卓陈
Uploaded by卓 陈
PPTX, PDF50 views

project-presentation

This document outlines a static analysis tool called File Access Reporter that analyzes which files a Java program may access. It uses both forward and backward dataflow analysis to track string values that may be passed to File constructors. The tool was tested on sample code and real code from GitHub with promising but limited results, as it cannot infer all possible values for fields, methods, or loops. The tool aims to inform developers about potential file accesses before running an application.

Embed presentation

Download to read offline
File Access Reporter Charles Chen
Outline • introduction • design & implementation • experiment result & limitation
Introduction • Security issue: File accessibility of a program • We all want to know what files an application would access • We want know the fact before running it • Simple static analysis tool • analysis files a JAVA program might access
Main idea • Assumption: a JAVA program would always using ”java.io.File” to operate on a file object • analysis possible String values reach File constructors
Forward V.S. Backward analysis • Forward: • track all strings • evaluate their values • record if they reach a File constructor • Backward: • start at File constructors • only record their arguments • evaluate arguments’ values backward Backward is less expensive! <entry> str = …str = … <exit> else then File file = new File(str); D
Binary Tree Representation & Lattice • solve Variables (VAR) to Values (VAL) • semi-lattice TOP MERGE VAR VAL S + L VAR VAL str + “literal”
Dynamic Substitution by Last Definition parDir = new File(“dir”); String suffix = “.txt”; String child = “impossible”; child = “aFile” + suffix; new File (parDir, child); parDir / child parDir / + aFile suffix parDir / + aFile .txt dir / + aFile .txt
Experiment Result – loop
Experiment result – loop2
Experiment Result – real code from github
Limitation • Local dataflow analysis • cannot infer possible values of a field • cannot infer possible values return by a method invocation • cannot estimate value in while loop when value is related to the times of iteration • e.g. while (c) { path += ”a” }; • Didn’t consider “File.rename()” method and “new File(URI uri)” constructor in current implementation

