Toward Automated Security Risk Detection in Large Software Using Call Graph Analysis

TL;DR

This paper presents an automated approach for security risk detection in large software systems by clustering call graphs to identify potential vulnerabilities, aiming to improve efficiency and accuracy over manual threat modeling methods.

Contribution

It introduces a novel semi-automated threat modeling framework using clustering algorithms on call graphs, specifically tailored for cloud-native environments.

Findings

Clustering metrics effectively identify security weaknesses in call graphs.

The approach demonstrates viability in a case study with Splunk Forwarder Operator.

Potential to enhance systematic threat assessment in large software systems.

Abstract

Threat modeling plays a critical role in the identification and mitigation of security risks; however, manual approaches are often labor intensive and prone to error. This paper investigates the automation of software threat modeling through the clustering of call graphs using density-based and community detection algorithms, followed by an analysis of the threats associated with the identified clusters. The proposed method was evaluated through a case study of the Splunk Forwarder Operator (SFO), wherein selected clustering metrics were applied to the software's call graph to assess pertinent code-density security weaknesses. The results demonstrate the viability of the approach and underscore its potential to facilitate systematic threat assessment. This work contributes to the advancement of scalable, semi-automated threat modeling frameworks tailored for modern cloud-native environments.