TU Darmstadt / ULB / TUbiblio

Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java

Reif, Michael and Eichberg, Michael and Kübler, Florian and Mezini, Mira (2018):
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
In: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops, ACM, In: SOAP 2018, Amsterdam, Netherlands, DOI: 10.1145/3236454.3236503,
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236503],
[Conference or Workshop Item]

Abstract

Call graphs are at the core of many static analyses rangingfrom the detection of unused methods to advanced control-and data-flow analyses. Therefore, a comprehensive under-standing of the precision and recall of the respective graphsis crucial to enable an assessment which call-graph construc-tion algorithms are suited in which analysis scenario. Forexample, malware is often obfuscated and tries to hide itsintent by using Reflection. Call graphs that do not representreflective method calls are, therefore, of limited use whenanalyzing such apps. In general, the precision is well understood, but the recallis not, i.e., in which cases a call graph will not contain anycall edges. In this paper, we discuss the design of a compre-hensive test suite that enables us to compute a fingerprintof theunsoundnessof the respective call-graph constructionalgorithms. This suite also enables us to make a comparativeevaluation of static analysis frameworks. Comparing Sootand WALA shows that WALA currently has better supportfor new Java 8 features and also for Java Reflection. However,in some cases both fail to include expected edges.

Item Type: Conference or Workshop Item
Erschienen: 2018
Creators: Reif, Michael and Eichberg, Michael and Kübler, Florian and Mezini, Mira
Title: Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java
Language: English
Abstract:

Call graphs are at the core of many static analyses rangingfrom the detection of unused methods to advanced control-and data-flow analyses. Therefore, a comprehensive under-standing of the precision and recall of the respective graphsis crucial to enable an assessment which call-graph construc-tion algorithms are suited in which analysis scenario. Forexample, malware is often obfuscated and tries to hide itsintent by using Reflection. Call graphs that do not representreflective method calls are, therefore, of limited use whenanalyzing such apps. In general, the precision is well understood, but the recallis not, i.e., in which cases a call graph will not contain anycall edges. In this paper, we discuss the design of a compre-hensive test suite that enables us to compute a fingerprintof theunsoundnessof the respective call-graph constructionalgorithms. This suite also enables us to make a comparativeevaluation of static analysis frameworks. Comparing Sootand WALA shows that WALA currently has better supportfor new Java 8 features and also for Java Reflection. However,in some cases both fail to include expected edges.

Title of Book: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops
Publisher: ACM
Uncontrolled Keywords: Engineering; E1
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Software Technology
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Title: SOAP 2018
Event Location: Amsterdam, Netherlands
Date Deposited: 20 Dec 2018 16:38
DOI: 10.1145/3236454.3236503
Official URL: https://dl.acm.org/citation.cfm?id=3236503
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item