Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Getting to Know You…
Towards a Capability Model for Java
Ben Hermann, Michael Reif,
Michael Eichberg, and Mira Mezini
ESEC...
Building Systems
We don’t build systems from scratch.
We need an ecosystem of reuse.
Building Systems
We don’t build systems from scratch.
Operating System
CompilerVirtual Machine
Libraries
Frameworks
We nee...
Building Systems
We don’t build systems from scratch.
Operating System
CompilerVirtual Machine
Libraries
Frameworks
We nee...
Libraries are Black Boxes
Libraries are Black Boxes
Libraries are Black Boxes
Libraries are Black Boxes
Libraries are Black Boxes
Libraries are Black Boxes
Inspiration
Inspiration
Transferring this to Java
Transferring this to Java
Transferring this to Java
Transferring this to Java
Capabilities
CLASSLOADING
CLIPBOARD
DEBUG
FS
GUI
NATIVE
NET
PRINT
REFLECTION
SECURITY
SOUND
SYSTEM
UNSAFE
INPUT
Capabilities
CLASSLOADING
CLIPBOARD
DEBUG
FS
GUI
NATIVE
NET
PRINT
REFLECTION
SECURITY
SOUND
SYSTEM
UNSAFE
INPUT
Capabilities
CLASSLOADING
CLIPBOARD
DEBUG
FS
GUI
NATIVE
NET
PRINT
REFLECTION
SECURITY
SOUND
SYSTEM
UNSAFE
INPUT
Capabilities
CLASSLOADING
CLIPBOARD
DEBUG
FS
GUI
NATIVE
NET
PRINT
REFLECTION
SECURITY
SOUND
SYSTEM
UNSAFE
INPUT
Capabilities
CLASSLOADING
CLIPBOARD
DEBUG
FS
GUI
NATIVE
NET
PRINT
REFLECTION
SECURITY
SOUND
SYSTEM
UNSAFE
INPUT
Capabilities
CLASSLOADING
CLIPBOARD
DEBUG
FS
GUI
NATIVE
NET
PRINT
REFLECTION
SECURITY
SOUND
SYSTEM
UNSAFE
INPUT
Capabilities
CLASSLOADING
CLIPBOARD
DEBUG
FS
GUI
NATIVE
NET
PRINT
REFLECTION
SECURITY
SOUND
SYSTEM
UNSAFE
INPUT
Reaching Capabilities 

from Java
Library
Java Class Library (JCL)
JCL native part
OS
library
native
part
Our Approach in a Nutshell
Tag native methods of the JCL
Build call graph
Propagate capability tags
Build footprint
Identifying Capabilities
Bootstrapping the Analysis
Reviewed native implementation
Review documentation
Consider package a...
Identifying Capabilities
Bootstrapping the Analysis
Reviewed native implementation
Review documentation
Consider package a...
Identifying Capabilities
Capability # of Methods
CLASSLOADING 24
CLIPBOARD 9
DEBUG 5
FS 377
GUI 449
INPUT 10
NATIVE 419
NE...
Building the Call Graph
Using OPAL
Includes the JCL, the library and possibly a
usage context
Modified VTA
No whole-program...
Propagating Capabilities
JCL LibraryNative
Propagating Capabilities
{FS}
{NET}
{CL}
{GUI}
JCL LibraryNative
Propagating Capabilities
{FS}
{NET}
{CL}
{GUI}
{NET}
{NET}
{FS}
{FS}
{FS}
{GUI}
{GUI}
{CL,GUI}{CL}
{CL}
JCL LibraryNative
Propagating Capabilities
{FS}
{NET}
{CL}
{GUI}
{NET}
{NET}
{FS}
{FS}
{FS}
{GUI}
{GUI}
{CL,GUI}{CL}
{CL}
{FS, CL, GUI}
{FS,...
Propagating Capabilities
void	
  someMethod(Object	
  o)	
  {	
  
o.toString();	
  
}
…
… (1.304 total)
Effects of filters:...
Evaluation Setup
Developer expectation
Qualitas Corpus subset (70 projects)
Evaluation Setup
Developer expectation
API Documentation
Qualitas Corpus subset (70 projects)
Evaluation Setup
Developer expectation
API Documentation
Expected library footprint
Qualitas Corpus subset (70 projects)
Evaluation Setup
Developer expectation
API Documentation
Expected library footprint
Our analysis
Observed library footprin...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
Results
�� ���� ���� �� ��������������
����� � � � � � � � � � �
������� � � � � � � � �
����� � � � � � � � �
����� � � �...
� �
� �
� �
�
Results
14.1%
Excess
� �� �
� � �
� � �
� � �
� � �
� � �
86.8%
Agreement
3.9%
Miss
Why is this useful?
���������� ������ ������� � � � � � � �
�������� ������ ������� � � � � � � �
�������� ������� ������ ...
Where to go from here?
Get developer expectations from developers
Infer capabilities directly from the native implementati...
Thanks and please try it out
http://www.thewhitespace.de/projects/peaks/capmodel.html
protip: no need to write this down, ...
Upcoming SlideShare
Loading in …5
×

Getting to Know You: Towards a Capability Model for Java

1,350 views

Published on

Developing software from reusable libraries lets developers face a security dilemma: Either be efficient and reuse libraries as they are or inspect them, know about their resource usage, but possibly miss deadlines as reviews are a time consuming process. In this paper, we propose a novel capability inference mechanism for libraries written in Java. It uses a coarse-grained capability model for system resources that can be presented to developers. We found that the capability inference agrees by 86.81% on expectations towards capabilities that can be derived from project documentation. Moreover, our approach can find capabilities that cannot be discovered using project documentation. It is thus a helpful tool for developers mitigating the aforementioned dilemma.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Getting to Know You: Towards a Capability Model for Java

  1. 1. Getting to Know You… Towards a Capability Model for Java Ben Hermann, Michael Reif, Michael Eichberg, and Mira Mezini ESEC/FSE 2015, Bergamo, Italy
  2. 2. Building Systems We don’t build systems from scratch. We need an ecosystem of reuse.
  3. 3. Building Systems We don’t build systems from scratch. Operating System CompilerVirtual Machine Libraries Frameworks We need an ecosystem of reuse.
  4. 4. Building Systems We don’t build systems from scratch. Operating System CompilerVirtual Machine Libraries Frameworks We need an ecosystem of reuse.
  5. 5. Libraries are Black Boxes
  6. 6. Libraries are Black Boxes
  7. 7. Libraries are Black Boxes
  8. 8. Libraries are Black Boxes
  9. 9. Libraries are Black Boxes
  10. 10. Libraries are Black Boxes
  11. 11. Inspiration
  12. 12. Inspiration
  13. 13. Transferring this to Java
  14. 14. Transferring this to Java
  15. 15. Transferring this to Java
  16. 16. Transferring this to Java
  17. 17. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  18. 18. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  19. 19. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  20. 20. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  21. 21. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  22. 22. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  23. 23. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  24. 24. Reaching Capabilities 
 from Java Library Java Class Library (JCL) JCL native part OS library native part
  25. 25. Our Approach in a Nutshell Tag native methods of the JCL Build call graph Propagate capability tags Build footprint
  26. 26. Identifying Capabilities Bootstrapping the Analysis Reviewed native implementation Review documentation Consider package and method names List of tagged JCL native method stubs
  27. 27. Identifying Capabilities Bootstrapping the Analysis Reviewed native implementation Review documentation Consider package and method names List of tagged JCL native method stubs Provided in the paper artifact
  28. 28. Identifying Capabilities Capability # of Methods CLASSLOADING 24 CLIPBOARD 9 DEBUG 5 FS 377 GUI 449 INPUT 10 NATIVE 419 NET 274 PRINT 54 REFLECTION 78 SECURITY 14 SOUND 36 SYSTEM 126 UNSAFE 85 Some methods are annotated with more than one capability
  29. 29. Building the Call Graph Using OPAL Includes the JCL, the library and possibly a usage context Modified VTA No whole-program approach Determine more precise field types and method return types Goal: Most precise type information, yet efficient and scalable
  30. 30. Propagating Capabilities JCL LibraryNative
  31. 31. Propagating Capabilities {FS} {NET} {CL} {GUI} JCL LibraryNative
  32. 32. Propagating Capabilities {FS} {NET} {CL} {GUI} {NET} {NET} {FS} {FS} {FS} {GUI} {GUI} {CL,GUI}{CL} {CL} JCL LibraryNative
  33. 33. Propagating Capabilities {FS} {NET} {CL} {GUI} {NET} {NET} {FS} {FS} {FS} {GUI} {GUI} {CL,GUI}{CL} {CL} {FS, CL, GUI} {FS, CL, GUI} {FS, CL, GUI, NET} {FS, CL, GUI, NET} {NET} {NET} JCL LibraryNative
  34. 34. Propagating Capabilities void  someMethod(Object  o)  {   o.toString();   } … … (1.304 total) Effects of filters: 2.068.946 call edges reduced to 368.231 Same story for certain interface and abstract types
  35. 35. Evaluation Setup Developer expectation Qualitas Corpus subset (70 projects)
  36. 36. Evaluation Setup Developer expectation API Documentation Qualitas Corpus subset (70 projects)
  37. 37. Evaluation Setup Developer expectation API Documentation Expected library footprint Qualitas Corpus subset (70 projects)
  38. 38. Evaluation Setup Developer expectation API Documentation Expected library footprint Our analysis Observed library footprint Qualitas Corpus subset (70 projects)
  39. 39. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  40. 40. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  41. 41. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  42. 42. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  43. 43. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  44. 44. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  45. 45. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  46. 46. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � � Full result set provided in the paper artifact
  47. 47. � � � � � � � Results 14.1% Excess � �� � � � � � � � � � � � � � � � � 86.8% Agreement 3.9% Miss
  48. 48. Why is this useful? ���������� ������ ������� � � � � � � � �������� ������ ������� � � � � � � � �������� ������� ������ � � � � � � � � � � ���� ������� ������ � � � � ����� ������ ������� � � � � � � � � � ��������� ������� ������ ����� ������ ������� � � � � � � � ��� ������ ������� � � � � � � � � � � � ������������� ������� ������ � � � � � ������������������� ������ ������ � ������������ ������ ������� � � � � � � � � � ���������������� ������ ������� � � � � � � � � ����� ������� ������ � � � � � ������������� ������� ������ � � ��������� ������ ������ � � � � � � � ������������ ������� ����� ���������� ������ ������� � � � � � � � � ����� ������ ������� � � � � � � � � � � ������� ������ ������� � � � � � � � � � � ��������� ������ ������� � � � � � � � � ���� ������� ������ � � � � � � � � � ����� ������ ������� � � � � � �� ���� ���� �� �������������� ����� ������ ������� � � � � � � � � � ������� ������� ������ � � � � � � � ����� ������ ������� � � � � � � � ����� ������� ������ � � � � ���������� ������ ������� � � � � � � � � � ����������� ������ ������� � � � � � � � ����������������� ������ ������� � � � � � � � � ����������� ������ ������� � � � � � � ������������� ������� ������ � � � � � � �������������������� ������ ������� � � � � � � � � ����������������� ������ ������ � � � � � ���������� ������ ������ � � � � � � � ������������ ������ ������� � � � � � � � � ��������������� ������ ������� � � � � � � � Found 2 methods that act as intermediaries for Class.forName() Depending on your context this may open your software for Confused Deputy attacks.
  49. 49. Where to go from here? Get developer expectations from developers Infer capabilities directly from the native implementation Slice libraries down to the used subset a.k.a. Future Work
  50. 50. Thanks and please try it out http://www.thewhitespace.de/projects/peaks/capmodel.html protip: no need to write this down, it is linked in the program @benhermann Follow me on Twitter You can: Use all our data Use our source code Reproduce our experiments

×