The Experts below are selected from a list of 29817 Experts worldwide ranked by ideXlab platform
Andrei Perhinschi - One of the best experts on this subject based on the ideXlab platform.
-
on the capability of Static Code Analysis to detect security vulnerabilities
Information & Software Technology, 2015Co-Authors: Katerina Gosevapopstojanova, Andrei PerhinschiAbstract:Context: Static Analysis of source Code is a scalable method for discovery of software faults and security vulnerabilities. Techniques for Static Code Analysis have matured in the last decade and many tools have been developed to support automatic detection.Objective: This research work is focused on empirical evaluation of the ability of Static Code Analysis tools to detect security vulnerabilities with an objective to better understand their strengths and shortcomings.Method: We conducted an experiment which consisted of using the benchmarking test suite Juliet to evaluate three widely used commercial tools for Static Code Analysis. Using design of experiments approach to conduct the Analysis and evaluation and including statistical testing of the results are unique characteristics of this work. In addition to the controlled experiment, the empirical evaluation included case studies based on three open source programs.Results: Our experiment showed that 27% of C/C++ vulnerabilities and 11% of Java vulnerabilities were missed by all three tools. Some vulnerabilities were detected by only one or combination of two tools; 41% of C/C++ and 21% of Java vulnerabilities were detected by all three tools. More importantly, Static Code Analysis tools did not show statistically significant difference in their ability to detect security vulnerabilities for both C/C++ and Java. Interestingly, all tools had median and mean of the per CWE recall values and overall recall across all CWEs close to or below 50%, which indicates comparable or worse performance than random guessing. While for C/C++ vulnerabilities one of the tools had better performance in terms of probability of false alarm than the other two tools, there was no statistically significant difference among tools' probability of false alarm for Java test cases.Conclusions: Despite recent advances in methods for Static Code Analysis, the state-of-the-art tools are not very effective in detecting security vulnerabilities.
Roger Zimmermann - One of the best experts on this subject based on the ideXlab platform.
-
learning based methods for Code runtime complexity prediction
European Conference on Information Retrieval, 2020Co-Authors: Jagriti Sikka, Kushal Satya, Yaman Kumar, Shagun Uppal, Rajiv Ratn Shah, Roger ZimmermannAbstract:Predicting the runtime complexity of a programming Code is an arduous task. In fact, even for humans, it requires a subtle Analysis and comprehensive knowledge of algorithms to predict time complexity with high fidelity, given any Code. As per Turing’s Halting problem proof, estimating Code complexity is mathematically impossible. Nevertheless, an approximate solution to such a task can help developers to get real-time feedback for the efficiency of their Code. In this work, we model this problem as a machine learning task and check its feasibility with thorough Analysis. Due to the lack of any open source dataset for this task, we propose our own annotated dataset, (The complete dataset is available for use at https://github.com/midas-research/corcod-dataset/blob/master/README.md) CoRCoD: Code Runtime Complexity Dataset, extracted from online coding platforms. We establish baselines using two different approaches: feature engineering and Code embeddings, to achieve state of the art results and compare their performances. Such solutions can be highly useful in potential applications like automatically grading coding assignments, IDE-integrated tools for Static Code Analysis, and others.
-
learning based methods for Code runtime complexity prediction
arXiv: Learning, 2019Co-Authors: Jagriti Sikka, Kushal Satya, Yaman Kumar, Shagun Uppal, Rajiv Ratn Shah, Roger ZimmermannAbstract:Predicting the runtime complexity of a programming Code is an arduous task. In fact, even for humans, it requires a subtle Analysis and comprehensive knowledge of algorithms to predict time complexity with high fidelity, given any Code. As per Turing's Halting problem proof, estimating Code complexity is mathematically impossible. Nevertheless, an approximate solution to such a task can help developers to get real-time feedback for the efficiency of their Code. In this work, we model this problem as a machine learning task and check its feasibility with thorough Analysis. Due to the lack of any open source dataset for this task, we propose our own annotated dataset CoRCoD: Code Runtime Complexity Dataset, extracted from online judges. We establish baselines using two different approaches: feature engineering and Code embeddings, to achieve state of the art results and compare their performances. Such solutions can be widely useful in potential applications like automatically grading coding assignments, IDE-integrated tools for Static Code Analysis, and others.
Friedrich Grillenberger - One of the best experts on this subject based on the ideXlab platform.
-
Static Code Analysis of IEC 61131-3 Programs: Comprehensive Tool Support and Experiences from Large-Scale Industrial Application
IEEE Transactions on Industrial Informatics, 2017Co-Authors: Herbert Prähofer, Florian Angerer, Rudolf Ramler, Friedrich GrillenbergerAbstract:Static Code Analysis techniques examine programs without actually executing them. The main benefits lie in improving software quality by detecting problematic Code constructs and potential defects in early development stages. Today, Static Code Analysis is a widely used quality assurance technique and numerous tools are available for established programming languages like C/C++, Java, or C#. However, in the domain of programmable logic controller (PLC) programming, Static Code Analysis tools are still rare, although many properties of PLC programming languages are beneficial for Static Analysis techniques. Therefore, an approach and tool for Static Code Analysis of IEC 61131-3 programs has been developed which is capable of detecting a range of issues commonly occurring in PLC programming. The approach employs different Analysis methods, like pattern-matching on program structures, control flow and data flow analyses, and, especially, call graph and pointer Analysis techniques. Based on results from an initial Analysis project, where common issues for Static Analysis of PLC programs have been investigated, this paper illustrates adoption and extensions of Analysis techniques for PLC programs and presents results from large-scale industrial application.
-
Opportunities and challenges of Static Code Analysis of IEC 61131-3 programs
Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012), 2012Co-Authors: Herbert Prähofer, Florian Angerer, Rudolf Ramler, Hermann Lacheiner, Friedrich GrillenbergerAbstract:Static Code Analysis techniques analyze programs by examining the source Code without actually executing them. The main benefits lie in improving software quality by detecting potential defects and problematic Code constructs in early development stages. Today, Static Code Analysis is widely used and numerous tools are available for established programming languages like C/C++, Java, C# and others. However, in the domain of PLC programming, Static Code Analysis tools are still rare. In this paper we present an approach and tool support for Static Code Analysis of PLC programs. The paper discusses opportunities Static Code Analysis can offer for PLC programming, it reviews techniques for Static Analysis, and it describes our tool that implements a rule-based Analysis approach for IEC 61131-3 programs.
Gustavo Pinto - One of the best experts on this subject based on the ideXlab platform.
-
Spongebugs: Automatically generating fix suggestions in response to Static Code Analysis warnings
Journal of Systems and Software, 2020Co-Authors: Diego Marcilio, Carlo A. Furia, Rodrigo Bonifácio, Gustavo PintoAbstract:Abstract Static Code Analysis tools such as FindBugs and SonarQube are widely used on open-source and industrial projects to detect a variety of issues that may negatively affect the quality of software. Despite these tools’ popularity and high level of automation, several empirical studies report that developers normally fix only a small fraction (typically, less than 10% (Marcilio et al., 2019) of the reported issues—so-called “warnings”. If these Analysis tools could also automatically provide suggestions on how to fix the issues that trigger some of the warnings, their feedback would become more actionable and more directly useful to developers. In this work, we investigate whether it is feasible to automatically generate fix suggestions for common warnings issued by Static Code Analysis tools, and to what extent developers are willing to accept such suggestions into the Codebases they are maintaining. To this end, we implemented SpongeBugs, a Java program transformation technique that fixes 11 distinct rules checked by two well-known Static Code Analysis tools (SonarQube and SpotBugs). Fix suggestions are generated automatically based on templates, which are instantiated in a way that removes the source of the warnings; templates for some rules are even capable of producing multi-line patches. Based on the suggestions provided by SpongeBugs, we submitted 38 pull requests, including 946 fixes generated automatically by our technique for various open-source Java projects, including Eclipse UI – a core component of the Eclipse IDE – and both SonarQube and SpotBugs. Project maintainers accepted 87% of our fix suggestions (97% of them without any modifications). We further evaluated the applicability of our technique on software written by students and on a curated collection of bugs. All results indicate that our approach to generating fix suggestions is feasible, flexible, and can help increase the applicability of Static Code Analysis tools.
