[Soot-list] looking at the fields
Richard L. Halpert
richhal22 at gmail.com
Thu Jan 13 20:26:04 EST 2011
Dani,
The way you have described your goal, it sounds like what you want is
a context-sensitive, flow-sensitive whole-program data flow analysis.
However, I think you'll find that such a thing would take too much
time and memory to compute. You need to find a way to relax some of
your requirements to make the problem tractable. For example, instead
of trying to determine that "when emailList is used in
publishToPublicSink, emailList is already High security," try to
determine if emailList is ever high security AND ever published to a
public location.
Your problem reminds me very much of ThreadLocalObjectAnalysis (in the
soot.jimple.toolkits.thread package). In this problem, an initial set
of fields of a given class are marked as "Local" or "Shared" (based on
rules related to multithreading). Then, a context-sensitive but
flow-INSENSITIVE interprocedural analysis is used to create a graph of
data flow in the application starting from that class
(soot.jimple.toolkits.infoflow). Next, the "Local" and "Shared"
labels are propagated through that graph. In your case, if one of the
fields you identify as High Security turns out to be "Shared", it
would be considered a security breach.
If this sounds like an approach that would work for you, I encourage
you to take a look at
soot.jimple.toolkits.infoflow.ClassLocalObjectsAnalysis, which does
the work of labeling and some of the work of propagating the labels.
In that same package, InfoFlowAnalysis, ClassInfoFlowAnalysis, and
SmartMethodInfoFlowAnalysis build the whole-program data flow graph.
How these classes work is described in my thesis:
http://www.sable.mcgill.ca/publications/thesis/#richardsMastersThesis.
I'd also be happy to answer any questions you may have.
-Richard
On Mon, Jan 10, 2011 at 5:06 AM, daniela antonova
<daniela.antonova at gmail.com> wrote:
> Hi,
>
> I am new to static analysis and I have been struggling to do this
> task. I am doing a security analysis of programs and my aim is to
> label fields as high or low security.
> For example,
>
> class Test {
> private List emailList;
>
> public static void main(String[] args) {
> String email = .....;
> emalList.add(email);
>
> publishToPublicSink();
> }
>
> publishToPublicSink() {
> ....
> object.write(emailList); //publish the email list to a
> public location
> }
> }
>
> The analysis needs to label email and emailList as High security,
> because they contain private information. This is done by analysing
> the main method. Then it needs to find out that emailList is published
> in the publishToPublicSink() method. I have the call graph of the
> program, but I have not been able to use it to find that when
> emailList is used in publishToPublicSink, emailList is already High
> security.
>
> Could you give me any ideas as to methods, classes I could use to make
> this happen?
>
> Thank you very much indeed for your help.
>
> Dani
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
More information about the Soot-list
mailing list