Skip to main content
Erschienen in: Software and Systems Modeling 4/2018

12.09.2016 | Regular Paper

An approach to clone detection in sequence diagrams and its application to security analysis

verfasst von: Manar H. Alalfi, Elizabeth P. Antony, James R. Cordy

Erschienen in: Software and Systems Modeling | Ausgabe 4/2018

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Duplication in software systems is an important issue in software quality assurance. While many methods for software clone detection in source code and structural models have been described in the literature, little has been done on similarity in the dynamic behaviour of interactive systems. In this paper, we present an approach to identifying near-miss interaction clones in reverse-engineered UML sequence diagrams. Our goal is to identify patterns of interaction (“conversations”) that can be used to characterize and abstract the run-time behaviour of web applications and other interactive systems. In order to leverage existing robust near-miss code clone technology, our approach is text-based, working on the level of XMI, the standard interchange serialization for UML. Clone detection in UML behavioural models, such as sequence diagrams, presents a number of challenges—first, it is not clear how to break a continuous stream of interaction between lifelines (representing the objects or actors in the system) into meaningful conversational units. Second, unlike programming languages, the XMI text representation for UML is highly non-local, using attributes to reference-related elements in the model file remotely. In this work, we use a set of contextualizing source transformations on the XMI text representation to localize related elements, exposing the hidden hierarchical structure of the model and allowing us to granularize behavioural interactions into conversational units. Then we adapt NICAD, a robust near-miss code clone detection tool, to help us identify conversational clones in reverse-engineered behavioural models. These conversational clones are then analysed to find worrisome interactions that may indicate security access violations.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Al-Batran, B., Schätz, B., Hummel, B.: Semantic clone detection for model-based development of embedded systems. Model Driven Eng. Lang. Syst. 6981, 258–272 (2011)CrossRef Al-Batran, B., Schätz, B., Hummel, B.: Semantic clone detection for model-based development of embedded systems. Model Driven Eng. Lang. Syst. 6981, 258–272 (2011)CrossRef
2.
Zurück zum Zitat Alalfi, M.H., Cordy, J.R., Dean, T.R.: Automated reverse engineering of UML sequence diagrams for dynamic web applications. In: 1st International Workshop on Web Testing, WebTest 2009, pp. 287–294 (2009) Alalfi, M.H., Cordy, J.R., Dean, T.R.: Automated reverse engineering of UML sequence diagrams for dynamic web applications. In: 1st International Workshop on Web Testing, WebTest 2009, pp. 287–294 (2009)
3.
Zurück zum Zitat Alalfi, M.H., Cordy, J.R., Dean, T.R.: WAFA: fine-grained dynamic analysis of web applications. In: 11th International Symposium on Web Systems Evolution, WSE 2009, pp. 41–50 (2009) Alalfi, M.H., Cordy, J.R., Dean, T.R.: WAFA: fine-grained dynamic analysis of web applications. In: 11th International Symposium on Web Systems Evolution, WSE 2009, pp. 41–50 (2009)
4.
Zurück zum Zitat Alalfi, M.H., Cordy, J.R., Dean, T.R.: Automated verification of role-based access control security models recovered from dynamic web applications. In: 14th International Symposium on Web Systems Evolution, WSE 2012, pp. 1–10 (2012) Alalfi, M.H., Cordy, J.R., Dean, T.R.: Automated verification of role-based access control security models recovered from dynamic web applications. In: 14th International Symposium on Web Systems Evolution, WSE 2012, pp. 1–10 (2012)
5.
Zurück zum Zitat Alalfi, M.H., Cordy, J.R., Dean, T.R.: Recovering role-based access control security models from dynamic web applications. In: 12th International Conference on Web Engineering, ICWE 2012, pp. 121–136 (2012) Alalfi, M.H., Cordy, J.R., Dean, T.R.: Recovering role-based access control security models from dynamic web applications. In: 12th International Conference on Web Engineering, ICWE 2012, pp. 121–136 (2012)
6.
