• DocumentCode
    700411
  • Title

    Taint analysis of manual service compositions using Cross-Application Call Graphs

  • Author

    Laverdiere, Marc-Andre ; Berger, Bernhard J. ; Merloz, Ettore

  • Author_Institution
    TCS Innovation Labs., Tata Consultancy Services, Canada
  • fYear
    2015
  • fDate
    2-6 March 2015
  • Firstpage
    585
  • Lastpage
    589
  • Abstract
    We propose an extension over the traditional call graph to incorporate edges representing control flow between web services, named the Cross-Application Call Graph (CACG). We introduce a construction algorithm for applications built on the Jax-WS standard and validate its effectiveness on sample applications from Apache CXF and JBossWS. Then, we demonstrate its applicability for taint analysis over a sample application of our making. Our CACG construction algorithm accurately identifies service call targets 81.07% of the time on average. Our taint analysis obtains a F-Measure of 95.60% over a benchmark. The use of a CACG, compared to a naive approach, improves the F-Measure of a taint analysis from 66.67% to 100.00% for our sample application.
  • Keywords
    Web services; data flow analysis; flow graphs; Apache CXF; CACG construction algorithm; F-measure; JBossWS; Jax-WS standard; Web services; control flow; cross-application call graph; manual service compositions; service call targets; taint analysis; Algorithm design and analysis; Androids; Benchmark testing; Java; Manuals; Security; Web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Analysis, Evolution and Reengineering (SANER), 2015 IEEE 22nd International Conference on
  • Conference_Location
    Montreal, QC
  • Type

    conf

  • DOI
    10.1109/SANER.2015.7081882
  • Filename
    7081882
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=700411