Using Soot with custom entry points

Eric | July 26, 2012

When doing whole-program analysis with Soot, you will need to tell Soot what the entry points to your program are. Soot has always supported an option of custom entry points, which comes in handy when analyzing libraries, applets or apps that do not have a “main method”. However, as it turns out there was quite some confusion as to how to use the “custom entry points” feature. Admitted, it is more tricky than it maybe should be. This blog post is meant to clarify some of those issues. The following code shows you how to set a method MyEntryPoint.myMethod as entry point.

SootClass c = Scene.v().forceResolve("MyEntryPoint", SootClass.BODIES);
SootMethod method = c.getMethodByName("myMethod");
List entryPoints = new ArrayList();

Usually we recommend users to just call Soot’s very own main method after setting up the initial configuration. Note that in this particular case this is not recommended. The problem is that the above code is loading classes, which conflicts with the standard class-loading process that Soot’s main method implements. Instead above we call runPacks which will run all of Soot’s packs in the usual order. At the beginning of the above code, we call parse to parse the command-line arguments given to your driver class, forwarding those to Soot (as usual).

Thanks to Yi Lin, Marc-André Laverdière-Papineau, Phil Pratt-Szeliga and for helping me figure out how to get this work best.

Comments Off on Using Soot with custom entry points
Soot Tutorial

Distinguished Paper Award for paper on RefaFlex

Eric | July 19, 2012

We got the good news last night… The paper RefaFlex: Safer Refactorings for Reflective Java Programs by Andreas Thies from Fernuni Hagen and myself has won an ACM SIGSOFT Distinguished Paper Award. Other awards go to the papers Remedying the Eval that Men Do by Simon Holm Jensen, Peter A. Jonsson, and Anders Møller and Residual Investigation: Predictive and Precise Bug Detection by Kaituo Li, Christoph Reichenbach, Christoph Csallner, and Yannis Smaragdakis. Congrats!


DFG funds new Emmy Noether Group “RUNSECURE”

Eric | July 9, 2012

RUNSECURE is the acronym for a new research project on Provably secure program executions through declaratively defined dynamic program analyses, which the DFG is now funding for up to five years through its prestigious Emmy Noether Fellowship program. As the DFG writes, “The Emmy Noether Program supports young researchers in achieving independence at an early stage of their scientific careers. Young postdocs gain the qualifications required for a university teaching career during a DFG-funded period, usually lasting five years, in which they lead their own independent junior research group. As a rule, researchers who have acquired between two and four years of postdoctoral research experience are eligible to apply. Applicants must have international research experience.”


Modern software systems are rich in functionality but also prone to bugs and vulnerabilities that threaten the security and privacy of users and their data. In the past years, researchers have made significant progress in the static analysis of such systems, which allows developers to recognize and remove programming errors prior to deployment. Many vulnerabilities, however, can only be recognized as a piece of software executes, last but not least because also malicious attackers can use static-analysis tools to craft exploits in such a way that they circumvent static detection. A truly secure execution environment must therefore combine static analyses with just-in-time runtime analyses.

The project RUNSECURE will develop methods, techniques and tools that will allow software developers to reliably detect and security vulnerabilities and prevent them from being exploited. No matter how much an exploit tries to conceal its malicious intent, it can always be recognized when it is about to execute. At this point in time, one must be sure, however, that the executing exploit can be recognized and prevented from succeeding. To this end, the project will develop a novel programming language that allows developers to define dynamic program analyses and security monitors in a highly declarative manner. Analyses defined that way are then amenable to highly efficient automatic code generation and can easily be proven correct, due to their high level of abstraction.

This project is initially funded for three years, with possible extension up to five years. Thanks to everyone who supported my application!

Press Coverage

Comments Off on DFG funds new Emmy Noether Group “RUNSECURE”

ICS 2012: Dynamic Anomaly Detection for More Trustworthy Outsourced Computation

Eric | July 6, 2012

In a new publication for the Information Security Conference we describe how to securely offload computations from a private to a public cloud:

Abstract: A hybrid cloud combines a trusted private cloud with a public cloud owned by an untrusted cloud provider. This is problematic: When a hybrid cloud shifts computation from its private to its public part, it must trust the public part to execute the computation as intended. We show how public-cloud providers can use dynamic anomaly detection to increase their clients’ trust in outsourced computations. The client first defines the computation’s reference behavior by running an automated dynamic analysis in the private cloud. The cloud provider then generates an application profile when executing the outsourced computation for its client, persisted in tamper-proof storage. When in doubt, the client checks the profile against the recorded reference behavior. False positives are identified by re-executing the dubious computation in the trusted private cloud, and are used to re-fine the description of the reference behavior. The approach is fully automated. Using 3,000 harmless and 118 malicious inputs to different Java applications, we show that our approach is effective. In particular, different characterizations of behavior can yield anything from low numbers of false positives to low numbers of false negatives, effectively trading trustworthiness for computation cost in the private cloud.

Download the paper here.

Comments Off on ICS 2012: Dynamic Anomaly Detection for More Trustworthy Outsourced Computation

Now at TOPLAS: Partially evaluating finite-state runtime monitors ahead of time

Eric | July 4, 2012

Our TOPLAS paper has just appeared. Just 18 months turnaround time – given the 52 pages this was fast!

Comments Off on Now at TOPLAS: Partially evaluating finite-state runtime monitors ahead of time