Static path conditions for Java

Hammer, Christian; Schaade, Rüdiger; Snelting, Gregor

doi:10.1145/1375696.1375704

Cited by 13 publications

(11 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The average slice size is 86,023 nodes, which is about 64% of the whole source code. This is more than what is typical for backward slices, due to the higher coupling of JavaCard in contrast to normal Java, and illustrates why precise witnesses can only be achieved via path conditions as described in [21,22,47].…”

Section: Implementation and Preliminary Experiencementioning

confidence: 93%

See 1 more Smart Citation

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Hammer

Snelting

2009

Int. J. Inf. Secur.

Self Cite

172

141

View full text Add to dashboard Cite

Information flow control (IFC) checks whether a program can leak secret data to public ports, or whether critical computations can be influenced from outside. But many IFC analyses are imprecise, as they are flow-insensitive, context-insensitive, or object-insensitive; resulting in false alarms. We argue that IFC must better exploit modern program analysis technology, and present an approach based on program dependence graphs (PDG). PDGs have been developed over the last 20 years as a standard device to represent information flow in a program, and today can handle realistic programs. In particular, our dependence graph generator for full Java bytecode is used as the basis for an IFC implementation which is more precise and needs less annotations than traditional approaches. We explain PDGs for sequential and multi-threaded programs, and explain precision gains due to flow-, context-, and object-sensitivity. We then augment PDGs with a lattice of security levels and introduce the flow equations for IFC. We describe algorithms for flow computation in detail and prove their correctness. We then extend flow equations to handle declassification, and prove that our algorithm respects monotonicity of release. Finally, examples demonstrate that our implementation can check realistic sequential programs in full Java bytecode.

show abstract

Section: Implementation and Preliminary Experiencementioning

confidence: 93%

“…In addition, we proposed an even stronger mechanism on top of PDGs, called path conditions [22,47,54,55]. Path conditions are necessary and precise conditions for flow x → * y, and reveal detailed circumstances of a flow in terms of conditions on program variables.…”

Section: Beyond Pdgsmentioning

confidence: 99%

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Hammer

Snelting

2009

Int. J. Inf. Secur.

Self Cite

172

141

View full text Add to dashboard Cite

show abstract

“…The novelty of our technique is as follows. While certain previous approaches [9,10,11] have used the transitive closure of the immediate-producer relation (which is known as a thin slice) to perform certain inexpensive, approximate analyses, ours is the first to our knowledge to use immediate producers within the overall context of a precise, path-sensitive analysis to skip localized regions of code conservatively.…”

Section: Our First Extensionmentioning

confidence: 99%

“…Sridharan et al originally proposed thin slicing to support program understanding and debugging tasks; they argued that thin slices were much smaller than full slices, while managing to include statements that are pertinent to program understanding and debugging tasks. Then, subsequently proposed approaches [11,10,9] have used the thin slice as a program abstraction (as opposed to using the full program) to carry out different kinds of analyses (not null-deference analysis, though). We did originally consider an approach similar to the ones referred to above.…”

Section: Comparison With a Simple Alternative Approachmentioning

confidence: 99%

“…This is done to find permissions for components such that these permissions are neither too restrictive nor too permissive. Hammer et al [11] propose an approach to identify potential run-time types of object references. All three techniques use thin slicing to identify all possible sources from which information flows (via transitive copy statements) into a given sink.…”

Section: Virtual Calls and Call-backsmentioning

confidence: 99%

See 1 more Smart Citation

Two techniques to improve the precision of a demand-driven null-dereference verification approach

Margoor

Komondoor

2015

Science of Computer Programming

View full text Add to dashboard Cite

The problem addressed in this paper is sound, scalable, demand-driven nulldereference verification for Java programs. Our approach consists conceptually of a base analysis, plus two major extensions for enhanced precision. The base analysis is a dataflow analysis wherein we propagate formulas in the backward direction from a given dereference, and compute a necessary condition at the entry of the program for the dereference to be potentially unsafe. The extensions are motivated by the presence of certain "difficult" constructs in real programs, e.g., virtual calls with too many candidate targets, and library method calls, which happen to need excessive analysis time to be analyzed fully. The base analysis is hence configured to skip such a difficult construct when it is encountered by dropping all information that has been tracked so far that could potentially be affected by the construct. Our extensions are essentially more precise ways to account for the effect of these constructs on information that is being tracked, without requiring full analysis of these constructs. The first extension is a novel scheme to transmit formulas along certain kinds of def-use edges, while the second extension is based on using manually constructed backwarddirection summary functions of library methods. We have implemented our approach, and applied it on a set of real-life benchmarks. The base analysis is on average able to declare about 84% of dereferences in each benchmark as safe, while the two extensions push this number up to 91%.

show abstract

Sparse Analysis of Variable Path Predicates Based upon SSA-Form

Heinze

Amme

2016

Leveraging Applications of Formal Methods, Verification and Validation: Foundational Techniques

View full text Add to dashboard Cite

Static path conditions for Java

Cited by 13 publications

References 37 publications

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Two techniques to improve the precision of a demand-driven null-dereference verification approach

Sparse Analysis of Variable Path Predicates Based upon SSA-Form

Contact Info

Product

Resources

About