The Vulnerability Analysis of Java Bytecode Based on Points-to Dataflow
Today many developers use the Java components
collected from the Internet as external LIBs to design and
develop their own software. However, some unknown security
bugs may exist in these components, such as SQL injection bug
may comes from the components which have no specific check
for the input string by users. To check these bugs out is very
difficult without source code. So a novel method to check the
bugs in Java bytecode based on points-to dataflow analysis is in
need, which is different to the common analysis techniques base
on the vulnerability pattern check. It can be used as an assistant
tool for security analysis of Java bytecode from unknown
softwares which will be used as extern LIBs.
[1] Ed Roman and Rickard Oberg, The Business Benefits of EJB and J2EE
Technologies over COM+ and Windows DNA, 1999, The Middleware
Company
[2] W. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for
NEutralizing SQL-Injection Attacks. In Proceedings of the IEEE and
ACM International Conference on Automated Software Engineering
(ASE 2005), pages 174-183, Long Beach, CA, USA, Nov 2005
[3] Jlint: a security tool for checking Java source code to find bugs ,
http://artho.com/jlint/
[4] lapse: security analysis tool for J2EE applications,
http://suif.stanford.edu/~livshits/work/lapse/
[5] pmd: a security tool for checking Java source code to find bugs ,
http://pmd.sourceforge.net/
[6] findbugs: a security tool for checking Java code to find bugs ,
http://findbugs.sourceforge.net/
[7] M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive
interprocedural points-to analysis in the presence of function pointers. In
Proceedings of PLDI-94, pages 242-256, 1994
[8] N. Heintze and O. Tardieu. Demand-driven pointer analysis. In
Proceedings of PLDI-01, pages 24-34, 2001
[9] D. Liang, M. Pennings, and M. J. Harrold. Extending and evaluating
flow-insensitive and context-insensitive points-to analyses for Java. In
Proceedings of PASTE-01, pages 73-79, 2001
[10] J. Whaley and M. Lam. An efficient inclusion-based points-to analysis for
strictly-typed languages. In Static Analysis 9th International Symposium,
SAS 2002, volume 2477 of LNCS, pages 180-195, 2002.
[11] L. O. Andersen. Program Analysis and Specialization for the C
Programming Language. PhD thesis, University of Copenhagen, May
1994. (DIKU report 94/19).
[12] ¶ÇÇ▓¶Çüæ¶Çüç¶Ç⃶Çüò¶Çüê¶Çüì¶ÇÇâ¶ÇÇ»¶Çüï¶ÇüƶÇüù¶Çéìak. SPARK: A Flexible Points-to Analysis Framework for
Java. Montreal: McGill University, 2003.
[13] Soot: a Java optimization framework. http://www.sable.mcgill.ca/soot/.
[14] SAMATE test cases. http://www.samate.nist.gov/SRD /view.php
[1] Ed Roman and Rickard Oberg, The Business Benefits of EJB and J2EE
Technologies over COM+ and Windows DNA, 1999, The Middleware
Company
[2] W. Halfond and A. Orso. AMNESIA: Analysis and Monitoring for
NEutralizing SQL-Injection Attacks. In Proceedings of the IEEE and
ACM International Conference on Automated Software Engineering
(ASE 2005), pages 174-183, Long Beach, CA, USA, Nov 2005
[3] Jlint: a security tool for checking Java source code to find bugs ,
http://artho.com/jlint/
[4] lapse: security analysis tool for J2EE applications,
http://suif.stanford.edu/~livshits/work/lapse/
[5] pmd: a security tool for checking Java source code to find bugs ,
http://pmd.sourceforge.net/
[6] findbugs: a security tool for checking Java code to find bugs ,
http://findbugs.sourceforge.net/
[7] M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive
interprocedural points-to analysis in the presence of function pointers. In
Proceedings of PLDI-94, pages 242-256, 1994
[8] N. Heintze and O. Tardieu. Demand-driven pointer analysis. In
Proceedings of PLDI-01, pages 24-34, 2001
[9] D. Liang, M. Pennings, and M. J. Harrold. Extending and evaluating
flow-insensitive and context-insensitive points-to analyses for Java. In
Proceedings of PASTE-01, pages 73-79, 2001
[10] J. Whaley and M. Lam. An efficient inclusion-based points-to analysis for
strictly-typed languages. In Static Analysis 9th International Symposium,
SAS 2002, volume 2477 of LNCS, pages 180-195, 2002.
[11] L. O. Andersen. Program Analysis and Specialization for the C
Programming Language. PhD thesis, University of Copenhagen, May
1994. (DIKU report 94/19).
[12] ¶ÇÇ▓¶Çüæ¶Çüç¶Ç⃶Çüò¶Çüê¶Çüì¶ÇÇâ¶ÇÇ»¶Çüï¶ÇüƶÇüù¶Çéìak. SPARK: A Flexible Points-to Analysis Framework for
Java. Montreal: McGill University, 2003.
[13] Soot: a Java optimization framework. http://www.sable.mcgill.ca/soot/.
[14] SAMATE test cases. http://www.samate.nist.gov/SRD /view.php
@article{"International Journal of Information, Control and Computer Sciences:63105", author = "Tang Hong and Zhang Lufeng and Chen Hua and Zhang Jianbo", title = "The Vulnerability Analysis of Java Bytecode Based on Points-to Dataflow", abstract = "Today many developers use the Java components
collected from the Internet as external LIBs to design and
develop their own software. However, some unknown security
bugs may exist in these components, such as SQL injection bug
may comes from the components which have no specific check
for the input string by users. To check these bugs out is very
difficult without source code. So a novel method to check the
bugs in Java bytecode based on points-to dataflow analysis is in
need, which is different to the common analysis techniques base
on the vulnerability pattern check. It can be used as an assistant
tool for security analysis of Java bytecode from unknown
softwares which will be used as extern LIBs.", keywords = "Java bytecode, points-to dataflow, vulnerability analysis", volume = "3", number = "6", pages = "1645-4", }