Analysis of Java Programs Using Bytecode Based Frameworks

Java SDG(System dependence Graph) API and JOANA (Java Object-sensitive Analysis) are two bytecode based analysis frameworks available for analyzing object oriented java programs for different applications. In the present era, the continuous evolution of the customer expectations and requirements has resulted in the increase of size of the software. This arises the problems in maintaining software. Both the frameworks i.e Java SDG API and Joana consist of different variety of analysis techniques which are based on dependence graph generation and computation of slices of an input program. In our work, we make a comparative analysis study on the effectiveness and efficiency of both these above mentioned analysis frameworks in generating the corresponding intermediate dependence graph and computing slices. The dependence graph we have generated is SDG and we have used backward slicing approach in order to compute slices. The two-phase graph reachability algorithm is used in our work in case of Java SDG API in order to perform slicing. The two web start applications are used in order to generate and view SDG in case of Joana which are IFC console and Joana graph viewer. The analysis is based on the bytecode of the program under consideration. The experimental analysis shows that Joana can be extended for more diverse applications

Post-Mortem Dynamic analysis for software debugging

Ph.DDOCTOR OF PHILOSOPH

JoanAudit: A tool for auditing common injection vulnerabilities

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form of sanitization — by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit