Network


Latest external collaboration on country level. Dive into details by clicking on the dots.

Hotspot


Dive into the research topics where Diane Corney is active.

Publication


Featured researches published by Diane Corney.


international conference on quality software | 2009

Security Metrics for Object-Oriented Class Designs

Bandar Alshammari; Colin J. Fidge; Diane Corney

Measuring quality attributes of object-oriented designs (e.g. maintainability and performance) has been covered by a number of studies. However, these studies have not considered security as much as other quality attributes. Also, most security studies focus at the level of individual program statements. This approach makes it hard and expensive to discover and fix vulnerabilities caused by design errors. In this work, we focus on the security design of an object-oriented application and define a number of security metrics. These metrics allow designers to discover and fix security vulnerabilities at an early stage, and help compare the security of various alternative designs. In particular, we propose seven security metrics to measure Data Encapsulation (accessibility) and Cohesion (interactions) of a given object-oriented class from the point of view of potential information flow.


australian software engineering conference | 2010

Security Metrics for Object-Oriented Designs

Bandar Alshammari; Colin J. Fidge; Diane Corney

Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.


Lecture Notes in Computer Science | 2000

Evaluating the Java Virtual Machine as a Target for Languages Other Than Java

K. John Gough; Diane Corney

The portability and runtime safety of programs which are executed on the Java Virtual Machine (JVM) makes the JVM an attractive target for compilers of languages other than Java. Unfortunately, the JVM was designed with language Java in mind, and lacks many of the primitives required for a straighforward implementation of other languages.


international conference on programming languages and system architectures | 1994

Type test elimination using typeflow analysis

Diane Corney; K. John Gough

Programs written in languages of the Oberon family usually contain runtime tests on the dynamic type of variables. In some cases it may be desirable to reduce the number of such tests. Typeflow analysis is a static method of determining bounds on the types that objects may possess at runtime. We show that this analysis is able to reduce the number of tests in certain plausible circumstances. Furthermore, the same analysis is able to detect certain program errors at compile time, which would normally only be detected at program execution. This paper introduces the concepts of typeflow analysis and details its use in the reduction of runtime overhead in Oberon-2.


network and system security | 2010

Automatic Generation of Assertions to Detect Potential Security Vulnerabilities in C Programs That Use Union and Pointer Types

Shamsul Kamal Ahmad Khalid; Jacob Zimmermann; Diane Corney; Colin J. Fidge

Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.


languages, compilers, and tools for embedded systems | 2009

Integrating hardware and software information flow analyses

Colin J. Fidge; Diane Corney

Security-critical communications devices must be evaluated to the highest possible standards before they can be deployed. This process includes tracing potential information flow through the devices electronic circuitry, for each of the devices operating modes. Increasingly, however, security functionality is being entrusted to embedded software running on microprocessors within such devices, so new strategies are needed for integrating information flow analyses of embedded program code with hardware analyses. Here we show how standard compiler principles can augment high-integrity security evaluations to allow seamless tracing of information flow through both the hardware and software of embedded systems. This is done by unifying input/output statements in embedded program execution paths with the hardware pins they access, and by associating significant software states with corresponding operating modes of the surrounding electronic circuitry.


Lecture Notes in Computer Science | 2003

Leveraging managed frameworks from modular languages

K. John Gough; Diane Corney

Managed execution frameworks, such as the .NET Common Language Runtime or the Java Virtual Machine, provide a rich environment for the creation of application programs. These execution environments are ideally suited for languages that depend on type-safety and the declarative control of feature access. Furthermore, such frameworks typically provide a rich collection of library primitives specialized for almost every domain of application programming. Thus, when a new language is implemented on one of these frameworks it becomes necessary to provide some kind of mapping from the new language to the libraries of the framework. The design of such mappings is challenging since the type-system of the new language may not span the domain exposed in the library application programming interfaces (APIs).


international conference on quality software | 2011

A Hierarchical Security Assessment Model for Object-Oriented Programs

Bandar Alshammari; Colin J. Fidge; Diane Corney


Archive | 1992

An experiment in mixed compilation/interpretation

John Gough; Christina Cifuentes; Diane Corney; John Hynd; Peter Kolb


Archive | 2000

Implementing languages other than Java on the Java Virtual Machine

John Gough; Diane Corney

Collaboration


Dive into the Diane Corney's collaboration.

Top Co-Authors

Avatar

Colin J. Fidge

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar

Bandar Alshammari

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar

K. John Gough

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar

Jacob Zimmermann

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar

Shamsul Kamal Ahmad Khalid

Universiti Tun Hussein Onn Malaysia

View shared research outputs
Top Co-Authors

Avatar

Chris Mills

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar

Christopher Doble

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar

John Hynd

Queensland University of Technology

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Richard Thomas

Queensland University of Technology

View shared research outputs
Researchain Logo
Decentralizing Knowledge