Advertisement

Normalization of Java Source Codes

  • Léopold OuairyEmail author
  • Hélène Le-Bouder
  • Jean-Louis Lanet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)

Abstract

Security issues can be leveraged when input parameters are not checked. These missing checks can lead an application to an unexpected state where an attacker can get access to assets. The tool Chucky-ng aims at detecting such missing checks in source code. Such source codes are the only input required for ChuckyJava. Since it is sensible to the identifier names used in these source codes, we want to normalize them in order to improve its efficiency. To achieve this, we propose an algorithm which works in four steps. It renames constant, parameter, variable and method names. We evaluate the impact of this renaming on two different experiments. Since our results are concluding, we show the benefits of using our tool. Moreover, we suggest another new way to improve Chucky-ng.

Keywords

Applet security Identifier renaming Chucky-ng Java Card 

Supplementary material

References

  1. 1.
    Greenan, K.: Method-level code clone detection on transformed abstract syntax trees using sequence matching algorithms (2005)Google Scholar
  2. 2.
    Kuhn, A., Ducasse, S., Girba, T.: Semantic clustering: Identifying topics in source code. Inf. Softw. Technol. 49, 230–243 (2007)CrossRefGoogle Scholar
  3. 3.
    Maier, A.: Assisted discovery of vulnerabilities in source code by analyzing program slices (2015)Google Scholar
  4. 4.
    Ouairy, L., Le-Bouder, H., Lanet, J.: Protection des systemes face aux attaques par fuzzing (2018)Google Scholar
  5. 5.
    Pietig, A.: Functional specification of the OpenPGP application on ISO smart card operating systems (2004)Google Scholar
  6. 6.
    Sridhara, G., Hill, E., Pollock, L., Vijay-Shanker, K.: Identifying word relations in software: a comparative study of semantic similarity tools (2008)Google Scholar
  7. 7.
    Tairas, R., Gray, J.: Phoenix-based clone detection using suffix trees (2006)Google Scholar
  8. 8.
    Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery (2013)Google Scholar
  9. 9.
    Zhou, S., Stanciulescu, S., LeBenich, O., Xiong, Y., Wasowski, A., Kästner, C.: Identifying features in forks (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Léopold Ouairy
    • 1
    Email author
  • Hélène Le-Bouder
    • 2
  • Jean-Louis Lanet
    • 1
  1. 1.INRIARennesFrance
  2. 2.IMT-AtlantiqueRennesFrance

Personalised recommendations