Zurück zum Zitat Alalfi, M.H., Cordy, J.R., Dean, T.R., Stephan, M., Stevenson, A.: Models are code too: near-miss clone detection for Simulink models. In: 28th IEEE International Conference on Software Maintenance, ICSM 2012, pp. 295–304 (2012) Alalfi, M.H., Cordy, J.R., Dean, T.R., Stephan, M., Stevenson, A.: Models are code too: near-miss clone detection for Simulink models. In: 28th IEEE International Conference on Software Maintenance, ICSM 2012, pp. 295–304 (2012)
7.
Zurück zum Zitat Antony, E.P., Alalfi, M.H., Cordy, J.R.: An approach to clone detection in behavioural models. In: 20th Working Conference on Reverse Engineering, WCRE 2013, Koblenz, Germany, October 14–17, 2013, pp. 472–476 (2013) Antony, E.P., Alalfi, M.H., Cordy, J.R.: An approach to clone detection in behavioural models. In: 20th Working Conference on Reverse Engineering, WCRE 2013, Koblenz, Germany, October 14–17, 2013, pp. 472–476 (2013)
8.
Zurück zum Zitat Brun, C., Pierantonio, A.: Model differences in the Eclipse modelling framework. The European Journal for the Informatics Professional, pp. 29–34 (2008) Brun, C., Pierantonio, A.: Model differences in the Eclipse modelling framework. The European Journal for the Informatics Professional, pp. 29–34 (2008)
10.
Zurück zum Zitat Cordy, J.R., Roy, C.K.: The NICAD clone detector. In: 19th IEEE International Conference on Program Comprehension, ICPC 2011, pp 219–220 (2011) Cordy, J.R., Roy, C.K.: The NICAD clone detector. In: 19th IEEE International Conference on Program Comprehension, ICPC 2011, pp 219–220 (2011)
11.
Zurück zum Zitat Dean, T.R., Cordy, J.R., Malton, A.J., Schneider, K.A.: Agile parsing in TXL. Autom. Softw. Eng. 10(4), 311–336 (2003)CrossRef Dean, T.R., Cordy, J.R., Malton, A.J., Schneider, K.A.: Agile parsing in TXL. Autom. Softw. Eng. 10(4), 311–336 (2003)CrossRef
12.
Zurück zum Zitat Farhadi, M.R., Fung, B.C.M., Charland, P., Debbabi, M.: BinClone: detecting code clones in malware. In: 8th International Conference on Software Security and Reliability, SERE 2014, pp. 78–87 (2014) Farhadi, M.R., Fung, B.C.M., Charland, P., Debbabi, M.: BinClone: detecting code clones in malware. In: 8th International Conference on Software Security and Reliability, SERE 2014, pp. 78–87 (2014)
13.
Zurück zum Zitat Gauthier, F., Lavoie, T., Merlo, E.: Uncovering access control weaknesses and flaws with security-discordant software clones. In: 29th Annual Computer Security Applications Conference, ACSAC 2013, pp. 209–218 (2013) Gauthier, F., Lavoie, T., Merlo, E.: Uncovering access control weaknesses and flaws with security-discordant software clones. In: 29th Annual Computer Security Applications Conference, ACSAC 2013, pp. 209–218 (2013)
14.
Zurück zum Zitat Karademir, S., Dean, T., Leblanc, S.: Using clone detection to find malware in Acrobat files. In: 23rd Conference of the Center for Advanced Studies on Collaborative Research, CASCON 2013, pp. 70–80 (2013) Karademir, S., Dean, T., Leblanc, S.: Using clone detection to find malware in Acrobat files. In: 23rd Conference of the Center for Advanced Studies on Collaborative Research, CASCON 2013, pp. 70–80 (2013)
15.
Zurück zum Zitat Liu, H., Ma, Z., Zhang, L., Shao, W.: Detecting duplications in sequence diagrams based on suffix trees. In: 13th Asia-Pacific Software Engineering Conference, APSEC 2006, pp. 269–276 (2006) Liu, H., Ma, Z., Zhang, L., Shao, W.: Detecting duplications in sequence diagrams based on suffix trees. In: 13th Asia-Pacific Software Engineering Conference, APSEC 2006, pp. 269–276 (2006)
16.
Zurück zum Zitat Martin, D., Cordy, J.R.: Towards web services tagging by similarity detection. In: The Smart Internet, pp. 216–233 (2010) Martin, D., Cordy, J.R.: Towards web services tagging by similarity detection. In: The Smart Internet, pp. 216–233 (2010)
17.
Zurück zum Zitat Nejati, S., Sabetzadeh, M., Chechik, M., Easterbrook, S., Zave, P.: Matching and merging of statecharts specifications. Int. Conf. Softw. Eng. ICSE 2007, 54–64 (2007) Nejati, S., Sabetzadeh, M., Chechik, M., Easterbrook, S., Zave, P.: Matching and merging of statecharts specifications. Int. Conf. Softw. Eng. ICSE 2007, 54–64 (2007)
19.
Zurück zum Zitat Rattan, D., Bhatia, R., Singh, M.: Model clone detection based on tree comparison. IEEE India Conference, INDICON 2012, pp. 1041–1046 (2012) Rattan, D., Bhatia, R., Singh, M.: Model clone detection based on tree comparison. IEEE India Conference, INDICON 2012, pp. 1041–1046 (2012)
