94 research outputs found
Partial Evaluation for Java Malware Detection
The fact that Java is platform independent gives hackers the opportunity to write exploits that can target users on any platform, which has a JVM implementation. Metasploit is a well-known source of Java exploits and to circumvent detection by Anti Virus (AV) software, obfuscation techniques are routinely applied to make an exploit more difficult to recognise. Popular obfuscation techniques for Java include string obfuscation and applying reflection to hide method calls; two techniques that can either be used together or independently. This paper shows how to apply partial evaluation to remove these obfuscations and thereby improve AV matching. The paper presents a partial evaluator for Jimple, which is a typed three-address code suitable for optimisation and program analysis, and also demonstrates how the residual Jimple code, when transformed back into Java, improves the detection rates of a number of commercial AV products
Software Protection
A computer system's security can be compromised in many ways a denial-of-service attack can make a server inoperable, a worm can destroy a user's private data, or an eavesdrop per can reap financial rewards by inserting himself in the communication link between a customer and her bank through a man-in-the-middle (MITM) attack. What all these scenarios have in common is that the adversary is an untrusted entity that attacks a system from the outside-we assume that the computers under attack are operated by benign and trusted users. But if we remove this assumption, if we allow anyone operating a computer system- from system administrators down to ordinary users-to compromise that system's security, we find ourselves in a scenario that has received comparatively little attention. Methods for protecting against MATE attacks are variously known as anti-tamper techniques, digital asset protection, or, more
Java Enterprise Edition Support in Search-Based JUnit Test Generation.
Many different techniques and tools for automated unit test generation target the Java programming languages due to its popularity. However, a lot of Javaâs popularity is due to its usage to develop enterprise applications with frameworks such as Java Enterprise Edition (JEE) or Spring. These frameworks pose challenges to the automatic generation of JUnit tests. In particular, code units (âbeansâ) are handled by external web containers (e.g., WildFly and GlassFish). Without considering how web containers initialize these beans, automatically generated unit tests would not represent valid scenarios and would be of little use. For example, common issues of bean initialization are dependency injection, database connection, and JNDI bean lookup. In this paper, we extend the EvoSuite search-based JUnit test generation tool to provide initial support for JEE applications. Experiments on 247 classes (the JBoss EAP tutorial examples) reveal an increase in code coverage, and demonstrate that our techniques prevent the generation of useless tests (e.g., tests where dependencies are not injected)
An analysis of inheritance hierarchy evolution
This research investigates the evolution of object-oriented inheritance hierarchies in open source, Java systems. The paper contributes an understanding of how hierarchies, particularly large complex hierarchies, evolve in âreal worldâ systems. It informs object-oriented design practices that aim to control or avoid these complicated design structures. The study is based on a detailed analysis of 665 inheritance hierarchies drawn from a total of 262 versions of 10 open source systems. The research contributions include that: i) the majority of inheritance hierarchies are âsimpleâ in structure and remain that way throughout their lifetimes ii) the majority of hierarchies are stable in terms of size and shape throughout their lifetimes iii) there is a minority of large, complex, branching âSubtreeâ hierarchies that continue to grow ever more complicated as the systems evolve iv) a detailed analysis of some of these larger hierarchies finds evidence of âgoodâ object-oriented design practices being used but also highlights the significant challenges involved in understanding and refactoring these complex structures. There is clear evidence that some of the complex hierarchies are emphasising reuse while others appear focused on type inheritance
Archiving Software Surrogates on the Web for Future Reference
Software has long been established as an essential aspect of the scientific
process in mathematics and other disciplines. However, reliably referencing
software in scientific publications is still challenging for various reasons. A
crucial factor is that software dynamics with temporal versions or states are
difficult to capture over time. We propose to archive and reference surrogates
instead, which can be found on the Web and reflect the actual software to a
remarkable extent. Our study shows that about a half of the webpages of
software are already archived with almost all of them including some kind of
documentation.Comment: TPDL 2016, Hannover, German
Running Experiments with Confidence and Sanity
Analyzing data from large experimental suites is a daily task for anyone doing experimental algorithmics. In this paper we report on several approaches we tried for this seemingly mundane task in a similarity search setting, reflecting on the challenges it poses. We conclude by proposing a workflow, which can be implemented using several tools, that allows to analyze experimental data with confidence. The extended version of this paper and the support code are provided at https://github.com/Cecca/running-experiments
- âŚ