More Related Content

PPTX
Introduction to java
byAbhishekMondal42
 
PPTX
Rust meetup delhi nov 18
byAbhiram Ravikumar
 
PPTX
Java serialization
bySujit Kumar
 
PDF
Property based testing - Less is more
byHo Tien VU
 
PPT
RIBBUN SOFTWARE
bymosewoodward24
 
PPT
Introduction what is java
bysanjeeviniindia1186
 
PDF
Whats new in .NET for 2019
byRory Preddy
 
PDF
[@NaukriEngineering] CSS4 Selectors – Part 1
byNaukri.com
 
Introduction to java
byAbhishekMondal42
 
Rust meetup delhi nov 18
byAbhiram Ravikumar
 
Java serialization
bySujit Kumar
 
Property based testing - Less is more
byHo Tien VU
 
RIBBUN SOFTWARE
bymosewoodward24
 
Introduction what is java
bysanjeeviniindia1186
 
Whats new in .NET for 2019
byRory Preddy
 
[@NaukriEngineering] CSS4 Selectors – Part 1
byNaukri.com
 

What's hot

PPTX
Shellcode mastering
byPositive Hack Days
 
PDF
Practical Malware Analysis Ch13
bySam Bowne
 
PPTX
Python programming l2
byAishwarya Deshmukh
 
PDF
Open Source Tools and the Software Engineering Process
bySteve Arnold
 
PPTX
Tuples, Dicts and Exception Handling
byPranavSB
 
PPTX
02 beginning code first
byMaxim Shaptala
 
PDF
Can you TDD Rails?
byAndrzej Krzywda
 
PPTX
Tips to improve your code review
byWagner Mendes Voltz Fusca
 
PPTX
LINQ for absolute beginners
byVasistan Shakkaravarthi
 
Shellcode mastering
byPositive Hack Days
 
Practical Malware Analysis Ch13
bySam Bowne
 
Python programming l2
byAishwarya Deshmukh
 
Open Source Tools and the Software Engineering Process
bySteve Arnold
 
Tuples, Dicts and Exception Handling
byPranavSB
 
02 beginning code first
byMaxim Shaptala
 
Can you TDD Rails?
byAndrzej Krzywda
 
Tips to improve your code review
byWagner Mendes Voltz Fusca
 
LINQ for absolute beginners
byVasistan Shakkaravarthi
 

Similar to project-presentation

PPTX
chapter 2(IO and stream)/chapter 2, IO and stream
byamarehope21
 
PPTX
FILE MANAGEMENT.pptx
byjayashri kolekar
 
PDF
Files and data storage
byZaid Shabbir
 
PPTX
Data Structure Using C - FILES
byHarish Kamat
 
PPTX
Introduction to File System
bySanthiNivas
 
PPTX
randomaccess.pptxdfghjkoigyrsreuitttrdok
byabhinandpk2405
 
PPT
File handling
bySabahtHussein
 
PPTX
File concept and access method
byrajshreemuthiah
 
PPTX
OS Unit 4.pptx
byGautamBorana
 
PPTX
File handaling
byVishnuprabhu Gopalakrishnan
 
PPTX
File Concept.pptx fa s fasfasfasfsfsfasfasfas
byYuvarajY5
 
PPTX
C programming power point presentation c ppt.pptx
byMalligaarjunanN
 
PDF
file handling c++
byGuddu Spy
 
PPTX
File System Interface
bychandinisanz
 
PDF
Javase7 1641812
byVinay H G
 
PDF
Cpp lab 13_pres
byYouth For Peace
 
PDF
Java Week4(A) Notepad
byChaitanya Rajkumar Limmala
 
PPTX
File system1.pptx
bySamar954063
 
PPT
17 files and streams
byDocent Education
 
DOCX
CS101S. ThompsonUniversity of BridgeportLab 7 Files, File.docx
byannettsparrow
 
chapter 2(IO and stream)/chapter 2, IO and stream
byamarehope21
 
FILE MANAGEMENT.pptx
byjayashri kolekar
 
Files and data storage
byZaid Shabbir
 
Data Structure Using C - FILES
byHarish Kamat
 
Introduction to File System
bySanthiNivas
 
randomaccess.pptxdfghjkoigyrsreuitttrdok
byabhinandpk2405
 
File handling
bySabahtHussein
 
File concept and access method
byrajshreemuthiah
 
OS Unit 4.pptx
byGautamBorana
 
File handaling
byVishnuprabhu Gopalakrishnan
 
File Concept.pptx fa s fasfasfasfsfsfasfasfas
byYuvarajY5
 
C programming power point presentation c ppt.pptx
byMalligaarjunanN
 
file handling c++
byGuddu Spy
 
File System Interface
bychandinisanz
 
Javase7 1641812
byVinay H G
 
Cpp lab 13_pres
byYouth For Peace
 
Java Week4(A) Notepad
byChaitanya Rajkumar Limmala
 
File system1.pptx
bySamar954063
 
17 files and streams
byDocent Education
 
CS101S. ThompsonUniversity of BridgeportLab 7 Files, File.docx
byannettsparrow
 

project-presentation

  • 1.
  • 2.
    Outline • introduction • design& implementation • experiment result & limitation
  • 3.
    Introduction • Security issue:File accessibility of a program • We all want to know what files an application would access • We want know the fact before running it • Simple static analysis tool • analysis files a JAVA program might access
  • 4.
    Main idea • Assumption:a JAVA program would always using ”java.io.File” to operate on a file object • analysis possible String values reach File constructors
  • 5.
    Forward V.S. Backwardanalysis • Forward: • track all strings • evaluate their values • record if they reach a File constructor • Backward: • start at File constructors • only record their arguments • evaluate arguments’ values backward Backward is less expensive! <entry> str = …str = … <exit> else then File file = new File(str); D
  • 6.
    Binary Tree Representation& Lattice • solve Variables (VAR) to Values (VAL) • semi-lattice TOP MERGE VAR VAL S + L VAR VAL str + “literal”
  • 7.
    Dynamic Substitution byLast Definition parDir = new File(“dir”); String suffix = “.txt”; String child = “impossible”; child = “aFile” + suffix; new File (parDir, child); parDir / child parDir / + aFile suffix parDir / + aFile .txt dir / + aFile .txt
  • 8.
  • 9.
  • 10.
    Experiment Result –real code from github
  • 11.
    Limitation • Local dataflowanalysis • cannot infer possible values of a field • cannot infer possible values return by a method invocation • cannot estimate value in while loop when value is related to the times of iteration • e.g. while (c) { path += ”a” }; • Didn’t consider “File.rename()” method and “new File(URI uri)” constructor in current implementation