Proceedings Article10.1109/SCAM.2008.17
Precise Analysis of Java Programs Using JOANA
Dennis Giffhorn,Christian Hammer +1 more
- 03 Oct 2008
- pp 267-268
TL;DR: This demonstration presents the JOANA plugin for the Eclipse framework, which can compute and navigate through dependence graphs for full Java bytecode, analyze Java programs with a broad range of slicing and chopping algorithms, and use precise algorithms for language-based security to check programs for information leaks.
read more
Abstract: The JOANA project (Java Object-sensitive ANAlysis) is a program analysis infrastructure for the Java language. It contains a wide range of analysis techniques such as dependence graph computation, slicing and chopping for sequential and concurrent programs, computation of path conditions and algorithms for software security. This demonstration presents the JOANA plugin for the Eclipse framework. In the current version, a user can compute and navigate through dependence graphs for full Java bytecode, analyze Java programs with a broad range of slicing and chopping algorithms, and use precise algorithms for language-based security to check programs for information leaks.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs
Christian Hammer,Gregor Snelting +1 more
TL;DR: It is argued that IFC must better exploit modern program analysis technology, and an approach based on program dependence graphs (PDG) is presented, which is more precise and needs less annotations than traditional approaches.
255
Type-Based Taint Analysis for Java Web Applications
Wei Huang,Yao Dong,Ana Milanova +2 more
- 05 Apr 2014
TL;DR: SFlow, a context-sensitive type system for secure information flow and SFlowInfer, a corresponding worst-case cubic inference analysis, which effectively handles reflection, libraries and frameworks, features notoriously difficult for dataflow and points-to-based taint analysis.
Multilingual Source Code Analysis: A Systematic Literature Review
TL;DR: This systematic literature review is to summarize state of the art and prominent areas for future research in multilingual source code analysis and its applications out of 3820 papers, filtered through multi-stage search criterion.
38
TS4J: a fluent interface for defining and computing typestate analyses
Eric Bodden
- 12 Jun 2014
TL;DR: This work explains the design of a pure-Java interface facilitating both the definition and evaluation of typestate analyses and shows how to design a fluent API in such a way that it also encapsulates actual computation, not just configuration.
13
•Dissertation
Compositional and Scheduler-Independent Information Flow Security
Henning Sudbrock
- 24 Mar 2013
TL;DR: The development of FSI-security and SIFUM-security is the first scheduler-independent information flow property that permits programs with nondeterministic behavior and programs whose control flow depends on secrets, and the security analysis based on SIFumb security is theFirst provably sound flow-sensitive information flow analysis for multi-threaded programs in the form of a security type system.
8
References
Language-based information-flow security
Andrei Sabelfeld,Andrew C. Myers +1 more
TL;DR: A structured view of research on information-flow security is given, particularly focusing on work that uses static program analysis to enforce information- flow policies, and some important open challenges are identified.
Extracting Meaning from Abbreviated Identifiers
Dawn Lawrie,Henry Feild,David Binkley +2 more
- 30 Sep 2007
TL;DR: The approach is used to improve the syntactic identification of violations to Deissenbock and Pizka's rules for concise and consistent identifier construction and evaluates the process on a code based of just over 35 million lines of code.
71
Barrier slicing and chopping
Jens Krinke
- 20 Oct 2003
TL;DR: This work presents an approach that can be used to 'filter' slices, which basically introduces 'barriers' which are not allowed to be passed during slice computation.
Intransitive Noninterference in Dependence Graphs
Christian Hammer,Jens Krinke,F. Nodes +2 more
- 15 Nov 2006
TL;DR: This paper defines a static analysis that allows intransitive noninterference in combination with context- sensitive analysis for Java bytecode programs and annotates information sources and sinks, which is the first IFC technique which is flow-, context-, and object- sensitive.
Static path conditions for Java
Christian Hammer,Rüdiger Schaade,Gregor Snelting +2 more
- 07 Jun 2008
TL;DR: Details of path condition generation for Java constructs, which leads to precise path conditions operating only on the program's variables, are presented, allowing leverage of automatic constraint solving.
Related Papers (5)
A. Szegedi,Tibor Gyimóthy +1 more
- 30 Sep 2005
Joseph A. Bank,Andrew C. Myers,Barbara Liskov +2 more
- 01 Jan 1997
Stephen N. Freund,John C. Mitchell +1 more
- 01 Oct 1998