Achilles' heel of plug-and-Play software architectures: a grounded theory based approach
JCS Santos, A Sejfia, T Corrello… - Proceedings of the …, 2019 - dl.acm.org
Proceedings of the 2019 27th ACM Joint Meeting on European Software …, 2019•dl.acm.org
Through a set of well-defined interfaces, plug-and-play architectures enable additional
functionalities to be added or removed from a system at its runtime. However, plug-ins can
also increase the application's attack surface or introduce untrusted behavior into the
system. In this paper, we (1) use a grounded theory-based approach to conduct an empirical
study of common vulnerabilities in plug-and-play architectures;(2) conduct a systematic
literature survey and evaluate the extent that the results of the empirical study are novel or …
functionalities to be added or removed from a system at its runtime. However, plug-ins can
also increase the application's attack surface or introduce untrusted behavior into the
system. In this paper, we (1) use a grounded theory-based approach to conduct an empirical
study of common vulnerabilities in plug-and-play architectures;(2) conduct a systematic
literature survey and evaluate the extent that the results of the empirical study are novel or …
Through a set of well-defined interfaces, plug-and-play architectures enable additional functionalities to be added or removed from a system at its runtime. However, plug-ins can also increase the application’s attack surface or introduce untrusted behavior into the system. In this paper, we (1) use a grounded theory-based approach to conduct an empirical study of common vulnerabilities in plug-and-play architectures; (2) conduct a systematic literature survey and evaluate the extent that the results of the empirical study are novel or supported by the literature; (3) evaluate the practicality of the findings by interviewing practitioners with several years of experience in plug-and-play systems. By analyzing Chromium, Thunderbird, Firefox, Pidgin, WordPress, Apache OfBiz, and OpenMRS, we found a total of 303 vulnerabilities rooted in extensibility design decisions and observed that these plugin-related vulnerabilities were caused by 16 different types of vulnerabilities. Out of these 16 vulnerability types we identified 19 mitigation procedures for fixing them. The literature review supported 12 vulnerability types and 8 mitigation techniques discovered in our empirical study, and indicated that 5 mitigation techniques were not covered in our empirical study. Furthermore, it indicated that 4 vulnerability types and 11 mitigation techniques discovered in our empirical study were not covered in the literature. The interviews with practitioners confirmed the relevance of the findings and highlighted ways that the results of this empirical study can have an impact in practice.
ACM Digital Library
以上显示的是最相近的搜索结果。 查看全部搜索结果