Implementing a security-specific slicer for servlet using program slicer

Abstract

Security auditing tool is basically a system to check the adequacy of the defence implemented in the system coding. The main focus of this project is to develop a security auditing tool for the system which is written in Java Servlet. Input to the Servlet program is passed by the user using web forms. Thus in this project, statements affected by user’s input were extracted to examine the security defence implemented in the system. Program slicing was used as program analysis method in this project. Program slicer: Indus was used as the slicing mechanism to extract the statements as well as part of the security tool. Through the exploration of program slicing and the features of Indus, many techniques of program slicing were studied. Indus was configured and adjusted to be used as the slicer for Servlet program which is the main focus of this project. Furthermore, a prototype tool was implemented to link the Indus to the main security program. Upon completion of this project, program slicing method was studied and integrated into the security auditing tool. Program slicer: Indus was able to configure successfully and a prototype tool was implemented. Through this project, a new approach, program slicing was explored and learnt. Problem solving techniques were improved with configuration of Indus, and also gained hand-on experiences in writing Java programs. Finally, recommendations were made to improve the security auditing tool for future study.