11,638 research outputs found
A Domain Analysis to Specify Design Defects and Generate Detection Algorithms
Quality experts often need to identify in software systems design defects, which are recurring design problems, that hinder development\ud
and maintenance. Consequently, several defect detection approaches\ud
and tools have been proposed in the literature. However, we are not\ud
aware of any approach that defines and reifies the process of generating\ud
detection algorithms from the existing textual descriptions of defects.\ud
In this paper, we introduce an approach to automate the generation\ud
of detection algorithms from specifications written using a domain-specific\ud
language. The domain-specific is defined from a thorough domain analysis.\ud
We specify several design defects, generate automatically detection\ud
algorithms using templates, and validate the generated detection\ud
algorithms in terms of precision and recall on Xerces v2.7.0, an\ud
open-source object-oriented system
Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries
Complexities that arise from implementation of object-oriented concepts in
C++ such as virtual dispatch and dynamic type casting have attracted the
attention of attackers and defenders alike.
Binary-level defenses are dependent on full and precise recovery of class
inheritance tree of a given program.
While current solutions focus on recovering single and multiple inheritances
from the binary, they are oblivious to virtual inheritance. Conventional wisdom
among binary-level defenses is that virtual inheritance is uncommon and/or
support for single and multiple inheritances provides implicit support for
virtual inheritance. In this paper, we show neither to be true.
Specifically, (1) we present an efficient technique to detect virtual
inheritance in C++ binaries and show through a study that virtual inheritance
can be found in non-negligible number (more than 10\% on Linux and 12.5\% on
Windows) of real-world C++ programs including Mysql and libstdc++. (2) we show
that failure to handle virtual inheritance introduces both false positives and
false negatives in the hierarchy tree. These false positves and negatives
either introduce attack surface when the hierarchy recovered is used to enforce
CFI policies, or make the hierarchy difficult to understand when it is needed
for program understanding (e.g., during decompilation). (3) We present a
solution to recover virtual inheritance from COTS binaries. We recover a
maximum of 95\% and 95.5\% (GCC -O0) and a minimum of 77.5\% and 73.8\% (Clang
-O2) of virtual and intermediate bases respectively in the virtual inheritance
tree.Comment: Accepted at CCS20. This is a technical report versio
JavaCompExt: Extracting Architectural Elements from Java Source Code
International audienceSoftware architecture erosion is a general problem in legacy software. To fight this trend, component models and languages are designed to try to make explicit, and automatically enforceable, the architectural decisions in terms of components, interfaces, and allowed communication channels between component interfaces. To help maintainers work on existing object-oriented systems, we explore the possibility of extracting architectural elements (components, communications, services, ...) from the source code. We designed a tool based on some heuristics for extracting component information from Java source code
- …