Home > Research > Publications & Outputs > Inferring semantic mapping between policies and...
View graph of relations

Inferring semantic mapping between policies and code: the clue is in the language

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Inferring semantic mapping between policies and code : the clue is in the language. / Anthonysamy, Pauline; Edwards, Matthew; Weichel, Christian; Rashid, Awais.

Engineering Secure Software and Systems : 8th International Symposium, ESSoS 2016, London, United Kingdom, April 6-8, 2016. Proceedings.. ed. / Juan Caballero; Eric Bodden; Elias Athanasopoulos. Springer, 2016. p. 233-250 (Lecture Notes in Computer Science; Vol. 9639).

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Anthonysamy, P, Edwards, M, Weichel, C & Rashid, A 2016, Inferring semantic mapping between policies and code: the clue is in the language. in J Caballero, E Bodden & E Athanasopoulos (eds), Engineering Secure Software and Systems : 8th International Symposium, ESSoS 2016, London, United Kingdom, April 6-8, 2016. Proceedings.. Lecture Notes in Computer Science, vol. 9639, Springer, pp. 233-250.

APA

Anthonysamy, P., Edwards, M., Weichel, C., & Rashid, A. (2016). Inferring semantic mapping between policies and code: the clue is in the language. In J. Caballero, E. Bodden, & E. Athanasopoulos (Eds.), Engineering Secure Software and Systems : 8th International Symposium, ESSoS 2016, London, United Kingdom, April 6-8, 2016. Proceedings. (pp. 233-250). (Lecture Notes in Computer Science; Vol. 9639). Springer.

Vancouver

Anthonysamy P, Edwards M, Weichel C, Rashid A. Inferring semantic mapping between policies and code: the clue is in the language. In Caballero J, Bodden E, Athanasopoulos E, editors, Engineering Secure Software and Systems : 8th International Symposium, ESSoS 2016, London, United Kingdom, April 6-8, 2016. Proceedings.. Springer. 2016. p. 233-250. (Lecture Notes in Computer Science).

Author

Anthonysamy, Pauline ; Edwards, Matthew ; Weichel, Christian ; Rashid, Awais. / Inferring semantic mapping between policies and code : the clue is in the language. Engineering Secure Software and Systems : 8th International Symposium, ESSoS 2016, London, United Kingdom, April 6-8, 2016. Proceedings.. editor / Juan Caballero ; Eric Bodden ; Elias Athanasopoulos. Springer, 2016. pp. 233-250 (Lecture Notes in Computer Science).

Bibtex

@inproceedings{f2417ddaeb2641bf86c10b824580dea4,
title = "Inferring semantic mapping between policies and code: the clue is in the language",
abstract = "A common misstep in the development of security and privacy solutions is the failure to keep the demands resulting from high-level policies in line with the actual implementation that is supposed to operationalize those policies. This is especially problematic in the domain of social networks, where software typically predates policies and then evolves alongside its user base and any changes in policies that arise from their interactions with (and the demands that they place on) the system. Our contribution targets this specific problem, drawing together the assurances actually presented to users in the form of policies and the large codebases with which developers work. We demonstrate that a mapping between policies and code can be inferred from the semantics of the natural language. These semantics manifest not only in the policy statements but also coding conventions. Our technique, implemented in a tool (CASTOR), can infer semantic mappings with F1 accuracy of 70 % and 78 % for two social networks, Diaspora and Friendica respectively – as compared with a ground truth mapping established through manual examination of the policies and code.",
author = "Pauline Anthonysamy and Matthew Edwards and Christian Weichel and Awais Rashid",
year = "2016",
month = mar,
day = "29",
language = "English",
isbn = "9783319308050",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "233--250",
editor = "Juan Caballero and Bodden, {Eric } and Elias Athanasopoulos",
booktitle = "Engineering Secure Software and Systems",

}

RIS

TY - GEN

T1 - Inferring semantic mapping between policies and code

T2 - the clue is in the language

AU - Anthonysamy, Pauline

AU - Edwards, Matthew

AU - Weichel, Christian

AU - Rashid, Awais

PY - 2016/3/29

Y1 - 2016/3/29

N2 - A common misstep in the development of security and privacy solutions is the failure to keep the demands resulting from high-level policies in line with the actual implementation that is supposed to operationalize those policies. This is especially problematic in the domain of social networks, where software typically predates policies and then evolves alongside its user base and any changes in policies that arise from their interactions with (and the demands that they place on) the system. Our contribution targets this specific problem, drawing together the assurances actually presented to users in the form of policies and the large codebases with which developers work. We demonstrate that a mapping between policies and code can be inferred from the semantics of the natural language. These semantics manifest not only in the policy statements but also coding conventions. Our technique, implemented in a tool (CASTOR), can infer semantic mappings with F1 accuracy of 70 % and 78 % for two social networks, Diaspora and Friendica respectively – as compared with a ground truth mapping established through manual examination of the policies and code.

AB - A common misstep in the development of security and privacy solutions is the failure to keep the demands resulting from high-level policies in line with the actual implementation that is supposed to operationalize those policies. This is especially problematic in the domain of social networks, where software typically predates policies and then evolves alongside its user base and any changes in policies that arise from their interactions with (and the demands that they place on) the system. Our contribution targets this specific problem, drawing together the assurances actually presented to users in the form of policies and the large codebases with which developers work. We demonstrate that a mapping between policies and code can be inferred from the semantics of the natural language. These semantics manifest not only in the policy statements but also coding conventions. Our technique, implemented in a tool (CASTOR), can infer semantic mappings with F1 accuracy of 70 % and 78 % for two social networks, Diaspora and Friendica respectively – as compared with a ground truth mapping established through manual examination of the policies and code.

M3 - Conference contribution/Paper

SN - 9783319308050

T3 - Lecture Notes in Computer Science

SP - 233

EP - 250

BT - Engineering Secure Software and Systems

A2 - Caballero, Juan

A2 - Bodden, Eric

A2 - Athanasopoulos, Elias

PB - Springer

ER -