A new framework for global object-oriented data-flow analysis

Xiong Xu; Guo Ai Xu; Miao Zhang; Xin Jian Zhuo

doi:10.1109/ICSESS.2010.5552324

A new framework for global object-oriented data-flow analysis

Xiong Xu^*
, Guo Ai Xu
, Miao Zhang
, Xin Jian Zhuo

^*Corresponding author for this work

Beijing University of Posts and Telecommunications

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Conventional data-flow analysis technology has many disadvantages when applied to OOPL for the polymorphism, generic, and other special features. This paper analyzes these disadvantages, and based on which, a new dataflow analysis framework for OOPL is developed. It develops a unified abstract syntax tree (UAST) of all object-oriented programming languages. Key algorithms of global data-flow analysis for OOPL are studied. Various special OOPL features are considered. The experiment proves that, using this framework and its algorithm set, we can identify security vulnerabilities and their attack paths accurately and efficiently.

Original language	English
Title of host publication	Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010
Pages	487-490
Number of pages	4
DOIs	https://doi.org/10.1109/ICSESS.2010.5552324
State	Published - 2010
Externally published	Yes
Event	2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010 - Beijing, China Duration: 16 Jul 2010 → 18 Jul 2010

Publication series

Name	Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010

Conference

Conference	2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010
Country/Territory	China
City	Beijing
Period	16/07/10 → 18/07/10

Keywords

Data-flow analysis
OOPL
Software security
Static analysis

Access to Document

10.1109/ICSESS.2010.5552324

Cite this

Xu, X., Xu, G. A., Zhang, M., & Zhuo, X. J. (2010). A new framework for global object-oriented data-flow analysis. In Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010 (pp. 487-490). Article 5552324 (Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010). https://doi.org/10.1109/ICSESS.2010.5552324

@inproceedings{c825c7d3bdab469f994d591a2f935f5e,

title = "A new framework for global object-oriented data-flow analysis",

abstract = "Conventional data-flow analysis technology has many disadvantages when applied to OOPL for the polymorphism, generic, and other special features. This paper analyzes these disadvantages, and based on which, a new dataflow analysis framework for OOPL is developed. It develops a unified abstract syntax tree (UAST) of all object-oriented programming languages. Key algorithms of global data-flow analysis for OOPL are studied. Various special OOPL features are considered. The experiment proves that, using this framework and its algorithm set, we can identify security vulnerabilities and their attack paths accurately and efficiently.",

keywords = "Data-flow analysis, OOPL, Software security, Static analysis",

author = "Xiong Xu and Xu, \{Guo Ai\} and Miao Zhang and Zhuo, \{Xin Jian\}",

year = "2010",

doi = "10.1109/ICSESS.2010.5552324",

language = "英语",

isbn = "9781424460526",

series = "Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010",

pages = "487--490",

booktitle = "Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010",

note = "2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010 ; Conference date: 16-07-2010 Through 18-07-2010",

}

Xu, X, Xu, GA, Zhang, M & Zhuo, XJ 2010, A new framework for global object-oriented data-flow analysis. in Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010., 5552324, Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010, pp. 487-490, 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010, Beijing, China, 16/07/10. https://doi.org/10.1109/ICSESS.2010.5552324

A new framework for global object-oriented data-flow analysis. / Xu, Xiong; Xu, Guo Ai; Zhang, Miao et al.
Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010. 2010. p. 487-490 5552324 (Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A new framework for global object-oriented data-flow analysis

AU - Xu, Xiong

AU - Xu, Guo Ai

AU - Zhang, Miao

AU - Zhuo, Xin Jian

PY - 2010

Y1 - 2010

N2 - Conventional data-flow analysis technology has many disadvantages when applied to OOPL for the polymorphism, generic, and other special features. This paper analyzes these disadvantages, and based on which, a new dataflow analysis framework for OOPL is developed. It develops a unified abstract syntax tree (UAST) of all object-oriented programming languages. Key algorithms of global data-flow analysis for OOPL are studied. Various special OOPL features are considered. The experiment proves that, using this framework and its algorithm set, we can identify security vulnerabilities and their attack paths accurately and efficiently.

AB - Conventional data-flow analysis technology has many disadvantages when applied to OOPL for the polymorphism, generic, and other special features. This paper analyzes these disadvantages, and based on which, a new dataflow analysis framework for OOPL is developed. It develops a unified abstract syntax tree (UAST) of all object-oriented programming languages. Key algorithms of global data-flow analysis for OOPL are studied. Various special OOPL features are considered. The experiment proves that, using this framework and its algorithm set, we can identify security vulnerabilities and their attack paths accurately and efficiently.

KW - Data-flow analysis

KW - OOPL

KW - Software security

KW - Static analysis

UR - https://www.scopus.com/pages/publications/77957829489

U2 - 10.1109/ICSESS.2010.5552324

DO - 10.1109/ICSESS.2010.5552324

M3 - 会议稿件

AN - SCOPUS:77957829489

SN - 9781424460526

T3 - Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010

SP - 487

EP - 490

BT - Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010

T2 - 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010

Y2 - 16 July 2010 through 18 July 2010

ER -

Xu X, Xu GA, Zhang M, Zhuo XJ. A new framework for global object-oriented data-flow analysis. In Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010. 2010. p. 487-490. 5552324. (Proceedings 2010 IEEE International Conference on Software Engineering and Service Sciences, ICSESS 2010). doi: 10.1109/ICSESS.2010.5552324

A new framework for global object-oriented data-flow analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this