<?xml version="1.0" encoding="UTF-8"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
         xmlns:dc="http://purl.org/dc/terms/"
         xmlns:foaf="http://xmlns.com/foaf/0.1/"
         xmlns:bibo="http://purl.org/ontology/bibo/"
         xmlns:fabio="http://purl.org/spar/fabio/"
         xmlns:owl="http://www.w3.org/2002/07/owl#"
         xmlns:event="http://purl.org/NET/c4dm/event.owl#"
         xmlns:ore="http://www.openarchives.org/ore/terms/">

    <rdf:Description rdf:about="https://ris.uni-paderborn.de/record/57416">
        <ore:isDescribedBy rdf:resource="https://ris.uni-paderborn.de/record/57416"/>
        <dc:title>Tailoring Code Property Graphs to Jimple</dc:title>
        <bibo:authorList rdf:parseType="Collection">
            <foaf:Person>
                <foaf:name></foaf:name>
                <foaf:surname></foaf:surname>
                <foaf:givenname></foaf:givenname>
            </foaf:Person>
        </bibo:authorList>
        <bibo:abstract>The increased complexity of modern software has led to much more
sophisticated attack vectors. As a result, we require newer vulnerability detection
methods to ensure software security without compromising efficiency.
The Code Property Graph (CPG) is a program representation that provides a comprehensive overview of program behavior, combining abstract syntax trees, control flow
graphs, and program dependence graphs. With such a detailed data structure, we can
detect patterns that characterize known vulnerabilities and identify various security
threats. Querying the combined data structure instead of the individual graphs enables the detection of multidimensional scenarios.
This work aims to integrate the advantages of CPGs into software systems that utilize
the Jimple intermediate representation. We introduce JimNode, a novel approach for
generating CPGs specifically tailored to Jimple. Despite the model incompatibility, our
evaluation, which covered approximately 50,800 methods, reveals an 88.07% similarity
of the inter-statement edges compared to Joern, the state-of-the-art tool for CPG
generation. We provide a detailed analysis of our methodology and discuss why it is
better suited for Jimple programs than Joern’s language-agnostic approach.</bibo:abstract>
        <dc:publisher>Paderborn University</dc:publisher>
        <dc:format>application/pdf</dc:format>
        <ore:aggregates rdf:resource="https://ris.uni-paderborn.de/download/57416/57444/Bachelor_Thesis__Michael_Youkeim_unsigned.pdf"/>
    </rdf:Description>
</rdf:RDF>