Advertisement

Variant Analysis with QL

  • Pavel Avgustinov
  • Kevin Backhouse
  • Man Yue Mo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10951)

Abstract

As new security problems and innovative attacks continue to be discovered, program analysis remains a burgeoning area of research. QL builds on previous attempts to enable declarative program analysis through Datalog, but solves some of the traditional challenges: Its object-oriented nature enables the creation of extensive libraries, and the query optimizer minimizes the performance cost of the abstraction layers introduced in this way. QL enables agile security analysis, allowing security response teams to find all variants of a newly discovered vulnerability. Their work can then be leveraged to provide automated on-going checking, thus ensuring that the same mistake never makes it into the code base again. This paper demonstrates declarative variant analysis by example.

References

  1. 1.
    Avgustinov, P., de Moor O., Jones, M.P., Schäfer. M.: QL: object-oriented queries on relational data. In: Krishnamurthi, S., Lerner, B.S. (eds.) 30th European Conference on Object-Oriented Programming, ECOOP 2016, LIPIcs, Rome, Italy, 18–22 July 2016, vol. 56, pp. 2:1–2:25. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2016)Google Scholar
  2. 2.
    Backhouse, K.: Using QL to find a memory exposure vulnerability in Apple’s macOS XNU kernel. In: lgtm.com blog (2017). https://lgtm.com/blog/apple_xnu_dtrace_CVE-2017-13782
  3. 3.
    Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-to analyses. In: OOPSLA (2009)CrossRefGoogle Scholar
  4. 4.
    Frohoff, C., Lawrence, G.: Deserialize My Shorts, Or How I Learned to Start Worrying and Hate Java Object Deserialization. In: AppSec California (2015)Google Scholar
  5. 5.
    Mo, M.Y.: Using QL to find a remote code execution vulnerability in Apache Struts. lgtm.com blog (2017). https://lgtm.com/blog/apache_struts_CVE-2017-9805
  6. 6.
    Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using datalog with binary decision diagrams for program analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005).  https://doi.org/10.1007/11575467_8CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Pavel Avgustinov
    • 1
  • Kevin Backhouse
    • 1
  • Man Yue Mo
    • 1
  1. 1.Semmle Ltd.OxfordUK

Personalised recommendations