Title :
A new framework for global object-oriented data-flow analysis
Author :
Xiong, Xu ; Guo-ai, Xu ; Miao, Zhang ; Xin-jian, Zhuo
Author_Institution :
Key Lab. of network & Inf. attack &, Beijing Univ. of Posts & Telecommun., Beijing, China
Abstract :
Conventional data-flow analysis technology has many disadvantages when applied to OOPL for the polymorphism, generic, and other special features. This paper analyzes these disadvantages, and based on which, a new dataflow analysis framework for OOPL is developed. It develops a unified abstract syntax tree (UAST) of all object-oriented programming languages. Key algorithms of global data-flow analysis for OOPL are studied. Various special OOPL features are considered. The experiment proves that, using this framework and its algorithm set, we can identify security vulnerabilities and their attack paths accurately and efficiently.
Keywords :
data flow analysis; object-oriented languages; object-oriented programming; tree data structures; OOPL; UAST; global object-oriented data-flow analysis; object-oriented programming language; unified abstract syntax tree; Algorithm design and analysis; Doped fiber amplifiers; Java; Security; Software; Syntactics; OOPL; data-flow analysis; software security; static analysis;
Conference_Titel :
Software Engineering and Service Sciences (ICSESS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6054-0
DOI :
10.1109/ICSESS.2010.5552324
