Difference between revisions of "MQP:Static Analysis Tool 0.1"

Latest revision as of 19:08, 12 September 2008

The Prototype

The initial prototype of the static analysis tool is available here. The tool at the moment has a simple command line interface, and only has the static analysis tool using Soot available. The current version approximates the security requirements of a program very conservatively.

A Simple Walkthrough

To run the tool, invoke the following command (this ensures the JVM will have enough memory to handle the large call graph that will be created).

java -Xmx600m -jar proofOfConcept0-1.jar

When this runs, a shell prompt should appear like this:

SecurityAnalyzer:> 

The "run" command runs analyses on tools. Currently the only tool available is the "SootAnalysisTool," which has tool number 1. The run command takes in a tool number, a directory in which to the source to be analyzed is located, and the fully qualified java classname of the main class of the application. In the future, it will be easier to specify different entry points other than a main class. To run the included test, invoke the run command as follows:

SecurityAnalyzer:> run 1 Tests/ test.Test

This will take a while to run (a very large call graph is being generated). The results of the analysis should appear in the directory in which the jar is located in a file called 'results.txt'. Specify other code sources to analyze by changing the directory to be analyzed, which must be the root of the package structure of the java code to be analyzed.

Limitations

Viewing the result file should make it apparent how conservative the tool is right now. Further work on narrowing down the runtime types of virtual method calls could help this somewhat, along with other improvements to the call graph construction. However, this prototype represents a proof of concept of this basic part of the analysis.