-
automatically generating fix suggestions in response to Static Code Analysis warnings
Source Code Analysis and Manipulation, 2019Co-Authors: Diego Marcilio, Carlo A. Furia, Rodrigo Bonifácio, Gustavo PintoAbstract:Static Code Analysis tools such as FindBugs and SonarQube are widely used on open-source and industrial projects to detect a variety of issues that may negatively affect the quality of software. Despite these tools' popularity and high level of automation, several empirical studies report that developers normally fix only a small fraction (typically, less than 10% [1]) of the reported issues—so-called "warnings". If these Analysis tools could also automatically provide suggestions on how to fix the issues that trigger some of the warnings, their feedback would become more actionable and more directly useful to developers. In this work, we investigate whether it is feasible to automatically generate fix suggestions for common warnings issued by Static Code Analysis tools, and to what extent developers are willing to accept such suggestions into the Codebases they're maintaining. To this end, we implemented a Java program transformation technique that fixes 11 distinct rules checked by two well-known Static Code Analysis tools (SonarQube and SpotBugs). Fix suggestions are generated automatically based on templates, which are instantiated in a way that removes the source of the warnings; templates for some rules are even capable of producing multi-line patches. We submitted 38 pull requests, including 920 fixes generated automatically by our technique for various open-source Java projects, including the Eclipse IDE and both SonarQube and SpotBugs tools. At the time of writing, project maintainers accepted 84% of our fix suggestions (95% of them without any modifications). These results indicate that our approach to generating fix suggestions is feasible, and can help increase the applicability of Static Code Analysis tools.
Thorsten Holz - One of the best experts on this subject based on the ideXlab platform.
-
experience report an empirical study of php security mechanism usage
International Symposium on Software Testing and Analysis, 2015Co-Authors: Johannes Dahse, Thorsten HolzAbstract:The World Wide Web mainly consists of web applications written in weakly typed scripting languages, with PHP being the most popular language in practice. Empirical evidence based on the Analysis of vulnerabilities suggests that security is often added as an ad-hoc solution, rather than planning a web application with security in mind during the design phase. Although some best-practice guidelines emerged, no comprehensive security standards are available for developers. Thus, developers often apply their own favorite security mechanisms for data sanitization or validation to prohibit malicious input to a web application. In the context of our development of a new Static Code Analysis tool for vulnerability detection, we studied commonly used input sanitization or validation mechanisms in 25 popular PHP applications. Our Analysis of 2.5 million lines of Code and over 26 thousand secured data flows provides a comprehensive overview of how developers utilize security mechanisms in practice regarding different markup contexts. In this paper, we discuss these security mechanisms in detail and reveal common pitfalls. For example, we found certain markup contexts and security mechanisms more frequently vulnerable than others. Our empirical study helps researchers, web developers, and tool developers to focus on error-prone markup contexts and security mechanisms in order to detect and mitigate vulnerabilities.
-
simulation of built in php features for precise Static Code Analysis
Network and Distributed System Security Symposium, 2014Co-Authors: Johannes Dahse, Thorsten HolzAbstract:The World Wide Web grew rapidly during the last decades and is used by millions of people every day for online shopping, banking, networking, and other activities. Many of these websites are developed with PHP, the most popular scripting language on the Web. However, PHP Code is prone to different types of critical security vulnerabilities that can lead to data leakage, server compromise, or attacks against an application's users. This problem can be addressed by analyzing the source Code of the application for security vulnerabilities before the application is deployed on a web server. In this paper, we present a novel approach for the precise Static Analysis of PHP Code to detect security vulnerabilities in web applications. As dismissed by previous work in this area, a comprehensive configuration and simulation of over 900 PHP built-in features allows us to precisely model the highly dynamic PHP language. By performing an intra- and inter-procedural data flow Analysis and by creating block and function summaries, we are able to efficiently perform a backward-directed taint Analysis for 20 different types of vulnerabilities. Furthermore, string Analysis enables us to validate sanitization in a context-sensitive manner. Our method is the first to perform fine-grained Analysis of the interaction between different types of sanitization, encoding, sources, sinks, markup contexts, and PHP settings. We implemented a prototype of our approach in a tool called RIPS. Our evaluation shows that RIPS is capable of finding severe vulnerabilities in popular real-world applications: we reported 73 previously unknown vulnerabilities in five well-known PHP applications such as phpBB, osCommerce, and the conference management software HotCRP.
