Cross-Language Taint Analysis: Generating Caller-Sensitive Native Code Specification for Java

IF 6.5 1区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING IEEE Transactions on Software Engineering Pub Date : 2024-03-27 DOI:10.1109/TSE.2024.3392254

Shuangxiang Kan;Yuhao Gao;Zexin Zhong;Yulei Sui

{"title":"Cross-Language Taint Analysis: Generating Caller-Sensitive Native Code Specification for Java","authors":"Shuangxiang Kan;Yuhao Gao;Zexin Zhong;Yulei Sui","doi":"10.1109/TSE.2024.3392254","DOIUrl":null,"url":null,"abstract":"Cross-language programming is a common practice within the software development industry, offering developers a multitude of advantages such as expressiveness, interoperability, and cross-platform compatibility, for developing large-scale applications. As an important example, JNI (Java Native Interface) programming is widely used in diverse scenarios where Java interacts with code written in other programming languages, such as C or C++. Conventional static analysis based on a single programming language faces challenges when it comes to tracing the flow of values across multiple modules that are coded in different programming languages. In this paper, we introduce CSS, a new \n<italic>Caller-Sensitive Specification</i>\n approach designed to enhance the static taint analysis of Java programs employing JNI to interface with C/C++ code. In contrast to conservative specifications, this approach takes into consideration the calling context of the invoked C/C++ functions (or cross-language context), resulting in more precise and concise specifications for the side effects of native code. Furthermore, CSS specifically enhances the capabilities of Java analyzers, enabling them to perform precise static taint analysis across language boundaries into native code. The experimental results show that CSS can accurately summarize value-flow information and enhance the ability of Java monolingual static analyzers for cross-language taint flow tracking.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":null,"pages":null},"PeriodicalIF":6.5000,"publicationDate":"2024-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10539620/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Cross-language programming is a common practice within the software development industry, offering developers a multitude of advantages such as expressiveness, interoperability, and cross-platform compatibility, for developing large-scale applications. As an important example, JNI (Java Native Interface) programming is widely used in diverse scenarios where Java interacts with code written in other programming languages, such as C or C++. Conventional static analysis based on a single programming language faces challenges when it comes to tracing the flow of values across multiple modules that are coded in different programming languages. In this paper, we introduce CSS, a new Caller-Sensitive Specification approach designed to enhance the static taint analysis of Java programs employing JNI to interface with C/C++ code. In contrast to conservative specifications, this approach takes into consideration the calling context of the invoked C/C++ functions (or cross-language context), resulting in more precise and concise specifications for the side effects of native code. Furthermore, CSS specifically enhances the capabilities of Java analyzers, enabling them to perform precise static taint analysis across language boundaries into native code. The experimental results show that CSS can accurately summarize value-flow information and enhance the ability of Java monolingual static analyzers for cross-language taint flow tracking.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

跨语言污点分析：生成对调用者敏感的 Java 本地代码规范

跨语言编程是软件开发行业的一种常见做法，它为开发人员开发大型应用程序提供了多种优势，如表现力、互操作性和跨平台兼容性。一个重要的例子是，JNI（Java 本地接口）编程被广泛应用于 Java 与其他编程语言（如 C 或 C++）编写的代码交互的各种场景中。传统的静态分析以单一编程语言为基础，在跟踪跨多个以不同编程语言编码的模块的数值流时面临挑战。在本文中，我们介绍了一种新的调用者敏感规范（Caller-Sensitive Specification）方法--CSS，该方法旨在加强对使用 JNI 与 C/C++ 代码接口的 Java 程序的静态污点分析。与保守的规范不同，这种方法考虑了被调用的 C/C++ 函数的调用上下文（或跨语言上下文），从而为本地代码的副作用提供了更精确、更简洁的规范。此外，CSS 还特别增强了 Java 分析器的能力，使它们能够跨语言边界对本地代码执行精确的静态污点分析。实验结果表明，CSS 可以准确总结值流信息，并增强 Java 单语言静态分析器的跨语言污点流跟踪能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Software Engineering 工程技术-工程：电子与电气

CiteScore

9.70

自引率

10.80%

发文量

724

审稿时长

6 months

期刊介绍： IEEE Transactions on Software Engineering seeks contributions comprising well-defined theoretical results and empirical studies with potential impacts on software construction, analysis, or management. The scope of this Transactions extends from fundamental mechanisms to the development of principles and their application in specific environments. Specific topic areas include: a) Development and maintenance methods and models: Techniques and principles for specifying, designing, and implementing software systems, encompassing notations and process models. b) Assessment methods: Software tests, validation, reliability models, test and diagnosis procedures, software redundancy, design for error control, and measurements and evaluation of process and product aspects. c) Software project management: Productivity factors, cost models, schedule and organizational issues, and standards. d) Tools and environments: Specific tools, integrated tool environments, associated architectures, databases, and parallel and distributed processing issues. e) System issues: Hardware-software trade-offs. f) State-of-the-art surveys: Syntheses and comprehensive reviews of the historical development within specific areas of interest.