940 research outputs found
The Transitivity of Trust Problem in the Interaction of Android Applications
Mobile phones have developed into complex platforms with large numbers of
installed applications and a wide range of sensitive data. Application security
policies limit the permissions of each installed application. As applications
may interact, restricting single applications may create a false sense of
security for the end users while data may still leave the mobile phone through
other applications. Instead, the information flow needs to be policed for the
composite system of applications in a transparent and usable manner. In this
paper, we propose to employ static analysis based on the software architecture
and focused data flow analysis to scalably detect information flows between
components. Specifically, we aim to reveal transitivity of trust problems in
multi-component mobile platforms. We demonstrate the feasibility of our
approach with Android applications, although the generalization of the analysis
to similar composition-based architectures, such as Service-oriented
Architecture, can also be explored in the future
Understanding object-oriented source code from the behavioural perspective
Comprehension is a key activity that underpins a variety of software maintenance and engineering tasks. The task of understanding object-oriented systems is hampered by the fact that the code segments that are related to a user-level function tend to be distributed across the system. We introduce a tool-supported code extraction technique that addresses this issue. Given a minimal amount of information about a behavioural element of the system that is of interest (such as a use-case), it extracts a trail of the methods (and method invocations) through the system that are needed in order to achieve an understanding of the implementation of the element of interest. We demonstrate the feasibility of our approach by implementing it as part of a code extraction tool, presenting a case study and evaluating the approach and tool against a set of established criteria for program comprehension tools
The Java system dependence graph
The Program Dependence Graph was introduced by Ottenstein and Ottenstein in 1984 [14]. It was suggested to be a suitable internal program representation for monolithic programs, for the purpose of carrying out certain software engineering operations such as slicing and the computation of program metrics. Since then, Horwitz et al. have introduced the multi-procedural equivalent System Dependence Graph [9]. Many authors have proposed object-oriented dependence graph construction approaches [11, 10, 20, 12]. Every approach provides its own benefits, some of which are language specific. This paper is based on Java and combines the most important benefits from a range of approaches. The result is a Java System Dependence Graph, which summarises the key benefits offered by different approaches and adapts them (if necessary) to the Java language
Program Tailoring: Slicing by Sequential Criteria
Protocol and typestate analyses often report some sequences of
statements ending at a program point P that needs to be
scrutinized, since P may be erroneous or imprecisely
analyzed. Program slicing focuses only on the behavior at P by
computing a slice of the program affecting the values at P. In
this paper, we propose to restrict our attention to the subset of
that behavior at P affected by one or several statement
sequences, called a sequential criterion (SC). By leveraging the
ordering information in a SC, e.g., the temporal order in a few
valid/invalid API method invocation sequences, we introduce a
new technique, program tailoring, to compute a tailored program
that comprises the statements in all possible execution paths
passing through at least one sequence in SC in the given
order. With a prototyping implementation, Tailor, we show why
tailoring is practically useful by conducting two case studies on
seven large real-world Java applications. For program
debugging and understanding, Tailor can complement program
slicing by removing SC-irrelevant statements. For program
analysis, Tailor can enable a pointer analysis, which is
unscalable to a program, to perform a more focused and therefore
potentially scalable analysis to its specific parts containing
hard language features such as reflection
- …