[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.9708/jksci.2018.23.12.089

Implement Static Analysis Tool using JavaCC

Kim, Byeongcheol (Dept. of Computer Engineering, Korea Polytechnic University)
Kim, Changjin (Dept. of Computer Engineering, Korea Polytechnic University)
Yun, Seongcheol (Dept. of Computer Engineering, Korea Polytechnic University)
Han, Kyungsook (Dept. of Computer Engineering, Korea Polytechnic University)

Publication Information

Journal of the Korea Society of Computer and Information / v.23, no.12, 2018 , pp. 89-94 More about this Journal

Abstract

In this paper, we implemented a static analysis tool for weakness. We implemented on JavaCC using syntax information and control flow information among various information. We also tested the performance of the tool using Juliet-test suite on Eclipse. We were classified using information necessary for diagnosis and diagnostic methods were studied and implemented. By mapping the information obtained at each compiler phase the security weakness, we expected to link the diagnostic method with the program analysis information to the security weakness. In the future, we will extend to implement diagnostic tools using other analysis information.

Keywords

Security; Weakness; Static Analysis; Syntax Information; Flow Information;

Citations & Related Records

Reference

1	SungMoon Hong, Seungcheol Shin, Kyung-Goo Doh, Detection of Security Vulnerability From the Knowledge-Base Representation of Source Code, Journal of The Korea Information Science Society pp.1618-1620, June 2014.
2	CWE, Common Weakness Enumeration, https://cwe.mitre.org/
3	CERT, Computer Emergency Response Team, https://wiki.sei.cmu.edu/confluence/
4	Kyungsook Han, Damho Lee, Changwoo Pyo, Classificati on of Diagnostic Information and Analysis Methods for Weaknesses in C/C++ Programs, Journal of The Korea Society of Computer and Information Vol. 22 No. 3, pp. 81-88. March 2017. DOI
5	JavaCC, https://javacc.org/
6	Juliet test-suite, https://samate.nist.gov/SRD/testsuite.php/
7	MICRO FOCUS Inc., https://software.microfocus.com/
8	Sparrow Co., https://sparrowpasso.com/
9	Minero Aoki, "Compiler structure and principle : Language processing system learned by the compiler", 2009
10	CODEMIND, https://www.codemind.co.kr/
11	C. Cadar, and K. Sen, "Symbolic execution for software testing: three decades late," Communications of the ACM, 56.2 pp.82-90, July 2013. DOI
12	P. Cousot, and R. Cousot, "Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, "Proceedings of the 4th ACM SIGACT- SIGPLAN symposium on Principles of programming languages, pp238-252, ACM, January 1977.
13	Alfred V. Aho, Ravi Sethi, Jeffrey D. Ullman, "Compilers: Principled, Techniques, and Tools", Addison Wesley, 1986
14	Kuznetsov, Volodymyr, Kinder, Johannes, Bucur, Stefan, Candea, George, "Efficient State Merging in Symbolic Execution", 2012
15	LLVM, http://llvm.org/