Authors: Tang Hong, Zhang Lufeng, Chen Hua, Zhang Jianbo

Abstract:

Today many developers use the Java components collected from the Internet as external LIBs to design and develop their own software. However, some unknown security bugs may exist in these components, such as SQL injection bug may comes from the components which have no specific check for the input string by users. To check these bugs out is very difficult without source code. So a novel method to check the bugs in Java bytecode based on points-to dataflow analysis is in need, which is different to the common analysis techniques base on the vulnerability pattern check. It can be used as an assistant tool for security analysis of Java bytecode from unknown softwares which will be used as extern LIBs.

Keywords: Java bytecode, points-to dataflow, vulnerability analysis

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1334988

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1712

References:

[1] Ed Roman and Rickard Oberg, The Business Benefits of EJB and J2EE Technologies over COM+ and Windows DNA, 1999, The Middleware Company
[2] W. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks. In Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005), pages 174-183, Long Beach, CA, USA, Nov 2005
[3] Jlint: a security tool for checking Java source code to find bugs , http://artho.com/jlint/
[4] lapse: security analysis tool for J2EE applications, http://suif.stanford.edu/~livshits/work/lapse/
[5] pmd: a security tool for checking Java source code to find bugs , http://pmd.sourceforge.net/
[6] findbugs: a security tool for checking Java code to find bugs , http://findbugs.sourceforge.net/
[7] M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In Proceedings of PLDI-94, pages 242-256, 1994
[8] N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Proceedings of PLDI-01, pages 24-34, 2001
[9] D. Liang, M. Pennings, and M. J. Harrold. Extending and evaluating flow-insensitive and context-insensitive points-to analyses for Java. In Proceedings of PASTE-01, pages 73-79, 2001
[10] J. Whaley and M. Lam. An efficient inclusion-based points-to analysis for strictly-typed languages. In Static Analysis 9th International Symposium, SAS 2002, volume 2477 of LNCS, pages 180-195, 2002.
[11] L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, May 1994. (DIKU report 94/19).
[12] ¶ÇÇ▓¶Çüæ¶Çüç¶Ç⃶Çüò¶Çüê¶Çüì¶ÇÇâ¶ÇÇ»¶Çüï¶ÇüƶÇüù¶Çéìak. SPARK: A Flexible Points-to Analysis Framework for Java. Montreal: McGill University, 2003.
[13] Soot: a Java optimization framework. http://www.sable.mcgill.ca/soot/.
[14] SAMATE test cases. http://www.samate.nist.gov/SRD /view.php