TY - JOUR AB - AbstractMany critical codebases are written in C, and most of them use preprocessor directives to encode variability, effectively encoding software product lines. These preprocessor directives, however, challenge any static code analysis. SPLlift, a previously presented approach for analyzing software product lines, is limited to Java programs that use a rather simple feature encoding and to analysis problems with a finite and ideally small domain. Other approaches that allow the analysis of real-world C software product lines use special-purpose analyses, preventing the reuse of existing analysis infrastructures and ignoring the progress made by the static analysis community. This work presents VarAlyzer, a novel static analysis approach for software product lines. VarAlyzer first transforms preprocessor constructs to plain C while preserving their variability and semantics. It then solves any given distributive analysis problem on transformed product lines in a variability-aware manner. VarAlyzer ’s analysis results are annotated with feature constraints that encode in which configurations each result holds. Our experiments with 95 compilation units of OpenSSL show that applying VarAlyzer enables one to conduct inter-procedural, flow-, field- and context-sensitive data-flow analyses on entire product lines for the first time, outperforming the product-based approach for highly-configurable systems. AU - Schubert, Philipp AU - Gazzillo, Paul AU - Patterson, Zach AU - Braha, Julian AU - Schiebel, Fabian AU - Hermann, Ben AU - Wei, Shiyi AU - Bodden, Eric ID - 30511 IS - 1 JF - Automated Software Engineering KW - inter-procedural static analysis KW - software product lines KW - preprocessor KW - LLVM KW - C/C++ SN - 0928-8910 TI - Static data-flow analysis for software product lines in C VL - 29 ER - TY - JOUR AB - Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code execution (RCE) if the data to deserialize is originating from an untrusted source. Deserialization vulnerabilities are so critical that they are in OWASP’s list of top 10 security risks for web applications. This is mainly caused by faults in the development process of applications and by flaws in their dependencies, i.e., flaws in the libraries used by these applications. No previous work has studied deserialization attacks in-depth: How are they performed? How are weaknesses introduced and patched? And for how long are vulnerabilities present in the codebase? To yield a deeper understanding of this important kind of vulnerability, we perform two main analyses: one on attack gadgets, i.e., exploitable pieces of code, present in Java libraries, and one on vulnerabilities present in Java applications. For the first analysis, we conduct an exploratory large-scale study by running 256 515 experiments in which we vary the versions of libraries for each of the 19 publicly available exploits. Such attacks rely on a combination of gadgets present in one or multiple Java libraries. A gadget is a method which is using objects or fields that can be attacker-controlled. Our goal is to precisely identify library versions containing gadgets and to understand how gadgets have been introduced and how they have been patched. We observe that the modification of one innocent-looking detail in a class – such as making it public – can already introduce a gadget. Furthermore, we noticed that among the studied libraries, 37.5% are not patched, leaving gadgets available for future attacks. For the second analysis, we manually analyze 104 deserialization vulnerabilities CVEs to understand how vulnerabilities are introduced and patched in real-life Java applications. Results indicate that the vulnerabilities are not always completely patched or that a workaround solution is proposed. With a workaround solution, applications are still vulnerable since the code itself is unchanged. AU - Sayar, Imen AU - Bartel, Alexandre AU - Bodden, Eric AU - Le Traon, Yves ID - 33835 JF - ACM Transactions on Software Engineering and Methodology KW - Software SN - 1049-331X TI - An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities ER - TY - JOUR AU - Piskachev, Goran AU - Späth, Johannes AU - Budde, Ingo AU - Bodden, Eric ID - 33836 IS - 5 JF - Empirical Software Engineering TI - Fluently specifying taint-flow queries with fluentTQL VL - 27 ER - TY - CONF AU - Krishnamurthy, Ranjith AU - Piskachev, Goran AU - Bodden, Eric ID - 33838 TI - To what extent can we analyze Kotlin programs using existing Java taint analysis tools? ER - TY - CONF AU - Piskachev, Goran AU - Dziwok, Stefan AU - Koch, Thorsten AU - Merschjohann, Sven AU - Bodden, Eric ID - 33837 TI - How far are German companies in improving security through static program analysis tools? ER - TY - GEN AB - Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity of the findings, our objective was to understand the findings in more depth. We analyzed a set of 936 open-source Java applications for cryptographic misuses. Our study reveals that 88.10 % of the analyzed applications fail to use cryptographic APIs securely. Through our manual analysis of a random sample, we gained new insights into effective false positives. For example, every fourth misuse of the frequently misused JCA class MessageDigest is an effective false positive due to its occurrence in a non-security context. As we wanted to gain deeper insights into the security implications of these misuses, we created an extensive vulnerability model for cryptographic API misuses. Our model includes previously undiscussed attacks in the context of cryptographic APIs such as DoS attacks. This model reveals that nearly half of the misuses are of high severity, e.g., hard-coded credentials and potential Man-in-the-Middle attacks. AU - Wickert, Anna-Katharina AU - Baumgärtner, Lars AU - Schlichtig, Michael AU - Mezini, Mira ID - 33959 TI - To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild ER - TY - JOUR AB - Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult to compare and reproduce the results. To push Android taint analysis research forward, this paper thus recommends criteria for constructing real-world benchmark suites for this specific domain, and presents TaintBench, the first real-world malware benchmark suite with documented taint flows. TaintBench benchmark apps include taint flows with complex structures, and addresses static challenges that are commonly agreed on by the community. Together with the TaintBench suite, we introduce the TaintBench framework, whose goal is to simplify real-world benchmarking of Android taint analyses. First, a usability test shows that the framework improves experts’ performance and perceived usability when documenting and inspecting taint flows. Second, experiments using TaintBench reveal new insights for the taint analysis tools Amandroid and FlowDroid: (i) They are less effective on real-world malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources and sinks heavily impact the tools’ accuracy. (iii) Surprisingly, up-to-date versions of both tools are less accurate than their predecessors. AU - Luo, Linghui AU - Pauck, Felix AU - Piskachev, Goran AU - Benz, Manuel AU - Pashchenko, Ivan AU - Mory, Martin AU - Bodden, Eric AU - Hermann, Ben AU - Massacci, Fabio ID - 27045 JF - Empirical Software Engineering SN - 1382-3256 TI - TaintBench: Automatic real-world malware benchmarking of Android taint analyses ER - TY - THES AU - Luo, Linghui ID - 27158 TI - Improving Real-World Applicability of Static Taint Analysis ER - TY - JOUR AU - Stockmann, Lars AU - Laux, Sven AU - Bodden, Eric ID - 21595 JF - Journal of Automotive Software Engineering SN - 2589-2258 TI - Using Architectural Runtime Verification for Offline Data Analysis ER - TY - THES AU - Fischer, Andreas ID - 21596 TI - Computing on Encrypted Data using Trusted Execution Environments ER - TY - JOUR AU - Holzinger, Philipp AU - Bodden, Eric ID - 21597 JF - International Symposium on Advanced Security on Software and Systems (ASSS) TI - A Systematic Hardening of Java's Information Hiding ER - TY - JOUR AU - Bonifacio, Rodrigo AU - Krüger, Stefan AU - Narasimhan, Krishna AU - Bodden, Eric AU - Mezini, Mira ID - 21599 JF - European Conference on Object-Oriented Programming (ECOOP) TI - Dealing with Variability in API Misuse Specification ER - TY - CONF AU - Shivarpatna Venkatesh, Ashwin Prasad AU - Bodden, Eric ID - 22462 T2 - International Workshop on AI and Software Testing/Analysis (AISTA) TI - Automated Cell Header Generator for Jupyter Notebooks ER - TY - CONF AU - Kummita, Sriteja AU - Piskachev, Goran AU - Spath, Johannes AU - Bodden, Eric ID - 23374 T2 - 2021 International Conference on Code Quality (ICCQ) TI - Qualitative and Quantitative Analysis of Callgraph Algorithms for Python ER - TY - CONF AU - Karakaya, Kadiray AU - Bodden, Eric ID - 30084 T2 - 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) TI - SootFX: A Static Code Feature Extraction Tool for Java and Android ER - TY - CONF AB - Static analysis is used to automatically detect bugs and security breaches, and aids compileroptimization. Whole-program analysis (WPA) can yield high precision, however causes long analysistimes and thus does not match common software-development workflows, making it often impracticalto use for large, real-world applications.This paper thus presents the design and implementation ofModAlyzer, a novel static-analysisapproach that aims at accelerating whole-program analysis by making the analysis modular andcompositional. It shows how to computelossless, persisted summaries for callgraph, points-to anddata-flow information, and it reports under which circumstances this function-level compositionalanalysis outperforms WPA.We implementedModAlyzeras an extension to LLVM and PhASAR, and applied it to 12 real-world C and C++ applications. At analysis time,ModAlyzermodularly and losslessly summarizesthe analysis effect of the library code those applications share, hence avoiding its repeated re-analysis.The experimental results show that the reuse of these summaries can save, on average, 72% ofanalysis time over WPA. Moreover, because it is lossless, the module-wise analysis fully retainsprecision and recall. Surprisingly, as our results show, it sometimes even yields precision superior toWPA. The initial summary generation, on average, takes about 3.67 times as long as WPA. AU - Schubert, Philipp AU - Hermann, Ben AU - Bodden, Eric ID - 21598 T2 - European Conference on Object-Oriented Programming (ECOOP) TI - Lossless, Persisted Summarization of Static Callgraph, Points-To and Data-Flow Analysis ER - TY - JOUR AU - Dann, Andreas Peter AU - Plate, Henrik AU - Hermann, Ben AU - Ponta, Serena Elisa AU - Bodden, Eric ID - 31132 JF - IEEE Transactions on Software Engineering KW - Software SN - 0098-5589 TI - Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite ER - TY - CONF AU - Piskachev, Goran AU - Krishnamurthy, Ranjith AU - Bodden, Eric ID - 26407 T2 - 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) TI - SecuCheck: Engineering configurable taint analysis for software developers ER - TY - CONF AU - Luo, Linghui AU - Schäf, Martin AU - Sanchez, Daniel AU - Bodden, Eric ID - 22463 T2 - Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering TI - IDE Support for Cloud-Based Static Analyses ER - TY - CONF AU - Karakaya, Kadiray AU - Bodden, Eric ID - 33840 T2 - 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) TI - SootFX: A Static Code Feature Extraction Tool for Java and Android ER - TY - CONF AU - Schubert, Philipp AU - Hermann, Ben AU - Bodden, Eric AU - Leer, Richard ID - 26406 T2 - SCAM '21: IEEE International Working Conference on Source Code Analysis and Manipulation (Engineering Track) TI - Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++ ER - TY - CONF AU - Schubert, Philipp AU - Sattler, Florian AU - Schiebel, Fabian AU - Hermann, Ben AU - Bodden, Eric ID - 26405 T2 - 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM) TI - Modeling the Effects of Global Variables in Data-Flow Analysis for C/C++ ER - TY - JOUR AU - Geismann, Johannes AU - Bodden, Eric ID - 20507 JF - Journal of Systems and Software SN - 0164-1212 TI - A systematic literature review of model-driven security engineering for cyber–physical systems VL - 169 ER - TY - JOUR AU - Nguyen Quang Do, Lisa AU - Bodden, Eric ID - 20508 JF - IEEE Transactions on Software Engineering TI - Explaining Static Analysis with Rule Graphs ER - TY - CONF AU - Fischer, Andreas AU - Janneck, Jonas AU - Kussmaul, Jörn AU - Krätzschmar, Nikolas AU - Kerschbaum, Florian AU - Bodden, Eric ID - 20509 T2 - 2020 IEEE Computer Security Foundations Symposium (CSF) TI - PASAPTO: Policy-aware Security and Performance Trade-off Analysis - Computation on Encrypted Data with Restricted Leakage ER - TY - CONF AU - Benz, Manuel AU - Krogh Kristensen, Erik AU - Luo, Linghui AU - P. Borges Jr., Nataniel AU - Bodden, Eric AU - Zeller, Andreas ID - 20510 T2 - International Conference for Software Engineering (ICSE) TI - Heaps'n Leaks: How Heap Snapshots Improve Android Taint Analysis ER - TY - CONF AU - Fischer, Andreas AU - Fuhry, Benny AU - Kerschbaum, Florian AU - Bodden, Eric ID - 20511 T2 - Privacy Enhancing Technologies Symposium (PETS/PoPETS) TI - Computation on Encrypted Data using Dataflow Authentication ER - TY - CONF AU - Krüger, Stefan AU - Ali, Karim AU - Bodden, Eric ID - 20512 T2 - International Symposium on Code Generation and Optimization (CGO) TI - CogniCrypt_GEN - Generating Code for the Secure Usage of Crypto APIs ER - TY - THES AB - Frühere Studien haben empirisch offenbart, dass Fehlbenutzungen von kryptographischen APIs in Softwareanwendungen weitverbreitet sind. Dies geschieht vor allem, weil Software-Entwickler_innen aufgrund schlechten API-Designs und fehlenden Kryptographiewissens Probleme bekommen, wenn sie versuchen kryptographische Features zu implementieren. Die Literatur liefert mehrere Ansätze und Vorschläge diese Probleme zu lösen, aber alle scheitern schlussendlich auf die eine oder andere Weise daran die Anforderungen der Entwickler_innenzu erfüllen. Das Resultat ist eine insgesamt lückenhafte Landschaft verschiedener nur wenigkomplementärer Ansätze.In dieser Arbeit adressieren wir das Problem kryptographischer Fehlbenutzungen systematischer durch CogniCrypt. CogniCrypt integriert verschiedene Arten von Tool Supportin einen gemeinsamen Ansatz, der Entwickler_innen davon befreit wissen zu müssen, wie diese APIs benutzt werden müssen. Zentral für unseren Ansatz ist CrySL, eine Beschreibungssprache,die die kognitive Lücke zwischen Kryptographie-Expert_innen und Software-Entwickler_innenüberbrückt. CrySL ermöglicht es Kryptographie-Expert_innen zu spezifizeren, wie die APIs,die sie bereitstellen, richtig benutzt werden. Wir haben einen Compiler für CrySL implementiert, der es erlaubt auf CrySL-Spezifikationen aufbauenden Tool Support zu entwickeln. Wir haben weiterhin die statische Analyse CogniCrypt_SAST und den Code-Generator CogniCrypt_GEN entwickelt. Schlussendlich haben wir CogniCrypt prototypisch implementiert und diesen Prototyp in einem kontrollierten Experiment evaluiert. AU - Krüger, Stefan ID - 20513 TI - CogniCrypt -- The Secure Integration of Cryptographic Software ER - TY - CONF AU - Koch, Thorsten AU - Dziwok, Stefan AU - Holtmann, Jörg AU - Bodden, Eric ID - 20518 T2 - ACM/IEEE 23rd International Conference on Model Driven Engineering Languages and Systems (MODELS ’20) TI - Scenario-based Specification of Security Protocols and Transformation to Security Model Checkers ER - TY - THES AU - Gerking, Christopher ID - 20521 TI - Model-Driven Information Flow Security Engineering for Cyber-Physical Systems ER - TY - GEN AU - Schubert, Philipp AU - Bodden, Eric AU - Hermann, Ben ID - 20712 TI - Accelerating Static Call-Graph, Points-to and Data-Flow Analysis Through Persisted Summaries ER - TY - CHAP AB - Today, software systems are rarely developed monolithically, but may be composed of numerous individually developed features. Their modularization facilitates independent development and verification. While feature-based strategies to verify features in isolation have existed for years, they cannot address interactions between features. The problem with feature interactions is that they are typically unknown and may involve any subset of the features. Contrary, a family-based verification strategy captures feature interactions, but does not scale well when features evolve frequently. To the best of our knowledge, there currently exists no approach with focus on evolving features that combines both strategies and aims at eliminating their respective drawbacks. To fill this gap, we introduce Fefalution, a feature-family-based verification approach based on abstract contracts to verify evolving features and their interactions. Fefalution builds partial proofs for each evolving feature and then reuses the resulting partial proofs in verifying feature interactions, yielding a full verification of the complete software system. Moreover, to investigate whether a combination of both strategies is fruitful, we present the first empirical study for the verification of evolving features implemented by means of feature-oriented programming and by comparing Fefalution with another five family-based approaches varying in a set of optimizations. Our results indicate that partial proofs based on abstract contracts exhibit huge reuse potential, but also come with a substantial overhead for smaller evolution scenarios. AU - Knüppel, Alexander AU - Krüger, Stefan AU - Thüm, Thomas AU - Bubel, Richard AU - Krieter, Sebastian AU - Bodden, Eric AU - Schaefer, Ina ID - 20891 SN - 0302-9743 T2 - Lecture Notes in Computer Science TI - Using Abstract Contracts for Verifying Evolving Features and Their Interactions ER - TY - CONF AU - Piskachev, Goran AU - Nguyen Quang Do, Lisa AU - Johnson, Oshando AU - Bodden, Eric ID - 23376 T2 - 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) TI - SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods ER - TY - CHAP AU - Piskachev, Goran AU - Petrasch, Tobias AU - Späth, Johannes AU - Bodden, Eric ID - 23377 SN - 0302-9743 T2 - Lecture Notes in Computer Science TI - AuthCheck: Program-State Analysis for Access-Control Vulnerabilities ER - TY - THES AU - Holzinger, Philipp ID - 20522 TI - A Systematic Analysis and Hardening of the Java Security Architecture ER - TY - THES AU - Nguyen Quang Do, Lisa ID - 20524 TI - User-Centered Tool Design for Data-Flow Analysis ER - TY - CONF AU - Stockmann, Lars AU - Laux, Sven AU - Bodden, Eric ID - 20525 T2 - 2019 IEEE International Conference on Software Architecture Companion (ICSA-C) TI - Architectural Runtime Verification ER - TY - CONF AU - Hazhirpasand, Mohammadreza AU - Ghafari, Mohammad AU - Krüger, Stefan AU - Bodden, Eric AU - Nierstrasz, Oskar ID - 20527 SN - 1949-3770 T2 - 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) TI - The Impact of Developer Experience in Using Java Cryptography ER - TY - CONF AU - Piskachev, Goran AU - Petrasch, Tobias AU - Späth, Johannes AU - Bodden, Eric ID - 20528 T2 - 10th Workshop on Tools for Automatic Program Analysis (TAPAS) TI - AuthCheck: Program-state Analysis for Access-control Vulnerabilities ER - TY - CONF AU - Nachtigall, Marcus AU - Nguyen Quang Do, Lisa AU - Bodden, Eric ID - 20529 T2 - 1st International Workshop on Explainable Software (EXPLAIN) at ASE TI - Explaining Static Analysis -- A Perspective ER - TY - CONF AU - Luo, Linghui AU - Bodden, Eric AU - Späth, Johannes ID - 20531 T2 - IEEE/ACM International Conference on Automated Software Engineering (ASE 2019) TI - A Qualitative Analysis of Android Taint-Analysis Results ER - TY - CONF AU - Piskachev, Goran AU - Nguyen Quang Do, Lisa AU - Johnson, Oshando AU - Bodden, Eric ID - 20532 T2 - IEEE/ACM International Conference on Automated Software Engineering (ASE 2019), Tool Demo Track TI - SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods ER - TY - JOUR AU - Krüger, Stefan AU - Späth, Johannes AU - Ali, Karim AU - Bodden, Eric AU - Mezini, Mira ID - 20533 JF - IEEE Transactions on Software Engineering KW - Java KW - Encryption KW - Static analysis KW - Tools KW - Ciphers KW - Semantics KW - cryptography KW - domain-specific language KW - static analysis SN - 2326-3881 TI - CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs ER - TY - CONF AU - Piskachev, Goran AU - Nguyen Quang Do, Lisa AU - Bodden, Eric ID - 20534 T2 - ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) TI - Codebase-Adaptive Detection of Security-Relevant Methods ER - TY - CONF AU - Luo, Linghui AU - Dolby, Julian AU - Bodden, Eric ID - 20535 T2 - European Conference on Object-Oriented Programming (ECOOP) TI - MagpieBridge: A General Approach to Integrating Static Analyses into IDEs and Editors ER - TY - THES AU - Späth, Johannes ID - 20536 TI - Synchronized Pushdown Systems for Pointer and Data-Flow Analysis ER - TY - GEN AU - Piskachev, Goran AU - Nguyen, Lisa AU - Bodden, Eric ID - 20537 TI - Codebase-Adaptive Detection of Security-Relevant Methods ER - TY - CONF AU - Albert Gorski Iii, Sigmund AU - Andow, Benjamin AU - Nadkarni, Adwait AU - Manandhar, Sunil AU - Enck, William AU - Bodden, Eric AU - Bartel, Alexandre ID - 20538 KW - ITSECWEBSITE KW - CROSSING T2 - ACM Conference on Data and Application Security and Privacy (CODASPY 2019) TI - ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware ER - TY - JOUR AU - Späth, Johannes AU - Ali, Karim AU - Bodden, Eric ID - 20539 IS - POPL JF - Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages KW - ATTRACT KW - ITSECWEBSITE KW - CROSSING SN - 2475-1421 TI - Context-, Flow-, and Field-sensitive Data-flow Analysis Using Synchronized Pushdown Systems VL - 3 ER -