Your search keyword '"Bodden, Eric"' showing total 9 results

1. Empirical Evaluation of Secure Development Processes (Dagstuhl Seminar 23181)

Author

Eric Bodden and Sam Weber and Laurie Williams, Bodden, Eric, Weber, Sam, Williams, Laurie, Eric Bodden and Sam Weber and Laurie Williams, Bodden, Eric, Weber, Sam, and Williams, Laurie

Abstract

This report documents the program and the outcomes of Dagstuhl Seminar 23181 "Empirical Evaluation of Secure Development Processes". This was the second seminar on this subject. It brought together researchers and practitioners from the fields of software engineering, IT security and human factors, to discuss challenges and possible solutions with respect to empirically assessing secure engineering activities.

Published

2023

2. Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis

Author

Schubert, Philipp Dominik, Hermann, Ben, and Bodden, Eric

Subjects

compositional analysis, Software and its engineering → Automated static analysis, LLVM, C/C++, Inter-procedural static analysis

Abstract

Static analysis is used to automatically detect bugs and security breaches, and aids compiler optimization. Whole-program analysis (WPA) can yield high precision, however causes long analysis times and thus does not match common software-development workflows, making it often impractical to use for large, real-world applications. This paper thus presents the design and implementation of ModAlyzer, a novel static-analysis approach that aims at accelerating whole-program analysis by making the analysis modular and compositional. It shows how to compute lossless, persisted summaries for callgraph, points-to and data-flow information, and it reports under which circumstances this function-level compositional analysis outperforms WPA. We implemented ModAlyzer as an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications. At analysis time, ModAlyzer modularly and losslessly summarizes the analysis effect of the library code those applications share, hence avoiding its repeated re-analysis. The experimental results show that the reuse of these summaries can save, on average, 72% of analysis time over WPA. Moreover, because it is lossless, the module-wise analysis fully retains precision and recall. Surprisingly, as our results show, it sometimes even yields precision superior to WPA. The initial summary generation, on average, takes about 3.67 times as long as WPA., LIPIcs, Vol. 194, 35th European Conference on Object-Oriented Programming (ECOOP 2021), pages 2:1-2:31

Published

2021

3. Dealing with Variability in API Misuse Specification

Author

Rodrigo Bonifácio and Stefan Krüger and Krishna Narasimhan and Eric Bodden and Mira Mezini, Bonifácio, Rodrigo, Krüger, Stefan, Narasimhan, Krishna, Bodden, Eric, Mezini, Mira, Rodrigo Bonifácio and Stefan Krüger and Krishna Narasimhan and Eric Bodden and Mira Mezini, Bonifácio, Rodrigo, Krüger, Stefan, Narasimhan, Krishna, Bodden, Eric, and Mezini, Mira

Abstract

APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful consequences, especially in the context of cryptographic libraries. Various API-misuse detectors have been proposed to address this issue - including CogniCrypt, one of the most versatile of such detectors and that uses a language (CrySL) to specify cryptographic API usage contracts. Nonetheless, existing approaches to detect API misuse had not been designed for systematic reuse, ignoring the fact that different versions of a library, different versions of a platform, and different recommendations/guidelines might introduce variability in the correct usage of an API. Yet, little is known about how such variability impacts the specification of the correct API usage. This paper investigates this question by analyzing the impact of various sources of variability on widely used Java cryptographic libraries (including JCA/JCE, Bouncy Castle, and Google Tink). The results of our investigation show that sources of variability like new versions of the API and security standards significantly impact the specifications. We then use the insights gained from our investigation to motivate an extension to the CrySL language (named MetaCrySL), which builds on meta-programming concepts. We evaluate MetaCrySL by specifying usage rules for a family of Android versions and illustrate that MetaCrySL can model all forms of variability we identified and drastically reduce the size of a family of specifications for the correct usage of cryptographic APIs.

Published

2021

4. Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis

Author

Philipp Dominik Schubert and Ben Hermann and Eric Bodden, Schubert, Philipp Dominik, Hermann, Ben, Bodden, Eric, Philipp Dominik Schubert and Ben Hermann and Eric Bodden, Schubert, Philipp Dominik, Hermann, Ben, and Bodden, Eric

Abstract

Static analysis is used to automatically detect bugs and security breaches, and aids compiler optimization. Whole-program analysis (WPA) can yield high precision, however causes long analysis times and thus does not match common software-development workflows, making it often impractical to use for large, real-world applications. This paper thus presents the design and implementation of ModAlyzer, a novel static-analysis approach that aims at accelerating whole-program analysis by making the analysis modular and compositional. It shows how to compute lossless, persisted summaries for callgraph, points-to and data-flow information, and it reports under which circumstances this function-level compositional analysis outperforms WPA. We implemented ModAlyzer as an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications. At analysis time, ModAlyzer modularly and losslessly summarizes the analysis effect of the library code those applications share, hence avoiding its repeated re-analysis. The experimental results show that the reuse of these summaries can save, on average, 72% of analysis time over WPA. Moreover, because it is lossless, the module-wise analysis fully retains precision and recall. Surprisingly, as our results show, it sometimes even yields precision superior to WPA. The initial summary generation, on average, takes about 3.67 times as long as WPA.

Published

2021

5. MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors (Tool Insights Paper)

Author

Linghui Luo and Julian Dolby and Eric Bodden, Luo, Linghui, Dolby, Julian, Bodden, Eric, Linghui Luo and Julian Dolby and Eric Bodden, Luo, Linghui, Dolby, Julian, and Bodden, Eric

Abstract

In the past, many static analyses have been created in academia, but only a few of them have found widespread use in industry. Those analyses which are adopted by developers usually have IDE support in the form of plugins, without which developers have no convenient mechanism to use the analysis. Hence, the key to making static analyses more accessible to developers is to integrate the analyses into IDEs and editors. However, integrating static analyses into IDEs is non-trivial: different IDEs have different UI workflows and APIs, expertise in those matters is required to write such plugins, and analysis experts are not typically familiar with doing this. As a result, especially in academia, most analysis tools are headless and only have command-line interfaces. To make static analyses more usable, we propose MagpieBridge - a general approach to integrating static analyses into IDEs and editors. MagpieBridge reduces the mxn complexity problem of integrating m analyses into n IDEs to m+n complexity because each analysis and type of plugin need be done just once for MagpieBridge itself. We demonstrate our approach by integrating two existing analyses, Ariadne and CogniCrypt, into IDEs; these two analyses illustrate the generality of MagpieBridge, as they are based on different program analysis frameworks - WALA and Soot respectively - for different application areas - machine learning and security - and different programming languages - Python and Java. We show further generality of MagpieBridge by using multiple popular IDEs and editors, such as Eclipse, IntelliJ, PyCharm, Jupyter, Sublime Text and even Emacs and Vim.

Published

2019

6. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs

Author

Stefan Krüger and Johannes Späth and Karim Ali and Eric Bodden and Mira Mezini, Krüger, Stefan, Späth, Johannes, Ali, Karim, Bodden, Eric, Mezini, Mira, Stefan Krüger and Johannes Späth and Karim Ali and Eric Bodden and Mira Mezini, Krüger, Stefan, Späth, Johannes, Ali, Karim, Bodden, Eric, and Mezini, Mira

Abstract

Various studies have empirically shown that the majority of Java and Android apps misuse cryptographic libraries, causing devastating breaches of data security. It is crucial to detect such misuses early in the development process. To detect cryptography misuses, one must first define secure uses, a process mastered primarily by cryptography experts, and not by developers. In this paper, we present CrySL, a definition language for bridging the cognitive gap between cryptography experts and developers. CrySL enables cryptography experts to specify the secure usage of the cryptographic libraries that they provide. We have implemented a compiler that translates such CrySL specification into a context-sensitive and flow-sensitive demand-driven static analysis. The analysis then helps developers by automatically checking a given Java or Android app for compliance with the CrySL-encoded rules. We have designed an extensive CrySL rule set for the Java Cryptography Architecture (JCA), and empirically evaluated it by analyzing 10,000 current Android apps. Our results show that misuse of cryptographic APIs is still widespread, with 95% of apps containing at least one misuse. Our easily extensible CrySL rule set covers more violations than previous special-purpose tools with hard-coded rules, with our tooling offering a more precise analysis.

