Nicolas Egierski Ball State University, Nathan White Ball State University
Faculty Sponsor(s): Wayne Zage Ball State University, Dolores Zage Ball State UniversityCode duplication (or code clones) increases software size on disk and at runtime, and costs developers unnecessary time and money during software maintenance. Clones also can inform developers of significant or flawed patterns which are revealed through clone analysis. The project Code Duplication++ extends the work of two previous research projects Code Duplication and Secure Coding. In Secure Coding, the OWASP benchmark test suite, funded by the U.S. Department of Homeland Security, was used to discern and evaluate software vulnerability patterns. During the benchmark analysis, each test source code was parsed and 196 metrics were extracted for each module. These metrics were used as a basis to identify duplicate and/or insecure code. If two modules possess the identical values for all 196 metrics, they were labeled metric clones. To date, the metrics can identify the Common Weakness Enumeration (CWE) category of the OWASP test case. Also highlighted during the analysis was the subtle differences between clusters of metric clones. Analyzing the module metric distance, the distance between metric clones, reveals clusters of metric clones that are closely related. These clusters are then examined against their associated CWE to provide insight into the relationship between clones and their respective vulnerabilities. Ultimately, using this analysis will reduce software maintenance and identify significant patterns that may identify uncovered vulnerabilities in code.
Mathematics & Computer Science
When & Where
Irwin Library 3rd Floor