TU Darmstadt / ULB / TUbiblio

Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java

Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira :
Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java.
[Online-Edition: https://dl.acm.org/citation.cfm?id=3236503]
In: SOAP 2018, Amsterdam, Netherlands. Companion Proceedings for the ISSTA/ECOOP 2018 Workshops ACM
[ Konferenzveröffentlichung] , (2018)

Offizielle URL: https://dl.acm.org/citation.cfm?id=3236503

Kurzbeschreibung (Abstract)

Call graphs are at the core of many static analyses rangingfrom the detection of unused methods to advanced control-and data-flow analyses. Therefore, a comprehensive under-standing of the precision and recall of the respective graphsis crucial to enable an assessment which call-graph construc-tion algorithms are suited in which analysis scenario. Forexample, malware is often obfuscated and tries to hide itsintent by using Reflection. Call graphs that do not representreflective method calls are, therefore, of limited use whenanalyzing such apps. In general, the precision is well understood, but the recallis not, i.e., in which cases a call graph will not contain anycall edges. In this paper, we discuss the design of a compre-hensive test suite that enables us to compute a fingerprintof theunsoundnessof the respective call-graph constructionalgorithms. This suite also enables us to make a comparativeevaluation of static analysis frameworks. Comparing Sootand WALA shows that WALA currently has better supportfor new Java 8 features and also for Java Reflection. However,in some cases both fail to include expected edges.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2018
Autor(en): Reif, Michael ; Eichberg, Michael ; Kübler, Florian ; Mezini, Mira
Titel: Systematic Evaluation of the Unsoundness of Call Graph Construction Algorithms for Java
Sprache: Englisch
Kurzbeschreibung (Abstract):

Call graphs are at the core of many static analyses rangingfrom the detection of unused methods to advanced control-and data-flow analyses. Therefore, a comprehensive under-standing of the precision and recall of the respective graphsis crucial to enable an assessment which call-graph construc-tion algorithms are suited in which analysis scenario. Forexample, malware is often obfuscated and tries to hide itsintent by using Reflection. Call graphs that do not representreflective method calls are, therefore, of limited use whenanalyzing such apps. In general, the precision is well understood, but the recallis not, i.e., in which cases a call graph will not contain anycall edges. In this paper, we discuss the design of a compre-hensive test suite that enables us to compute a fingerprintof theunsoundnessof the respective call-graph constructionalgorithms. This suite also enables us to make a comparativeevaluation of static analysis frameworks. Comparing Sootand WALA shows that WALA currently has better supportfor new Java 8 features and also for Java Reflection. However,in some cases both fail to include expected edges.

Buchtitel: Companion Proceedings for the ISSTA/ECOOP 2018 Workshops
Verlag: ACM
Freie Schlagworte: Engineering; E1
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Softwaretechnik
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Veranstaltungstitel: SOAP 2018
Veranstaltungsort: Amsterdam, Netherlands
Hinterlegungsdatum: 20 Dez 2018 16:38
DOI: 10.1145/3236454.3236503
Offizielle URL: https://dl.acm.org/citation.cfm?id=3236503
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen