Successfully reported this slideshow.
Your SlideShare is downloading. ×

Getting to Know You: Towards a Capability Model for Java

Getting to Know You: Towards a Capability Model for Java

Download to read offline

Developing software from reusable libraries lets developers face a security dilemma: Either be efficient and reuse libraries as they are or inspect them, know about their resource usage, but possibly miss deadlines as reviews are a time consuming process. In this paper, we propose a novel capability inference mechanism for libraries written in Java. It uses a coarse-grained capability model for system resources that can be presented to developers. We found that the capability inference agrees by 86.81% on expectations towards capabilities that can be derived from project documentation. Moreover, our approach can find capabilities that cannot be discovered using project documentation. It is thus a helpful tool for developers mitigating the aforementioned dilemma.

Developing software from reusable libraries lets developers face a security dilemma: Either be efficient and reuse libraries as they are or inspect them, know about their resource usage, but possibly miss deadlines as reviews are a time consuming process. In this paper, we propose a novel capability inference mechanism for libraries written in Java. It uses a coarse-grained capability model for system resources that can be presented to developers. We found that the capability inference agrees by 86.81% on expectations towards capabilities that can be derived from project documentation. Moreover, our approach can find capabilities that cannot be discovered using project documentation. It is thus a helpful tool for developers mitigating the aforementioned dilemma.

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Getting to Know You: Towards a Capability Model for Java

