New Lecture in Fall: Automated Code Analysis for Large Software Systems (ACA)

Eric | July 12, 2013

In Fall/Winter 2013 we will be offering a new lecture on automated code analyses for large software systems. We will be discussing the most important algorithms to solve static code analysis problems efficiently and precisely, and will be presenting novel extensions of these algorithms that we have recently developed to address important real-world analysis problems like automatically detecting vulnerabilities in the Java Runtime Library (e.g. CVE_2012_4681).

This is an integrated lecture with 2 SWS and 4 CP. The lecture will take place Thursdays on 9:50-11:30 in room 3.1.01 at CASED and will comprise about 1h of lecture and 30 minutes of discussion of the weekly “homework” exercises. Exercises will consist of practical programming exercises to be solved in small teams. Over the course of the lecture, students are expected to solve through these exercises practical program-analysis problems using different techniques, exploring their tradeoffs during this process.

Preliminary outline:

The good old monotone framework:

  • Intra-procedural dataflow analyses*
  • Off-the-shelve call-graph and pointer analyses
  • Inter-procedural dataflow analyses

Efficient Tabulation-based solvers:

  • IFDS and IDE
  • Weighted pushdown systems
  • More expressive frameworks

Dealing with pointers and aliasing:

  • Problem of context reification
  • Integration of demand-driven pointer analyses

Scalability through summaries:

  • Summarizing analysis information for frameworks and libraries
  • Modeling pointers through alloc sites vs. access paths

Current and “eternal” limitations:

  • Practical limitations to current client analyses
  • Reflection, dynamic loading, eval

*) by the term “dataflow analyses” we here refer to general static code analyses, not just analyses related to information-flow

Reading Material:

  • Thomas Reps, Susan Horwitz, and Mooly Sagiv. 1995. Precise interprocedural dataflow analysis via graph reachability. POPL ’95
  • Shmuel Sagiv, Thomas W. Reps, and Susan Horwitz. 1995. Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation. TAPSOFT ’95
  • Akash Lal, Thomas Reps, and Gogul Balakrishnan. 2005. Extended weighted pushdown systems. CAV 2005
  • Nomair A. Naeem, Ondřej Lhoták, and Jonathan Rodriguez. 2010. Practical extensions to the IFDS algorithm. CC 2010
  • Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick your contexts well: understanding object-sensitivity. POPL 2011
  • Eric Bodden. 2012. Inter-procedural data-flow analysis with IFDS/IDE and Soot. SOAP 2012
  • Rohan Padhye, Uday P. Khedker. Interprocedural Data Flow Analysis in Soot using Value Contexts. SOAP 2013

Cross-posted from SEEBlog

Comments
Comments Off on New Lecture in Fall: Automated Code Analysis for Large Software Systems (ACA)
Categories
Research

Master Thesis on FlowDroid now available

Eric | July 12, 2013

Christian Fritz has just submitted his Master Thesis on FlowDroid. It gives many additional details not mentioned in our earlier Tech Report. You can check it out here:

FlowDroid: A Precise and Scalable Data Flow Analysis for Android (Christian Fritz), Master thesis, TU Darmstadt, July 2013.

Cross-posted from SEEBlog

Comments
Comments Off on Master Thesis on FlowDroid now available
Categories
Research

Responsible Disclosure: Darmstadt Researchers Discover Security Vulnerability in AppGuard Pro

Eric | July 8, 2013

Stephan Huber (Fraunhofer SIT Darmstadt) and Siegfried Rasthofer (TU Darmstadt) discovered a security vulnerability in versions 2.0.0 – 2.0.5 of the security tool AppGuard Pro. A few weeks ago, we informed the vendor Backes SRT who has now fixed the vulnerability in the latest release. The vulnerability gives malicious apps full control of all settings in the AppGuard Pro application. The vulnerability not only allows such apps to bypass any and all of the tool’s security measures, on top of that the malicious apps can even misuse AppGuard Pro to convince the user into perceiving the malicious app as harmless. Users should download the update as soon as possible. Read the rest of this entry »

Comments
Comments Off on Responsible Disclosure: Darmstadt Researchers Discover Security Vulnerability in AppGuard Pro
Categories
Research

DroidBench 1.1 is released!

Eric | July 2, 2013

DroidBench 1.1 is released with new challenges:

  • HashMapAccess1
  • Button3
  • LocationLeak3
  • MultiHandlers1
  • Ordering1
  • RegisterGlobal1
  • Unregister1
  • Exceptions1
  • Exceptions2
  • Exceptions3
  • Exceptions4
  • ApplicationLifecycle1
  • ApplicationLifecycle2
  • ApplicationLifecycle3
  • PrivateDataLeak3
  • Library1
  • Library2
  • Obfuscation1
  • Reflection1
  • Reflection2
  • Reflection3
  • Reflection4

The README contains additional information. Currently, there are 61 challenges in DroidBench and you  are most welcome to contribute additional test cases to DroidBench. To do so, please fork the project, commit an appropriate Eclipse source project and APK, update the README.md and then send us a pull request. Thanks!

Cross-posted from SEEBlog

Comments
Comments Off on DroidBench 1.1 is released!
Categories
Research

Professorship for Secure Software Engineering

Eric | July 1, 2013

Today I am officially starting my new position as a full “cooperative” professor for Secure Software Engineering at the Fraunhofer Institute for Secure Information Technology (SIT) and Technische Universität Darmstadt. About two years ago TU Darmstadt started establishing such professorships to foster scientific exchange with external research institutions such as Fraunhofer SIT. In addition to their basic research in an academic context, cooperative professors are meant to conduct  applied research, in large parts in collaboration with industry. At Fraunhofer SIT I plan to transition into practice some of the exciting research we have been conducting over the past few years.

More information here (in German)

Comments
Comments Off on Professorship for Secure Software Engineering
Categories
Misc, Research

Fraunhofer “Attract” grant for work on static code analysis

Eric | June 28, 2013

AttractThis month, the Fraunhofer Gesellschaft has approved my grant proposal within the Fraunhofer Attract program. The grant »Fraunhofer Attract« offers outstanding external scientists the opportunity to develop their ideas towards an actual application within an optimally equipped Fraunhofer institute operating close to the market. Goal of our project is to develop innovative code analysis tools to aid the engineering of more secure software products in the large. The grant totals to about 2.5 Million Euro, which will allow us to finance a number of new PhD students and/or postdocs for initially five years. The positions will be announced soon.

Comments
Comments Off on Fraunhofer “Attract” grant for work on static code analysis
Categories
Research

Presenting SPLlift

Eric | June 19, 2013

SPLliftToday Mira Mezini is presenting our new analysis approach SPLlift at PLDI, which allows the inter-procedural analysis of product lines in minutes instead of years.

Comments
Comments Off on Presenting SPLlift
Categories
Research

Trend- und Strategiebericht: Entwicklung sicherer Software durch Security by Design

Eric | June 6, 2013

TrendberichtAm heutigen Donnerstag veröffentlichen die vom BMBF geförderten drei Kompetenzzentren für IT-Sicherheit CISPA, Kastel und EC SPRIDE den Trend- und Strategiebericht Entwicklung sicherer Software durch Security by Design. Der Bericht vertritt die These, dass die Entwicklung und Integration sicherer Software nach dem Prinzip Security by Design ausgestaltet werden muss und benennt entsprechende Herausforderungen für eine praxisorientierte Forschungsagenda.

Comments
Comments Off on Trend- und Strategiebericht: Entwicklung sicherer Software durch Security by Design
Categories
Research

The Android Logging Service – A Dangerous Feature for User Privacy?

Eric | May 17, 2013

The Android logging mechanism is used by many Android applications. Even the Android framework uses this mechanism for outputting debug information. But does this logging mechanism also include private information? This article gives a short overview of the privacy-sensitive information that could be gathered from the Android logging mechanism. It also describes Google’s countermeasure of accessing the “log file” since Android 4.1 and what kind of possibilities an attacker still has. Read the rest of this entry »

Comments
Comments Off on The Android Logging Service – A Dangerous Feature for User Privacy?
Categories
Research

RV Deadline postponed

Eric | May 13, 2013

The deadline for the International Conference on Runtime Verification has been postponed to May 28th. This is your chance to submit another paper to RV!

Comments
Comments Off on RV Deadline postponed
Categories
Research