Published

2018

7. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs (Artifact)

Author

Stefan Krüger and Johannes Späth and Karim Ali and Eric Bodden and Mira Mezini, Krüger, Stefan, Späth, Johannes, Ali, Karim, Bodden, Eric, Mezini, Mira, Stefan Krüger and Johannes Späth and Karim Ali and Eric Bodden and Mira Mezini, Krüger, Stefan, Späth, Johannes, Ali, Karim, Bodden, Eric, and Mezini, Mira

Abstract

In this artefact, we present CrySL, an extensible approach to validating the correct usage of cryptographic APIs. The artefact contains executables for CogniCrypt_{SAST}, the analysis CrySL-based analysis, along with the CrySL rules we used in in the original paper's experiments. We also provide scripts to re-run the experiments. We finally include a tutorial to showcase the CogniCrypt_{SAST} on a small Java target program.

Published

2018

8. Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java (Artifact)

Author

Johannes Späth and Lisa Nguyen Quang Do and Karim Ali and Eric Bodden, Späth, Johannes, Nguyen Quang Do, Lisa, Ali, Karim, Bodden, Eric, Johannes Späth and Lisa Nguyen Quang Do and Karim Ali and Eric Bodden, Späth, Johannes, Nguyen Quang Do, Lisa, Ali, Karim, and Bodden, Eric

Abstract

Evaluating pointer analyses with respect to soundness and precision has been a tedious task. Within this artifact we present PointerBench, the benchmark suite used in the paper to compare the pointer analysis Boomerang with two other demand-driven pointer analyses, SB [Sridharan and Bodik, 2006] and DA [Yan et al., 2011]. We show PointerBench can be used to test different pointer analyses. In addition to that, the artifact contains usage examples for Boomerang on simple test programs. The test programs and the input on these programs to Boomerang can be changed to experiment with the algorithm and its features. Additionally, the artifact contains the integration of Boomerang, SB, and DA into FlowDroid, which can then be executed on arbitrary Android applications.

Published

2016

9. Boomerang: Demand-Driven Flow- and Context-Sensitive Pointer Analysis for Java

Author

Johannes Späth and Lisa Nguyen Quang Do and Karim Ali and Eric Bodden, Späth, Johannes, Nguyen Quang Do, Lisa, Ali, Karim, Bodden, Eric, Johannes Späth and Lisa Nguyen Quang Do and Karim Ali and Eric Bodden, Späth, Johannes, Nguyen Quang Do, Lisa, Ali, Karim, and Bodden, Eric

Abstract

Many current program analyses require highly precise pointer information about small, tar- geted parts of a given program. This motivates the need for demand-driven pointer analyses that compute information only where required. Pointer analyses generally compute points-to sets of program variables or answer boolean alias queries. However, many client analyses require richer pointer information. For example, taint and typestate analyses often need to know the set of all aliases of a given variable under a certain calling context. With most current pointer analyses, clients must compute such information through repeated points-to or alias queries, increasing complexity and computation time for them. This paper presents Boomerang, a demand-driven, flow-, field-, and context-sensitive pointer analysis for Java programs. Boomerang computes rich results that include both the possible allocation sites of a given pointer (points-to information) and all pointers that can point to those allocation sites (alias information). For increased precision and scalability, clients can query Boomerang with respect to particular calling contexts of interest. Our experiments show that Boomerang is more precise than existing demand-driven pointer analyses. Additionally, using Boomerang, the taint analysis FlowDroid issues up to 29.4x fewer pointer queries compared to using other pointer analyses that return simpler pointer infor- mation. Furthermore, the search space of Boomerang can be significantly reduced by requesting calling contexts from the client analysis.

Published

2016