In Fall/Winter 2013 we will be offering a new lecture on automated code analyses for large software systems. We will be discussing the most important algorithms to solve static code analysis problems efficiently and precisely, and will be presenting novel extensions of these algorithms that we have recently developed to address important real-world analysis problems like automatically detecting vulnerabilities in the Java Runtime Library (e.g. CVE_2012_4681).

This is an integrated lecture with 2 SWS and 4 CP. The lecture will take place Thursdays on 9:50-11:30 in room 3.1.01 at CASED and will comprise about 1h of lecture and 30 minutes of discussion of the weekly “homework” exercises. Exercises will consist of practical programming exercises to be solved in small teams. Over the course of the lecture, students are expected to solve through these exercises practical program-analysis problems using different techniques, exploring their tradeoffs during this process.

Preliminary outline:

The good old monotone framework:

• Intra-procedural dataflow analyses*
• Off-the-shelve call-graph and pointer analyses
• Inter-procedural dataflow analyses

Efficient Tabulation-based solvers:

• IFDS and IDE
• Weighted pushdown systems
• More expressive frameworks

Dealing with pointers and aliasing:

• Problem of context reification
• Integration of demand-driven pointer analyses

Scalability through summaries:

• Summarizing analysis information for frameworks and libraries
• Modeling pointers through alloc sites vs. access paths

Current and “eternal” limitations:

• Practical limitations to current client analyses
• Reflection, dynamic loading, eval

*) by the term “dataflow analyses” we here refer to general static code analyses, not just analyses related to information-flow

Reading Material:

• Thomas Reps, Susan Horwitz, and Mooly Sagiv. 1995. Precise interprocedural dataflow analysis via graph reachability. POPL ’95
• Shmuel Sagiv, Thomas W. Reps, and Susan Horwitz. 1995. Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation. TAPSOFT ’95
• Akash Lal, Thomas Reps, and Gogul Balakrishnan. 2005. Extended weighted pushdown systems. CAV 2005
• Nomair A. Naeem, Ondřej Lhoták, and Jonathan Rodriguez. 2010. Practical extensions to the IFDS algorithm. CC 2010
• Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick your contexts well: understanding object-sensitivity. POPL 2011
• Eric Bodden. 2012. Inter-procedural data-flow analysis with IFDS/IDE and Soot. SOAP 2012
• Rohan Padhye, Uday P. Khedker. Interprocedural Data Flow Analysis in Soot using Value Contexts. SOAP 2013

Cross-posted from SEEBlog

Christian Fritz has just submitted his Master Thesis on FlowDroid. It gives many additional details not mentioned in our earlier Tech Report. You can check it out here:

FlowDroid: A Precise and Scalable Data Flow Analysis for Android (Christian Fritz), Master thesis, TU Darmstadt, July 2013.

Cross-posted from SEEBlog

Stephan Huber (Fraunhofer SIT Darmstadt) and Siegfried Rasthofer (TU Darmstadt) discovered a security vulnerability in versions 2.0.0 – 2.0.5 of the security tool AppGuard Pro. A few weeks ago, we informed the vendor Backes SRT who has now fixed the vulnerability in the latest release. The vulnerability gives malicious apps full control of all settings in the AppGuard Pro application. The vulnerability not only allows such apps to bypass any and all of the tool’s security measures, on top of that the malicious apps can even misuse AppGuard Pro to convince the user into perceiving the malicious app as harmless. Users should download the update as soon as possible. Read the rest of this entry »

DroidBench 1.1 is released with new challenges:

• HashMapAccess1
• Button3
• LocationLeak3
• MultiHandlers1
• Ordering1
• RegisterGlobal1
• Unregister1
• Exceptions1
• Exceptions2
• Exceptions3
• Exceptions4
• ApplicationLifecycle1
• ApplicationLifecycle2
• ApplicationLifecycle3
• PrivateDataLeak3
• Library1
• Library2
• Obfuscation1
• Reflection1
• Reflection2
• Reflection3
• Reflection4

The README contains additional information. Currently, there are 61 challenges in DroidBench and you  are most welcome to contribute additional test cases to DroidBench. To do so, please fork the project, commit an appropriate Eclipse source project and APK, update the README.md and then send us a pull request. Thanks!

Cross-posted from SEEBlog