Skip to main content
SpringerLink
Log in

Source Code Analysis of a Connection-Oriented File Reader Server Socket Program in Java and Removal of the Security Vulnerabilities

  • Conference paper
  • First Online:
Computer Networks & Communications (NetCom)

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 131))

  • 1727 Accesses

Abstract

This paper presents the source code analysis of a file reader server socket program (connection-oriented sockets) developed in Java, to illustrate the identification, impact analysis and solutions to remove important software security vulnerabilities, which if left unattended could severely impact the server running the software and also the network hosting the server. The vulnerabilities studied are: (1) Resource Injection, (2) Path Manipulation, (3) System Information Leak, and (4) Denial of Service vulnerabilities. We analyze the reason for these vulnerabilities to occur in the program, discuss the impact of leaving them unattended, and propose solutions to remove each of these vulnerabilities from the program. We also analyze any potential performance tradeoffs (such as increase in code size and loss of features) that could arise while incorporating the proposed solutions on the server program. The proposed solutions are very generic in nature, and can be suitably modified to correct any such vulnerabilities in software developed in any other programming language.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 299.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 379.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 379.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Baca D (2009) Static code analysis to detect software security vulnerabilities–does experience matter?. International conference on availability, reliability and security, IEEE, Fukuoka, Japan, In, pp 804–810

    Google Scholar 

  2. Caseley PR, Hadley MJ (2006) Assessing the effectiveness of static code analysis. In: 1st institution of engineering and technology international conference on system safety, London, UK, pp 227–237.

    Google Scholar 

  3. Chess B, West J (2008) Secure programming with static analysis, 1st edn. Addison Wesley, Boston

    Google Scholar 

  4. Graff MG, van Wyk KR (2003) Secure coding: principles and practices, 1st edn. O’Reilly Media, Sebastopol

    Google Scholar 

  5. HP Fortify SCA: https://www.fortify.com/products/hpfssc/source-code-analyzer.html

  6. Mantere M, Uisitalo I, Roning J (2009) Comparison of static code analysis tools. In: 3rd international conference on emerging security information, systems and technologies, Athens, Greece, pp 15–22.

    Google Scholar 

  7. Mcheick H, Dhiab H, Dbouk M, Mcheik R (2010) Detecting type errors and secure coding in C/C++ applications. International conference on computer systems and applications, IEEE/ACS, Hammamet, Tunisia, In, pp 1–9

    Google Scholar 

  8. Novak J, Krajnc A, Zontar R (2010) Taxonomy of static code analysis tools. In: 33rd international conference on information and communication technology. Electronics and microelectronics, Opatija, Canada, pp 418–422.

    Google Scholar 

  9. Tondel IA, Jaatun MG, Jensen J (2008) Learning from software security testing. International conference on software testing verification and validation workshop, Lillehammer, Norway, In, pp 286–294

    Google Scholar 

  10. Whittaker JA (2002) How to break software, 1st edn. Addison-Wesley, Boston

    Google Scholar 

Download references

Acknowledgments

The work leading to this paper is funded through the U. S. National Science Foundation CCLI/TUES grant (DUE-0941959) on “Incorporating Systems Security and Software Security in Senior Projects.” The views and conclusions contained in this document are those of the author and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the funding agency.

Author information

Authors and Affiliations

  1. Jackson State University, Jackson, MS, USA

    N. Meghanathan

Authors
  1. N. Meghanathan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to N. Meghanathan .

Editor information

Editors and Affiliations

  1. Department of Computer Science & Eng., University of Calcutta, Calcutta, 700 073, India

    Nabendu Chaki

  2. , Department of Computer Science, Jackson State University, John R. Lynch Street 1400, Jackson, 39217, USA

    Natarajan Meghanathan

  3. Wireilla Net Solutions PTY Ltd, Merlow Street 10, Albion, 3020, Victoria, Australia

    Dhinaharan Nagamalai

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this paper

Cite this paper

Meghanathan, N. (2013). Source Code Analysis of a Connection-Oriented File Reader Server Socket Program in Java and Removal of the Security Vulnerabilities. In: Chaki, N., Meghanathan, N., Nagamalai, D. (eds) Computer Networks & Communications (NetCom). Lecture Notes in Electrical Engineering, vol 131. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-6154-8_61

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-6154-8_61

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-6153-1

  • Online ISBN: 978-1-4614-6154-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation