TRACER — identifying software vulnerabilities and securing legacy systems

Project Code: 09ΣΥΝ-72-942
Funding programme: Synergasia
Funding Agency: European Regional Development Fund (ERDF) and national funds. Operational Programme "Competitiveness and Entrepreneurship" (OPCE II), "Measure Cooperation" (Action I).
Project type: RTD
Web site: http://www.tracer-project.gr/
Starting date: 2011-04-18
Ending date: 2014-10-17
AUEB budget: 146020 euro
Total budget: 546700 euro


Project manager: Dimitris Mitropoulos
Contact: Dimitris Mitropoulos
Scientific coordinator: Diomidis Spinellis

Description

Legacy systems are likely to contain software vulnerabilities that can lead to various security breaches. On the other hand, these systems contain valuable information about the environment, the creation and the evolution of the organization they support. For this reason, redesigning large systems in order to be secure and compatible with new technologies is not a practical option, since the information mentioned above could be lost. In addition the cost of replacing such system and retrain its various users, could be prohibitive. In this project we propose a framework that shields legacy systems based on two basic steps: First, our framework analyzes the source code of the system to identify potential software vulnerabilities and eliminates them. Then, depending on the previous analysis the framework proposes solutions to protect the system from the most common web-application attacks.

Partners

    • PLASE Laboratory of the Department of Informatics of the Aristotle University of Thessaloniki (GR)
    • Institute of Computer Science (ICS) of the Foundation for Research and Technology - Hellas (FORTH) (GR)
    • Singular Software S.A. (GR)

Publications

Conference Publications

    • Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, and Panagiotis Katsaros. TRACER: a platform for securing legacy code. In TRUST '14: Proceedings of 7th International Conference on Trust & Trustworthy Computing - Poster Presentation Track, 218–219. Springer, June 2014.
    • Konstantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, and Panagiotis Katsaros. Securing legacy code with the TRACER platform. In PCI 2014: Proceedings of 18th Panhellenic Conference on Informatics, 25:1–25:6. ACM, 2014.
    • Dimitris Mitropoulos, Georgios Gousios, Panagiotis Papadopoulos, Vassilios Karakoidas, Panos Louridas, and Diomidis Spinellis. The vulnerability dataset of a large software ecosystem. In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014), colocated with the 19th European Symposium on Research in Computer Security (ESORICS 2014). IEEE Computer Society, September 2014.
    • Dimitris Mitropoulos, Georgios Gousios, and Diomidis Spinellis. Measuring the occurrence of security-related bugs through software evolution. In PCI 2012: Proceedings of 16th Panhellenic Conference on Informatics (PCI 2012), 117–122. IEEE Computer Society, 2012.
    • Georgios Gousios and Diomidis Spinellis. GHTorrent: Github's data from a firehose. In Michele Lanza, Massimiliano Di Penta, and Tao Xie, editors, 9th IEEE Working Conference on Mining Software Repositories (MSR), 12–21. IEEE, June 2012.