20.
Zurück zum Zitat Roy, C.K., Cordy, J.R.: NICAD: accurate detection of near-miss intentional clones using flexible pretty-printing and code normalization. In: 16th International Conference on Program Comprehension, pp. 172–181 (2008) Roy, C.K., Cordy, J.R.: NICAD: accurate detection of near-miss intentional clones using flexible pretty-printing and code normalization. In: 16th International Conference on Program Comprehension, pp. 172–181 (2008)
21.
Zurück zum Zitat Roy, C.K., Cordy, J.R., Koschke, R.: Comparison and evaluation of code clone detection techniques and tools: a qualitative approach. Sci. Comput. Program. 74(7), 470–495 (2009)MathSciNetCrossRefMATH Roy, C.K., Cordy, J.R., Koschke, R.: Comparison and evaluation of code clone detection techniques and tools: a qualitative approach. Sci. Comput. Program. 74(7), 470–495 (2009)MathSciNetCrossRefMATH
22.
Zurück zum Zitat Roy, C.K., Cordy, J.R., Koschke, R.: Comparison and evaluation of code clone detection techniques and tools: a qualitative approach. Sci. Comput. Program. 74(7), 470–495 (2009)MathSciNetCrossRefMATH Roy, C.K., Cordy, J.R., Koschke, R.: Comparison and evaluation of code clone detection techniques and tools: a qualitative approach. Sci. Comput. Program. 74(7), 470–495 (2009)MathSciNetCrossRefMATH
23.
Zurück zum Zitat Rubin, J., Chechik, M.: From products to product lines using model matching and refactoring. In: 2nd International Workshop on Model-Driven Software Product Line Engineering, MAPLE 2010, pp. 155–162 (2010) Rubin, J., Chechik, M.: From products to product lines using model matching and refactoring. In: 2nd International Workshop on Model-Driven Software Product Line Engineering, MAPLE 2010, pp. 155–162 (2010)
24.
Zurück zum Zitat Rubin, J., Chechik, M.: Combining related products into product lines. In: 15th International Conference on Fundamental Approaches to Software Engineering, FASE 2012, pp. 285–300 (2012) Rubin, J., Chechik, M.: Combining related products into product lines. In: 15th International Conference on Fundamental Approaches to Software Engineering, FASE 2012, pp. 285–300 (2012)
26.
Zurück zum Zitat Stephan, M., Cordy, J.R.: A survey of methods and applications of model comparison. Technical Report 2011-582 Review 2, Queen’s University (2011) Stephan, M., Cordy, J.R.: A survey of methods and applications of model comparison. Technical Report 2011-582 Review 2, Queen’s University (2011)
27.
Zurück zum Zitat Störrle, H.: VMQL: a generic visual model query language. IEEE Symp. Vis. Lang. Hum. Cent. Comput. VL/HCC 2009, 199–206 (2009) Störrle, H.: VMQL: a generic visual model query language. IEEE Symp. Vis. Lang. Hum. Cent. Comput. VL/HCC 2009, 199–206 (2009)
28.
Zurück zum Zitat Störrle, H.: Towards clone detection in UML domain models. In: VIII Nordic Workshop on Model-Driven Software Engineering, ECSA 2010 workshops, pp. 285–293 (2010) Störrle, H.: Towards clone detection in UML domain models. In: VIII Nordic Workshop on Model-Driven Software Engineering, ECSA 2010 workshops, pp. 285–293 (2010)
29.
Zurück zum Zitat Störrle, H.: Towards clone detection in UML domain models. Softw. Syst. Model. 12(2), 307–329 (2013)CrossRef Störrle, H.: Towards clone detection in UML domain models. Softw. Syst. Model. 12(2), 307–329 (2013)CrossRef
31.
Zurück zum Zitat Svajlenko, J., Roy, C.K.: Evaluating clone detection tools with bigclonebench. In: 2015 IEEE International Conference on Software Maintenance and Evolution, ICSME 2015, Bremen, Germany, September 29–October 1, 2015, pp. 131–140 (2015) Svajlenko, J., Roy, C.K.: Evaluating clone detection tools with bigclonebench. In: 2015 IEEE International Conference on Software Maintenance and Evolution, ICSME 2015, Bremen, Germany, September 29–October 1, 2015, pp. 131–140 (2015)
Metadaten
Titel
An approach to clone detection in sequence diagrams and its application to security analysis
verfasst von
Manar H. Alalfi
Elizabeth P. Antony
James R. Cordy
Publikationsdatum
12.09.2016
Verlag
Springer Berlin Heidelberg
Erschienen in
Software and Systems Modeling / Ausgabe 4/2018
Print ISSN: 1619-1366
Elektronische ISSN: 1619-1374
DOI
https://doi.org/10.1007/s10270-016-0557-6

Weitere Artikel der Ausgabe 4/2018

Software and Systems Modeling 4/2018 Zur Ausgabe