  1. 1. Getting to Know You… Towards a Capability Model for Java Ben Hermann, Michael Reif, Michael Eichberg, and Mira Mezini ESEC/FSE 2015, Bergamo, Italy
  2. 2. Building Systems We don’t build systems from scratch. We need an ecosystem of reuse.
  3. 3. Building Systems We don’t build systems from scratch. Operating System CompilerVirtual Machine Libraries Frameworks We need an ecosystem of reuse.
  4. 4. Building Systems We don’t build systems from scratch. Operating System CompilerVirtual Machine Libraries Frameworks We need an ecosystem of reuse.
  5. 5. Libraries are Black Boxes
  6. 6. Libraries are Black Boxes
  7. 7. Libraries are Black Boxes
  8. 8. Libraries are Black Boxes
  9. 9. Libraries are Black Boxes
  10. 10. Libraries are Black Boxes
  11. 11. Inspiration
  12. 12. Inspiration
  13. 13. Transferring this to Java
  14. 14. Transferring this to Java
  15. 15. Transferring this to Java
  16. 16. Transferring this to Java
  17. 17. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  18. 18. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  19. 19. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  20. 20. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  21. 21. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  22. 22. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  23. 23. Capabilities CLASSLOADING CLIPBOARD DEBUG FS GUI NATIVE NET PRINT REFLECTION SECURITY SOUND SYSTEM UNSAFE INPUT
  24. 24. Reaching Capabilities 
 from Java Library Java Class Library (JCL) JCL native part OS library native part
  25. 25. Our Approach in a Nutshell Tag native methods of the JCL Build call graph Propagate capability tags Build footprint
  26. 26. Identifying Capabilities Bootstrapping the Analysis Reviewed native implementation Review documentation Consider package and method names List of tagged JCL native method stubs
  27. 27. Identifying Capabilities Bootstrapping the Analysis Reviewed native implementation Review documentation Consider package and method names List of tagged JCL native method stubs Provided in the paper artifact
  28. 28. Identifying Capabilities Capability # of Methods CLASSLOADING 24 CLIPBOARD 9 DEBUG 5 FS 377 GUI 449 INPUT 10 NATIVE 419 NET 274 PRINT 54 REFLECTION 78 SECURITY 14 SOUND 36 SYSTEM 126 UNSAFE 85 Some methods are annotated with more than one capability
  29. 29. Building the Call Graph Using OPAL Includes the JCL, the library and possibly a usage context Modified VTA No whole-program approach Determine more precise field types and method return types Goal: Most precise type information, yet efficient and scalable
  30. 30. Propagating Capabilities JCL LibraryNative
  31. 31. Propagating Capabilities {FS} {NET} {CL} {GUI} JCL LibraryNative
  32. 32. Propagating Capabilities {FS} {NET} {CL} {GUI} {NET} {NET} {FS} {FS} {FS} {GUI} {GUI} {CL,GUI}{CL} {CL} JCL LibraryNative
  33. 33. Propagating Capabilities {FS} {NET} {CL} {GUI} {NET} {NET} {FS} {FS} {FS} {GUI} {GUI} {CL,GUI}{CL} {CL} {FS, CL, GUI} {FS, CL, GUI} {FS, CL, GUI, NET} {FS, CL, GUI, NET} {NET} {NET} JCL LibraryNative
  34. 34. Propagating Capabilities void  someMethod(Object  o)  {   o.toString();   } … … (1.304 total) Effects of filters: 2.068.946 call edges reduced to 368.231 Same story for certain interface and abstract types
  35. 35. Evaluation Setup Developer expectation Qualitas Corpus subset (70 projects)
  36. 36. Evaluation Setup Developer expectation API Documentation Qualitas Corpus subset (70 projects)
  37. 37. Evaluation Setup Developer expectation API Documentation Expected library footprint Qualitas Corpus subset (70 projects)
  38. 38. Evaluation Setup Developer expectation API Documentation Expected library footprint Our analysis Observed library footprint Qualitas Corpus subset (70 projects)
  39. 39. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  40. 40. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  41. 41. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  42. 42. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  43. 43. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  44. 44. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  45. 45. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � �
  46. 46. Results �� ���� ���� �� �������������� ����� � � � � � � � � � � ������� � � � � � � � � ����� � � � � � � � � ����� � � � � � ���������� � � � � � � � � � � ����������� � � � � � � � � ���������������� � � � � � � � � � ����������� � � � � � � � ������������� � � � � � � � Full result set provided in the paper artifact
  47. 47. � � � � � � � Results 14.1% Excess � �� � � � � � � � � � � � � � � � � 86.8% Agreement 3.9% Miss
  48. 48. Why is this useful? ���������� ������ ������� � � � � � � � �������� ������ ������� � � � � � � � �������� ������� ������ � � � � � � � � � � ���� ������� ������ � � � � ����� ������ ������� � � � � � � � � � ��������� ������� ������ ����� ������ ������� � � � � � � � ��� ������ ������� � � � � � � � � � � � ������������� ������� ������ � � � � � ������������������� ������ ������ � ������������ ������ ������� � � � � � � � � � ���������������� ������ ������� � � � � � � � � ����� ������� ������ � � � � � ������������� ������� ������ � � ��������� ������ ������ � � � � � � � ������������ ������� ����� ���������� ������ ������� � � � � � � � � ����� ������ ������� � � � � � � � � � � ������� ������ ������� � � � � � � � � � � ��������� ������ ������� � � � � � � � � ���� ������� ������ � � � � � � � � � ����� ������ ������� � � � � � �� ���� ���� �� �������������� ����� ������ ������� � � � � � � � � � ������� ������� ������ � � � � � � � ����� ������ ������� � � � � � � � ����� ������� ������ � � � � ���������� ������ ������� � � � � � � � � � ����������� ������ ������� � � � � � � � ����������������� ������ ������� � � � � � � � � ����������� ������ ������� � � � � � � ������������� ������� ������ � � � � � � �������������������� ������ ������� � � � � � � � � ����������������� ������ ������ � � � � � ���������� ������ ������ � � � � � � � ������������ ������ ������� � � � � � � � � ��������������� ������ ������� � � � � � � � Found 2 methods that act as intermediaries for Class.forName() Depending on your context this may open your software for Confused Deputy attacks.
  49. 49. Where to go from here? Get developer expectations from developers Infer capabilities directly from the native implementation Slice libraries down to the used subset a.k.a. Future Work
  50. 50. Thanks and please try it out http://www.thewhitespace.de/projects/peaks/capmodel.html protip: no need to write this down, it is linked in the program @benhermann Follow me on Twitter You can: Use all our data Use our source code Reproduce our experiments

×