DROPS

Document

Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 23181)

Authors: Eric Bodden, Sam Weber, and Laurie Williams

Published in: Dagstuhl Reports, Volume 13, Issue 5 (2023)

Abstract

This report documents the program and the outcomes of Dagstuhl Seminar 23181 "Empirical Evaluation of Secure Development Processes". This was the second seminar on this subject. It brought together researchers and practitioners from the fields of software engineering, IT security and human factors, to discuss challenges and possible solutions with respect to empirically assessing secure engineering activities.

Cite as

Eric Bodden, Sam Weber, and Laurie Williams. Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 23181). In Dagstuhl Reports, Volume 13, Issue 5, pp. 1-21, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)

Copy BibTex To Clipboard

@Article{bodden_et_al:DagRep.13.5.1,
  author =	{Bodden, Eric and Weber, Sam and Williams, Laurie},
  title =	{{Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 23181)}},
  pages =	{1--21},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2023},
  volume =	{13},
  number =	{5},
  editor =	{Bodden, Eric and Weber, Sam and Williams, Laurie},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DagRep.13.5.1},
  URN =		{urn:nbn:de:0030-drops-193636},
  doi =		{10.4230/DagRep.13.5.1},
  annote =	{Keywords: Empirical assessment, Secure development lifecycle}
}

Document

DOI: 10.4230/LIPIcs.ECOOP.2021.2

Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis

Authors: Philipp Dominik Schubert, Ben Hermann, and Eric Bodden

Published in: LIPIcs, Volume 194, 35th European Conference on Object-Oriented Programming (ECOOP 2021)

Abstract

Static analysis is used to automatically detect bugs and security breaches, and aids compiler optimization. Whole-program analysis (WPA) can yield high precision, however causes long analysis times and thus does not match common software-development workflows, making it often impractical to use for large, real-world applications. This paper thus presents the design and implementation of ModAlyzer, a novel static-analysis approach that aims at accelerating whole-program analysis by making the analysis modular and compositional. It shows how to compute lossless, persisted summaries for callgraph, points-to and data-flow information, and it reports under which circumstances this function-level compositional analysis outperforms WPA. We implemented ModAlyzer as an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications. At analysis time, ModAlyzer modularly and losslessly summarizes the analysis effect of the library code those applications share, hence avoiding its repeated re-analysis. The experimental results show that the reuse of these summaries can save, on average, 72% of analysis time over WPA. Moreover, because it is lossless, the module-wise analysis fully retains precision and recall. Surprisingly, as our results show, it sometimes even yields precision superior to WPA. The initial summary generation, on average, takes about 3.67 times as long as WPA.

Cite as

Philipp Dominik Schubert, Ben Hermann, and Eric Bodden. Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis. In 35th European Conference on Object-Oriented Programming (ECOOP 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 194, pp. 2:1-2:31, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)

Copy BibTex To Clipboard

@InProceedings{schubert_et_al:LIPIcs.ECOOP.2021.2,
  author =	{Schubert, Philipp Dominik and Hermann, Ben and Bodden, Eric},
  title =	{{Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis}},
  booktitle =	{35th European Conference on Object-Oriented Programming (ECOOP 2021)},
  pages =	{2:1--2:31},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-190-0},
  ISSN =	{1868-8969},
  year =	{2021},
  volume =	{194},
  editor =	{M{\o}ller, Anders and Sridharan, Manu},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2021.2},
  URN =		{urn:nbn:de:0030-drops-140453},
  doi =		{10.4230/LIPIcs.ECOOP.2021.2},
  annote =	{Keywords: Inter-procedural static analysis, compositional analysis, LLVM, C/C++}
}

Document

DOI: 10.4230/LIPIcs.ECOOP.2021.19

Dealing with Variability in API Misuse Specification

Authors: Rodrigo Bonifácio, Stefan Krüger, Krishna Narasimhan, Eric Bodden, and Mira Mezini

Published in: LIPIcs, Volume 194, 35th European Conference on Object-Oriented Programming (ECOOP 2021)

