• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for datateknologi og informatikk
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for datateknologi og informatikk
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Simple static analysis techniques for Java - Using latent meaning to find security bugs

Karlsen, Edvard Kristoffer
Master thesis
Thumbnail
View/Open
12162_FULLTEXT.pdf (1.100Mb)
12162_ATTACHMENT.zip (96.64Mb)
12162_COVER.pdf (1.556Mb)
URI
http://hdl.handle.net/11250/2366595
Date
2015
Metadata
Show full item record
Collections
  • Institutt for datateknologi og informatikk [3872]
Abstract
Source code is rich with signs carrying meaning that is incomprehensible to a

compiler, but important to the human programmer. For instance, a compiler does

not understand that a variable named privateKey contains confidential data

and therefore must be treated with extra care, or that an array populated by a

cryptographically secure random number generator has properties that set it apart

from other arrays. I present two static analyses that explicitly model such latent

meaning, and use it to find bugs. Both analyses are simple; my aim is not to beat

the precision of state-of-the-art techniques, but rather to argue that much can be

done using simple techniques. To support this claim, I demonstrate the effectiveness

of both analyses on test cases from a well-known test suite and a selection

of other examples. Further, I argue that the analyses generalise to applications

beyond those I investigate. I have implemented the analyses in a proof-of-concept

tool, which I contribute as free and open source software.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit