Advertisement

Perceive Core Logical Blocks of a C Program Automatically for Source Code Transformations

  • Pallavi Ahire
  • Jibi AbrahamEmail author
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 940)

Abstract

Tool like Flawfinder, used to identify a security flaw in a source code, is too expensive to be procured for usage but it can also be accessed on public cloud as a software as a service. Since there is possibility of inside attackers in cloud service, to unveil the logical possessions out of the source code, there is a need to transform the source code by altering the semantics. In this paper, we have introduced a novel method to identify the core logical blocks of any C source code. It mainly consists of two steps: (i) source code entity identification (ii) dependency identification. The entities are identified based on programming language constructs like variables, simple entities and control structures. Variable dependency is in deep analyzed by generating a dependency graph using Neo4j graph database software. This graph is further traversed and weighted matrix of the variable dependencies is created from which the core logical blocks could be identified. Algorithms are designed for the above two steps. Cyclomatic complexity analysis and Time complexity analysis are carried out and experimentations are conducted to verify the same.

Keywords

Cloud computing Source code transformations Entity identification Variable dependency identification 

References

  1. 1.
    Flawfinder: Source Code Analysis Tool for detecting security flaws. https://www.dwheeler.com/flawfinder/
  2. 2.
    Klockwork: Source Code Analysis Tool for Security & Reliability. http://www.klocwork.com/
  3. 3.
    Why Source Code Disclosure is dangerous?Google Scholar
  4. 4.
    Wyseur, B.: White-Box Cryptography. Ph.D. thesis, Katholieke Universiteit Leuven, Belgium (2009)Google Scholar
  5. 5.
    D-Anna, L., Matt, B., Reisse, A., Van Vleck, T., Schwab, S., LeBlanc, P.: Self-protecting mobile agents obfuscation report Final report. Technical report 03-015, Network Associates Laboratories, June 2003Google Scholar
  6. 6.
    The Tigress C Diversifier/Obfuscator. http://tigress.cs.arizona.edu/
  7. 7.
    Xu, H., Zhou, Y., Kang, Y., Lyu, M.R.: On Secure and Usable Program Obfuscation: A Survey, arXiv:1710.01139v1, Cornell University Library (2017). https://arxiv.org/pdf/1710.01139.pdf
  8. 8.
    Cai, Z., Zhao, L., Wang, X., Yang, X., Qin, J., Yin, K.: A pattern-based code transformation approach for cloud application migration. In: IEEE International Conference on Cloud Computing, pp. 33–40 (2015)Google Scholar
  9. 9.
    Rahman, A., Cordy, J.R.: Pattern analysis of TXL programs. In: IEEE International Conference on Software Analysis, Evolution and Reengineering, pp. 37–43 (2016)Google Scholar
  10. 10.
    Doxygen: Generate documentation from source code http://www.stack.nl/~dimitri/doxygen/
  11. 11.
    Sadar, A., Panicker J, V.: DocTool – A Tool for Visualizing Software Projects using Graph Database, IEEE (2015). 978-1-4673-7948-9Google Scholar
  12. 12.
    Sadi, M.S., Halder, L., Saha, S.: Variable dependency analysis of a computer program. In: IEEE International Conference on Electrical Information and Communication Technology (EICT), pp 1–5 (2013)Google Scholar
  13. 13.
    Fox, C., Harman, M., Hassoun, Y.: Variable Dependence Analysis Technical report: TR-10-0, Elsevier (2010)Google Scholar
  14. 14.
    NeO4j: Graph Platform for Connected Data. https://neo4j.com/
  15. 15.
    McCabe, T.J.: A complexity measure. IEEE Trans. Software Eng. 2(4), 308–320 (1976)MathSciNetCrossRefGoogle Scholar
  16. 16.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of TechnologySavitribai Phule Pune UniversityPuneIndia
  2. 2.College of Engineering PunePuneIndia

Personalised recommendations