Abstract

APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful consequences, especially in the context of cryptographic libraries. Various API-misuse detectors have been proposed to address this issue - including CogniCrypt, one of the most versatile of such detectors and that uses a language (CrySL) to specify cryptographic API usage contracts. Nonetheless, existing approaches to detect API misuse had not been designed for systematic reuse, ignoring the fact that different versions of a library, different versions of a platform, and different recommendations/guidelines might introduce variability in the correct usage of an API. Yet, little is known about how such variability impacts the specification of the correct API usage. This paper investigates this question by analyzing the impact of various sources of variability on widely used Java cryptographic libraries (including JCA/JCE, Bouncy Castle, and Google Tink). The results of our investigation show that sources of variability like new versions of the API and security standards significantly impact the specifications. We then use the insights gained from our investigation to motivate an extension to the CrySL language (named MetaCrySL), which builds on meta-programming concepts. We evaluate MetaCrySL by specifying usage rules for a family of Android versions and illustrate that MetaCrySL can model all forms of variability we identified and drastically reduce the size of a family of specifications for the correct usage of cryptographic APIs.

Cite as

Rodrigo Bonifácio, Stefan Krüger, Krishna Narasimhan, Eric Bodden, and Mira Mezini. Dealing with Variability in API Misuse Specification. In 35th European Conference on Object-Oriented Programming (ECOOP 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 194, pp. 19:1-19:27, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)

Copy BibTex To Clipboard

@InProceedings{bonifacio_et_al:LIPIcs.ECOOP.2021.19,
  author =	{Bonif\'{a}cio, Rodrigo and Kr\"{u}ger, Stefan and Narasimhan, Krishna and Bodden, Eric and Mezini, Mira},
  title =	{{Dealing with Variability in API Misuse Specification}},
  booktitle =	{35th European Conference on Object-Oriented Programming (ECOOP 2021)},
  pages =	{19:1--19:27},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-190-0},
  ISSN =	{1868-8969},
  year =	{2021},
  volume =	{194},
  editor =	{M{\o}ller, Anders and Sridharan, Manu},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2021.19},
  URN =		{urn:nbn:de:0030-drops-140621},
  doi =		{10.4230/LIPIcs.ECOOP.2021.19},
  annote =	{Keywords: API misuse, cryptographic API misuse detection, code generation, domain engineering, cryptographic standards}
}

Document

Tool Insights Paper

DOI: 10.4230/LIPIcs.ECOOP.2019.21

MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors (Tool Insights Paper)

Authors: Linghui Luo, Julian Dolby, and Eric Bodden

Published in: LIPIcs, Volume 134, 33rd European Conference on Object-Oriented Programming (ECOOP 2019)

Abstract

In the past, many static analyses have been created in academia, but only a few of them have found widespread use in industry. Those analyses which are adopted by developers usually have IDE support in the form of plugins, without which developers have no convenient mechanism to use the analysis. Hence, the key to making static analyses more accessible to developers is to integrate the analyses into IDEs and editors. However, integrating static analyses into IDEs is non-trivial: different IDEs have different UI workflows and APIs, expertise in those matters is required to write such plugins, and analysis experts are not typically familiar with doing this. As a result, especially in academia, most analysis tools are headless and only have command-line interfaces. To make static analyses more usable, we propose MagpieBridge - a general approach to integrating static analyses into IDEs and editors. MagpieBridge reduces the mxn complexity problem of integrating m analyses into n IDEs to m+n complexity because each analysis and type of plugin need be done just once for MagpieBridge itself. We demonstrate our approach by integrating two existing analyses, Ariadne and CogniCrypt, into IDEs; these two analyses illustrate the generality of MagpieBridge, as they are based on different program analysis frameworks - WALA and Soot respectively - for different application areas - machine learning and security - and different programming languages - Python and Java. We show further generality of MagpieBridge by using multiple popular IDEs and editors, such as Eclipse, IntelliJ, PyCharm, Jupyter, Sublime Text and even Emacs and Vim.

Cite as

Linghui Luo, Julian Dolby, and Eric Bodden. MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors (Tool Insights Paper). In 33rd European Conference on Object-Oriented Programming (ECOOP 2019). Leibniz International Proceedings in Informatics (LIPIcs), Volume 134, pp. 21:1-21:25, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2019)

Copy BibTex To Clipboard

@InProceedings{luo_et_al:LIPIcs.ECOOP.2019.21,
  author =	{Luo, Linghui and Dolby, Julian and Bodden, Eric},
  title =	{{MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors}},
  booktitle =	{33rd European Conference on Object-Oriented Programming (ECOOP 2019)},
  pages =	{21:1--21:25},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-111-5},
  ISSN =	{1868-8969},
  year =	{2019},
  volume =	{134},
  editor =	{Donaldson, Alastair F.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2019.21},
  URN =		{urn:nbn:de:0030-drops-108139},
  doi =		{10.4230/LIPIcs.ECOOP.2019.21},
  annote =	{Keywords: IDE, Tool Support, Static Analysis, Language Server Protocol}
}

Document

DOI: 10.4230/LIPIcs.ECOOP.2018.10

CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs

Authors: Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini

Published in: LIPIcs, Volume 109, 32nd European Conference on Object-Oriented Programming (ECOOP 2018)

Abstract

Various studies have empirically shown that the majority of Java and Android apps misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to detect such misuses early in the development process. To detect cryptography misuses, one must first define secure uses, a process mastered primarily by cryptography experts, and not by developers. In this paper, we present CrySL, a definition language for bridging the cognitive gap between cryptography experts and developers. CrySL enables cryptography experts to specify the secure usage of the cryptographic libraries that they provide. We have implemented a compiler that translates such CrySL specification into a context-sensitive and flow-sensitive demand-driven static analysis. The analysis then helps developers by automatically checking a given Java or Android app for compliance with the CrySL-encoded rules. We have designed an extensive CrySL rule set for the Java Cryptography Architecture (JCA), and empirically evaluated it by analyzing 10,000 current Android apps. Our results show that misuse of cryptographic APIs is still widespread, with 95% of apps containing at least one misuse. Our easily extensible CrySL rule set covers more violations than previous special-purpose tools with hard-coded rules, with our tooling offering a more precise analysis.

Cite as

Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. In 32nd European Conference on Object-Oriented Programming (ECOOP 2018). Leibniz International Proceedings in Informatics (LIPIcs), Volume 109, pp. 10:1-10:27, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2018)

Copy BibTex To Clipboard

@InProceedings{kruger_et_al:LIPIcs.ECOOP.2018.10,
  author =	{Kr\"{u}ger, Stefan and Sp\"{a}th, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira},
  title =	{{CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs}},
  booktitle =	{32nd European Conference on Object-Oriented Programming (ECOOP 2018)},
  pages =	{10:1--10:27},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-079-8},
  ISSN =	{1868-8969},
  year =	{2018},
  volume =	{109},
  editor =	{Millstein, Todd},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2018.10},
  URN =		{urn:nbn:de:0030-drops-92151},
  doi =		{10.4230/LIPIcs.ECOOP.2018.10},
  annote =	{Keywords: cryptography, domain-specific language, static analysis}
}

Document

DOI: 10.4230/DARTS.4.3.6

CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Artifact)

Authors: Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini

Published in: DARTS, Volume 4, Issue 3, Special Issue of the 32nd European Conference on Object-Oriented Programming (ECOOP 2018)

Abstract

In this artefact, we present CrySL, an extensible approach to validating the correct usage of cryptographic APIs. The artefact contains executables for CogniCrypt_{SAST}, the analysis CrySL-based analysis, along with the CrySL rules we used in in the original paper's experiments. We also provide scripts to re-run the experiments. We finally include a tutorial to showcase the CogniCrypt_{SAST} on a small Java target program.

Cite as

Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Artifact). In Special Issue of the 32nd European Conference on Object-Oriented Programming (ECOOP 2018). Dagstuhl Artifacts Series (DARTS), Volume 4, Issue 3, pp. 6:1-6:4, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2018)

Copy BibTex To Clipboard

@Article{kruger_et_al:DARTS.4.3.6,
  author =	{Kr\"{u}ger, Stefan and Sp\"{a}th, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira},
  title =	{{CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Artifact)}},
  pages =	{6:1--6:4},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2018},
  volume =	{4},
  number =	{3},
  editor =	{Kr\"{u}ger, Stefan and Sp\"{a}th, Johannes and Ali, Karim and Bodden, Eric and Mezini, Mira},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DARTS.4.3.6},
  URN =		{urn:nbn:de:0030-drops-92371},
  doi =		{10.4230/DARTS.4.3.6},
  annote =	{Keywords: cryptography, domain-specific language, static analysis}
}

Document

DOI: 10.4230/LIPIcs.ECOOP.2016.22

Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java

Authors: Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, and Eric Bodden

Published in: LIPIcs, Volume 56, 30th European Conference on Object-Oriented Programming (ECOOP 2016)

Abstract

Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis.

