DocumentCode :
700411
Title :
Taint analysis of manual service compositions using Cross-Application Call Graphs
Author :
Laverdiere, Marc-Andre ; Berger, Bernhard J. ; Merloz, Ettore
Author_Institution :
TCS Innovation Labs., Tata Consultancy Services, Canada
fYear :
2015
fDate :
2-6 March 2015
Firstpage :
585
Lastpage :
589
Abstract :
We propose an extension over the traditional call graph to incorporate edges representing control flow between web services, named the Cross-Application Call Graph (CACG). We introduce a construction algorithm for applications built on the Jax-WS standard and validate its effectiveness on sample applications from Apache CXF and JBossWS. Then, we demonstrate its applicability for taint analysis over a sample application of our making. Our CACG construction algorithm accurately identifies service call targets 81.07% of the time on average. Our taint analysis obtains a F-Measure of 95.60% over a benchmark. The use of a CACG, compared to a naive approach, improves the F-Measure of a taint analysis from 66.67% to 100.00% for our sample application.
Keywords :
Web services; data flow analysis; flow graphs; Apache CXF; CACG construction algorithm; F-measure; JBossWS; Jax-WS standard; Web services; control flow; cross-application call graph; manual service compositions; service call targets; taint analysis; Algorithm design and analysis; Androids; Benchmark testing; Java; Manuals; Security; Web services;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Software Analysis, Evolution and Reengineering (SANER), 2015 IEEE 22nd International Conference on
Conference_Location :
Montreal, QC
Type :
conf
DOI :
10.1109/SANER.2015.7081882
Filename :
7081882
Link To Document :
بازگشت