scholarly journals Applications of Synchronized Pushdown Systems

2020 ◽  
pp. 19-45
Author(s):  
Johannes Späth
Keyword(s):  
Data Flow ◽  
Flow Analysis ◽  
Computational Effort ◽  
Pointer Analysis ◽  
Sensitive Data ◽  
Data Flow Analysis ◽  
Context Sensitive ◽  
Program Slice ◽  
Static Data ◽  
Per Se

AbstractA precise static data-flow analysis transforms the program into a context-sensitive and field-sensitive approximation of the program. It is challenging to design an analysis of this precision efficiently due to the fact that the analysis is undecidable per se. Synchronized pushdown systems (SPDS) present a highly precise approximation of context-sensitive and field-sensitive data-flow analysis. This chapter presents some data-flow analyses that SPDS can be used for. Further on, this chapter summarizes two other contributions of the thesis “Synchronized Pushdown System for Pointer and Data-Flow Analysis” called Boomerang and IDEal. Boomerang is a demand-driven pointer analysis that builds on top of SPDS and minimizes the highly computational effort of a whole-program pointer analysis by restricting the computation to the minimal program slice necessary for an individual query. IDEal is a generic and efficient framework for data-flow analyses, e.g., typestate analysis. IDEal resolves pointer relations automatically and efficiently by the help of Boomerang. This reduces the burden of implementing pointer relations into an analysis. Further on, IDEal performs strong updates, which makes the analysis sound and precise.

A Unified Model for Context-Sensitive Program Analyses:

2021 ◽  
Vol 54 (6) ◽  
pp. 1-37
Author(s):  
Swati Jaiswal ◽  
Uday P. Khedker ◽  
Alan Mycroft
Keyword(s):  
Program Analysis ◽  
Data Flow ◽  
Flow Analysis ◽  
Context Sensitivity ◽  
Unified Model ◽  
Top Down ◽  
Sensitive Data ◽  
Data Flow Analysis ◽  
Context Sensitive ◽  
Compute Data

Context-sensitive methods of program analysis increase the precision of interprocedural analysis by achieving the effect of call inlining. These methods have been defined using different formalisms and hence appear as algorithms that are very different from each other. Some methods traverse a call graph top-down, whereas some others traverse it bottom-up first and then top-down. Some define contexts explicitly, whereas some do not. Some of them directly compute data flow values, while some first compute summary functions and then use them to compute data flow values. Further, different methods place different kinds of restrictions on the data flow frameworks supported by them. As a consequence, it is difficult to compare the ideas behind these methods in spite of the fact that they solve essentially the same problem. We argue that these incomparable views are similar to those of blind men describing an elephant, called context sensitivity, and make it difficult for a non-expert reader to form a coherent picture of context-sensitive data flow analysis. We bring out this whole-elephant view of context sensitivity in program analysis by proposing a unified model of context sensitivity that provides a clean separation between computation of contexts and computation of data flow values. Our model captures the essence of context sensitivity and defines simple soundness and precision criteria for context-sensitive methods. It facilitates declarative specifications of context-sensitive methods, insightful comparisons between them, and reasoning about their soundness and precision. We demonstrate this by instantiating our model to many known context-sensitive methods.

PDroid: Detecting Privacy Leakage on Android

2014 ◽  
Vol 556-562 ◽  
pp. 2658-2662 ◽  
Author(s):  
Pu Han Zhang ◽  
Jing Zhe Li ◽  
Shuai Shao ◽  
Peng Wang
Keyword(s):  
Data Flow ◽  
Programming Model ◽  
Flow Analysis ◽  
Prototype System ◽  
Sensitive Information ◽  
Sensitive Data ◽  
Data Flow Analysis ◽  
Call Graph ◽  
Android Apps ◽  
Privacy Leakage

The prevalence of Android makes it face the severe security threats from malicious apps. Many Android malware can steal users’ sensitive data and leak them out. The data flow analysis is a popular technique used to detect privacy leakages by tracking the sensitive information flow statically. In practice, an effective data flow analysis should employ inter-procedure information tracking. However, the Android event-driven programming model brings a challenge to construct the call graph (CG) for a target app. This paper presents a method which employs the inter-procedural and context-sensitive data flow analysis to detect privacy leakage in Android apps. To make the analysis accurate, a flow-sensitive and points-to call target analysis is employed to construct and improve the call graph. A prototype system, called PDroid, has been implemented and applied to some real malware. The experiment shows that our method can effective detect the privacy leakages cross multiple method call instances.

Sign in / Sign up

Export Citation Format

Share Document