Abstract
Security issues can be leveraged when input parameters are not checked. These missing checks can lead an application to an unexpected state where an attacker can get access to assets. The tool Chucky-ng aims at detecting such missing checks in source code. Such source codes are the only input required for ChuckyJava. Since it is sensible to the identifier names used in these source codes, we want to normalize them in order to improve its efficiency. To achieve this, we propose an algorithm which works in four steps. It renames constant, parameter, variable and method names. We evaluate the impact of this renaming on two different experiments. Since our results are concluding, we show the benefits of using our tool. Moreover, we suggest another new way to improve Chucky-ng.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Greenan, K.: Method-level code clone detection on transformed abstract syntax trees using sequence matching algorithms (2005)
Kuhn, A., Ducasse, S., Girba, T.: Semantic clustering: Identifying topics in source code. Inf. Softw. Technol. 49, 230–243 (2007)
Maier, A.: Assisted discovery of vulnerabilities in source code by analyzing program slices (2015)
Ouairy, L., Le-Bouder, H., Lanet, J.: Protection des systemes face aux attaques par fuzzing (2018)
Pietig, A.: Functional specification of the OpenPGP application on ISO smart card operating systems (2004)
Sridhara, G., Hill, E., Pollock, L., Vijay-Shanker, K.: Identifying word relations in software: a comparative study of semantic similarity tools (2008)
Tairas, R., Gray, J.: Phoenix-based clone detection using suffix trees (2006)
Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery (2013)
Zhou, S., Stanciulescu, S., LeBenich, O., Xiong, Y., Wasowski, A., Kästner, C.: Identifying features in forks (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Renaming example
A Renaming example
1.1 A.1 Code snippet 1
1.2 A.2 Code snippet 2
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ouairy, L., Le-Bouder, H., Lanet, JL. (2019). Normalization of Java Source Codes. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)