Cite as

Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, and Eric Bodden. Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java. In 30th European Conference on Object-Oriented Programming (ECOOP 2016). Leibniz International Proceedings in Informatics (LIPIcs), Volume 56, pp. 22:1-22:26, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2016)

Copy BibTex To Clipboard

@InProceedings{spath_et_al:LIPIcs.ECOOP.2016.22,
  author =	{Sp\"{a}th, Johannes and Nguyen Quang Do, Lisa and Ali, Karim and Bodden, Eric},
  title =	{{Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java}},
  booktitle =	{30th European Conference on Object-Oriented Programming (ECOOP 2016)},
  pages =	{22:1--22:26},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-014-9},
  ISSN =	{1868-8969},
  year =	{2016},
  volume =	{56},
  editor =	{Krishnamurthi, Shriram and Lerner, Benjamin S.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/LIPIcs.ECOOP.2016.22},
  URN =		{urn:nbn:de:0030-drops-61164},
  doi =		{10.4230/LIPIcs.ECOOP.2016.22},
  annote =	{Keywords: Demand-Driven; Static Analysis; IFDS; Aliasing; Points-to Analysis}
}

Document

DOI: 10.4230/DARTS.2.1.12

Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Artifact)

Authors: Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, and Eric Bodden

Published in: DARTS, Volume 2, Issue 1, Special Issue of the 30th European Conference on Object-Oriented Programming (ECOOP 2016)

Abstract

Evaluating pointer analyses with respect to soundness and precision has been a tedious task. Within this artifact we present PointerBench, the benchmark suite used in the paper to compare the pointer analysis Boomerang with two other demand-driven pointer analyses, SB [Sridharan and Bodik, 2006] and DA [Yan et al., 2011]. We show PointerBench can be used to test different pointer analyses. In addition to that, the artifact contains usage examples for Boomerang on simple test programs. The test programs and the input on these programs to Boomerang can be changed to experiment with the algorithm and its features. Additionally, the artifact contains the integration of Boomerang, SB, and DA into FlowDroid, which can then be executed on arbitrary Android applications.

Cite as

Johannes Späth, Lisa Nguyen Quang Do, Karim Ali, and Eric Bodden. Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Artifact). In Special Issue of the 30th European Conference on Object-Oriented Programming (ECOOP 2016). Dagstuhl Artifacts Series (DARTS), Volume 2, Issue 1, pp. 12:1-12:2, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2016)

Copy BibTex To Clipboard

@Article{spath_et_al:DARTS.2.1.12,
  author =	{Sp\"{a}th, Johannes and Nguyen Quang Do, Lisa and Ali, Karim and Bodden, Eric},
  title =	{{Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Artifact)}},
  pages =	{12:1--12:2},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2016},
  volume =	{2},
  number =	{1},
  editor =	{Sp\"{a}th, Johannes and Nguyen Quang Do, Lisa and Ali, Karim and Bodden, Eric},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops-dev.dagstuhl.de/entities/document/10.4230/DARTS.2.1.12},
  URN =		{urn:nbn:de:0030-drops-61334},
  doi =		{10.4230/DARTS.2.1.12},
  annote =	{Keywords: Demand-Driven; Static Analysis; IFDS; Aliasing; Points-to Analysis}
}

8 Search Results for "Bodden, Eric"

Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 23181)

Abstract

Cite as

Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis

Abstract

Cite as

Dealing with Variability in API Misuse Specification

Abstract

Cite as

MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors (Tool Insights Paper)

Abstract

Cite as

CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs

Abstract

Cite as

CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Artifact)

Abstract

Cite as

Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java

Abstract

Cite as

Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Artifact)

Abstract

Cite as

Thanks for your feedback!

Could not send message