Automated Detection of Software Vulnerabilities via Static Program Analysis
Module: INF-BSc-278
Credits: 7
Hours: 4
Location: OH14 / 104
Start: 18.10.2023
Moodle: FP-VulnSPA
Language: german
Content
The impact of vulnerabilities in popular open-source software increased drastically throughout the past years, as evidenced by incidents like Log4Shell, Heartbleed or the Equifax Breach. As more and more developers rely on third-party components, their programs may become susceptible to attacks that they cannot fix themselves. As a result, researchers have developed a number of different methodologies to scan existing software for potential vulnerabilities, and to inform developers about risks and possible mitigations.
One of those methods is static program analysis, which statically – i.e. without executing the analyzed program – extracts information from the program’s source- or bytecode. This can be used to identify potentially dangerous dataflows, runtime errors or other unwanted behavior. A variety of static analyses has been developed so far, many of which are now part of popular IDEs or development workflows.
During the course of this project, participants are gradually introduced to the core concepts of static program analysis by implementing respective analysis tasks. Starting with simple analyses that extract information like the number of classes in a program, we will explore more advanced concepts like dataflow analysis and abstract interpretation. Participants will work in groups to solve different analysis tasks and evaluate their implementation on real-world software projects and libraries, both in terms of correctness and performance.
In this project, we will analyze programs for the JVM (Java, Scala, Kotlin) and implement our analyses in Scala (version 2.13) using the OPAL framework.
Literature and Further Reading
- Eric Bodden. Inter-procedural data-flow analysis with IFDS/IDE and Soot
- The OPAL framework
- Learning Scala (we require Scala 2.13 in the project course)
Grading
The final grade is influenced by:
- the quality of implementation
- the quality and results of the evaluation
- the final presentation