned dilemma.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2015 |
| Autor(en): | Hermann, Ben ; Reif, Michael ; Eichberg, Michael ; Mezini, Mira |
| Art des Eintrags: | Bibliographie |
| Titel: | Getting to Know You: Towards a Capability Model for Java |
| Sprache: | Englisch |
| Publikationsjahr: | 2015 |
| Ort: | New York, NY, USA |
| Verlag: | ACM |
| Reihe: | ESEC/FSE 2015 |
| Veranstaltungstitel: | Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering |
| Veranstaltungsort: | New York, NY, USA |
| URL / URN: | http://doi.acm.org/10.1145/2786805.2786829 |
| Kurzbeschreibung (Abstract): | Developing software from reusable libraries lets developers face a security dilemma: Either be efficient and reuse libraries as they are or inspect them, know about their resource usage, but possibly miss deadlines as reviews are a time consuming process. In this paper, we propose a novel capability inference mechanism for libraries written in Java. It uses a coarse-grained capability model for system resources that can be presented to developers. We found that the capability inference agrees by 86.81% on expectations towards capabilities that can be derived from project documentation. Moreover, our approach can find capabilities that cannot be discovered using project documentation. It is thus a helpful tool for developers mitigating the aforementioned dilemma. |
| Freie Schlagworte: | analysis, capability, library, reuse, security |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Softwaretechnik Zentrale Einrichtungen 20 Fachbereich Informatik > EC SPRIDE |
| Hinterlegungsdatum: | 10 Sep 2015 14:10 |
| Letzte Änderung: | 12 Jan 2019 21:18 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum