Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira (2018)
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
SOAP 2018. Amsterdam, Netherlands
doi: 10.1145/3236454.3236503
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Call graphs are at the core of many static analyses rangingfrom the detection of unused methods to advanced control-and data-flow analyses. Therefore, a comprehensive under-standing of the precision and recall of the respective graphsis crucial to enable an assessment which call-graph construc-tion algorithms are suited in which analysis scenario. Forexample, malware is often obfuscated and tries to hide itsintent by using Reflection. Call graphs that do not representreflective method calls are, therefore, of limited use whenanalyzing such apps. In general, the precision is well understood, but the recallis not, i.e., in which cases a call graph will not contain anycall edges. In this paper, we discuss the design of a compre-hensive test suite that enables us to compute a fingerprintof theunsoundnessof the respective call-graph constructionalgorithms. This suite also enables us to make a comparativeevaluation of static analysis frameworks. Comparing Sootand WALA shows that WALA currently has better supportfor new Java 8 features and also for Java Reflection. However,in some cases both fail to include expected edges.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2018 |
| Autor(en): | Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira |
| Art des Eintrags: | Bibliographie |
| Titel: | Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java |
| Sprache: | Englisch |
| Publikationsjahr: | Juli 2018 |
| Verlag: | ACM |
| Buchtitel: | Companion Proceedings for the ISSTA/ECOOP 2018 Workshops |
| Veranstaltungstitel: | SOAP 2018 |
| Veranstaltungsort: | Amsterdam, Netherlands |
| DOI: | 10.1145/3236454.3236503 |
| URL / URN: | https://dl.acm.org/citation.cfm?id=3236503 |
| Kurzbeschreibung (Abstract): | Call graphs are at the core of many static analyses rangingfrom the detection of unused methods to advanced control-and data-flow analyses. Therefore, a comprehensive under-standing of the precision and recall of the respective graphsis crucial to enable an assessment which call-graph construc-tion algorithms are suited in which analysis scenario. Forexample, malware is often obfuscated and tries to hide itsintent by using Reflection. Call graphs that do not representreflective method calls are, therefore, of limited use whenanalyzing such apps. In general, the precision is well understood, but the recallis not, i.e., in which cases a call graph will not contain anycall edges. In this paper, we discuss the design of a compre-hensive test suite that enables us to compute a fingerprintof theunsoundnessof the respective call-graph constructionalgorithms. This suite also enables us to make a comparativeevaluation of static analysis frameworks. Comparing Sootand WALA shows that WALA currently has better supportfor new Java 8 features and also for Java Reflection. However,in some cases both fail to include expected edges. |
| Freie Schlagworte: | Engineering; E1 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Softwaretechnik DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 20 Dez 2018 16:38 |
| Letzte Änderung: | 05 Feb 2019 12:26 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum