Providing a Source Code Security Analysis Model Using Semantic Web Techniques

Security is one of the main issues in all phases of the software life cycle. Since most software vulnerabilities occur in coding phase, so the secure implementation is very important. Semantic Web ontology expresses the concept of a specific area. According to variety of software systems and manufacturing techniques, the Semantic Web can be effective in production of software systems. Anthology helps to review security holes and bugs in source code and produces appropriate reports. To overcome the problem of variety of source code language, in this paper, an ontology approach for source code security analysis model has been used. In this model, the source code is represented in terms of the RDF triples. The security error patterns are provided in the form of SPARQL queries. The result shows that this approach is promising and can effectively find the security flaw patterns in source codes. Experimental evaluations demonstrate that this approach is feasible and finds bug patterns that implemented. The main advantage of this method is the independence of code analysis and error inference sections so each parts can be developed.