Security Framework to Verify the Low Level Implementation Codes

With the development of web-application, especially E-commerce, many software designers need to incorporate either low-level security functionalities into their programs. This involves the implementation of security features using Java Cryptography Architecture (JCA), Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE) API provided by Sun Corporation [1]. Through our discovery, we find that many functional security related features in software systems are usually implemented by a few methods. The use of these methods results to some necessary structural patterns in reduced control flow graph of the program. In this papers, we present our way to recover the security features by recognizing these methods invocations automatically and transform the reduced control flow graph to state transition diagram through functional abstractions. We believe that it would not only facilitate the comprehension of the security framework implemented in the program, but also make the further verification of the security features possible.