| ... | @@ -35,7 +35,7 @@ In this section, we describe how the QSA mechanism can be used as an individual |
... | @@ -35,7 +35,7 @@ In this section, we describe how the QSA mechanism can be used as an individual |
|
|
|
|
|
|
|
## Execution of the Docker Container
|
|
## Execution of the Docker Container
|
|
|
|
|
|
|
|
Having the QSA Container already deployed on your local machine (see the Installation section above for more information), it can be started, paused, and stopped using common Docker commands. In particular, in order to start the QSA mechanism you need to execute the following command on your terminal:
|
|
Having the QSA Container already deployed on your local machine (see the [Installation](#installation-directly-from-dockerhub) section above for more information), it can be started, paused, and stopped using common Docker commands. In particular, in order to start the QSA mechanism you need to execute the following command on your terminal:
|
|
|
|
|
|
|
|
~~~
|
|
~~~
|
|
|
docker start vm4sec-qsa
|
|
docker start vm4sec-qsa
|
| ... | @@ -57,7 +57,7 @@ After starting the Docker Container of the QSA back-end, its web services are up |
... | @@ -57,7 +57,7 @@ After starting the Docker Container of the QSA back-end, its web services are up |
|
|
<local_IP>:<defined_port>/DependabilityToolbox/SecurityAssessment
|
|
<local_IP>:<defined_port>/DependabilityToolbox/SecurityAssessment
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
where the <local_IP> is the IP of the local machine on which the QSA Docker Container has been deployed, whereas the <defined_port> is the port of the container that is defined by the user during the installation (please see the Installation section). This port is by default 8080, if not stated otherwise during the execution of the _docker run_ command. In the following, a more detailed description of how the main analysis service can be used is provided.
|
|
where the <local_IP> is the IP of the local machine on which the QSA Docker Container has been deployed, whereas the <defined_port> is the port of the container that is defined by the user during the installation (please see the [Installation](#installation-directly-from-dockerhub) section). This port is by default 8080, if not stated otherwise during the execution of the _docker run_ command. In the following, a more detailed description of how the main analysis service can be used is provided.
|
|
|
|
|
|
|
|
### Quantitative Security Assessment Service
|
|
### Quantitative Security Assessment Service
|
|
|
|
|
|
| ... | @@ -90,7 +90,7 @@ Hence, the following HTTP GET Request needs to be submitted: |
... | @@ -90,7 +90,7 @@ Hence, the following HTTP GET Request needs to be submitted: |
|
|
http://160.40.52.130:8089/DependabilityToolbox/SecurityAssessment?project=https://github.com/siavvasm/HelloWorldJavaCompiled&lang=java&inspection=yes
|
|
http://160.40.52.130:8089/DependabilityToolbox/SecurityAssessment?project=https://github.com/siavvasm/HelloWorldJavaCompiled&lang=java&inspection=yes
|
|
|
```
|
|
```
|
|
|
|
|
|
|
|
After submitting the request, the Quantitative Security Assessment (QSA) service in invoked and the selected project is analyzed with respect to its Security. In brief, QSA selects the Security Assessment Model for Java, performs static analysis, and aggregates the results according to the model, in order to compute a set of Security Metrics, as well as the overall *Security Index* of the selected project (for more information about the *Security Assessment Model* we refer the reader to the materials that are listed in the References section of the [Dependability Toolbox Description](dependability-toolbox-description) wiki page. After the successful execution of the analysis, a JSON report with the results is produced and sent as a response to the user. The produced JSON for the *HelloWorldCompiled* project is presented below. (It should be noted that for reasons of brevity, although the report provides additional information, this information has been removed from the JSON below, to facilitate its readability)
|
|
After submitting the request, the Quantitative Security Assessment (QSA) service in invoked and the selected project is analyzed with respect to its Security. In brief, QSA selects the Security Assessment Model for Java, performs static analysis, and aggregates the results according to the model, in order to compute a set of Security Metrics, as well as the overall *Security Index* of the selected project (for more information about the *Security Assessment Model* we refer the reader to the materials that are listed in the _External Links_ section of the [Home](home) wiki page. After the successful execution of the analysis, a JSON report with the results is produced and sent as a response to the user. The produced JSON for the *HelloWorldCompiled* project is presented below. (It should be noted that for reasons of brevity, although the report provides additional information, this information has been removed from the JSON below, to facilitate its readability)
|
|
|
|
|
|
|
|
```
|
|
```
|
|
|
{
|
|
{
|
| ... | @@ -1106,5 +1106,5 @@ As can be seen from the fragment above, the JSON report consists of four main el |
... | @@ -1106,5 +1106,5 @@ As can be seen from the fragment above, the JSON report consists of four main el |
|
|
|
|
|
|
|
- **characteristics:** An array that contains the results of the characteristics evaluation. More specifically, it contains the scores (i.e., eval) of the model’s characteristics.
|
|
- **characteristics:** An array that contains the results of the characteristics evaluation. More specifically, it contains the scores (i.e., eval) of the model’s characteristics.
|
|
|
|
|
|
|
|
- **security_index:** An object that contains the Security Index of the analyzed [software](#installation-directly-from-dockerhub).
|
|
- **security_index:** An object that contains the Security Index of the analyzed [software]().
|
|
|
|
|
|
