使用跨应用程序调用图对手工服务组合进行污点分析

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER) Pub Date : 2015-03-02 DOI:10.1109/SANER.2015.7081882

Marc-André Laverdière, Bernhard J. Berger, E. Merlo

{"title":"使用跨应用程序调用图对手工服务组合进行污点分析","authors":"Marc-André Laverdière, Bernhard J. Berger, E. Merlo","doi":"10.1109/SANER.2015.7081882","DOIUrl":null,"url":null,"abstract":"We propose an extension over the traditional call graph to incorporate edges representing control flow between web services, named the Cross-Application Call Graph (CACG). We introduce a construction algorithm for applications built on the Jax-WS standard and validate its effectiveness on sample applications from Apache CXF and JBossWS. Then, we demonstrate its applicability for taint analysis over a sample application of our making. Our CACG construction algorithm accurately identifies service call targets 81.07% of the time on average. Our taint analysis obtains a F-Measure of 95.60% over a benchmark. The use of a CACG, compared to a naive approach, improves the F-Measure of a taint analysis from 66.67% to 100.00% for our sample application.","PeriodicalId":355949,"journal":{"name":"2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Taint analysis of manual service compositions using Cross-Application Call Graphs\",\"authors\":\"Marc-André Laverdière, Bernhard J. Berger, E. Merlo\",\"doi\":\"10.1109/SANER.2015.7081882\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose an extension over the traditional call graph to incorporate edges representing control flow between web services, named the Cross-Application Call Graph (CACG). We introduce a construction algorithm for applications built on the Jax-WS standard and validate its effectiveness on sample applications from Apache CXF and JBossWS. Then, we demonstrate its applicability for taint analysis over a sample application of our making. Our CACG construction algorithm accurately identifies service call targets 81.07% of the time on average. Our taint analysis obtains a F-Measure of 95.60% over a benchmark. The use of a CACG, compared to a naive approach, improves the F-Measure of a taint analysis from 66.67% to 100.00% for our sample application.\",\"PeriodicalId\":355949,\"journal\":{\"name\":\"2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-03-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SANER.2015.7081882\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SANER.2015.7081882","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

我们建议在传统调用图的基础上进行扩展，将表示web服务之间控制流的边合并在一起，称为跨应用程序调用图(CACG)。我们介绍了基于Jax-WS标准构建的应用程序的构造算法，并在Apache CXF和jbosssws的示例应用程序上验证了它的有效性。然后，我们通过我们制作的一个样本应用来证明其对污染分析的适用性。我们的CACG构建算法识别服务调用目标的准确率平均为81.07%。我们的污染分析获得了超过基准95.60%的F-Measure。对于我们的示例应用程序，与原始方法相比，使用CACG可以将污染分析的F-Measure从66.67%提高到100.00%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Taint analysis of manual service compositions using Cross-Application Call Graphs

We propose an extension over the traditional call graph to incorporate edges representing control flow between web services, named the Cross-Application Call Graph (CACG). We introduce a construction algorithm for applications built on the Jax-WS standard and validate its effectiveness on sample applications from Apache CXF and JBossWS. Then, we demonstrate its applicability for taint analysis over a sample application of our making. Our CACG construction algorithm accurately identifies service call targets 81.07% of the time on average. Our taint analysis obtains a F-Measure of 95.60% over a benchmark. The use of a CACG, compared to a naive approach, improves the F-Measure of a taint analysis from 66.67% to 100.00% for our sample application.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)

自引率

0.00%

发文量