Title :
ACUA: API Change and Usage Auditor
Author :
Wei Wu ; Adams, Bram ; Gueheneuc, Yann-Gael ; Antoniol, Giuliano
Author_Institution :
DGIGL, Ecole Polytech. de Montreal, Montreal, QC, Canada
Abstract :
Modern software uses frameworks through their Application Programming Interfaces (APIs). Framework APIs may change while frameworks evolve. Client programs have to upgrade to new releases of frameworks if security vulnerabilities are discovered in the used releases. Patching security vulnerabilities can be delayed by non-security-related API changes when the frameworks used by client programs are not up to date. Keeping frameworks updated can reduce the reaction time to patch security leaks. Client program upgrades are not cost free, developers need to understand the API usages in client programs and API changes between framework releases before conduct upgrading tasks. In this paper, we propose a tool ACUA to generate reports containing detailed API change and usage information by analyzing the binary code of both frameworks and clients programs written in Java. Developers can use the API change and usage reports generated by ACUA to estimate the work load and decide when to starting upgrading client programs based on the estimation.
Keywords :
Java; application program interfaces; safety-critical software; source code (software); ACUA; API Change-and-Usage Auditor; Java; application programming interfaces; binary code analysis; client program upgrade; framework release; nonsecurity-related API changes; reaction time reduction; security leakage patching; security vulnerabilities; software usage framework; work load estimation; Abstracts; Analytical models; Contracts; Data models; Detection algorithms; Security; Software; API change and usage; Software maintenance; framework API evolution;
Conference_Titel :
Source Code Analysis and Manipulation (SCAM), 2014 IEEE 14th International Working Conference on
Conference_Location :
Victoria, BC
DOI :
10.1109/SCAM.2014.33
