Skip to main content
SpringerLink
Log in

Variant Analysis with QL

  • Conference paper
  • First Online:
Formal Methods (FM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10951))

Included in the following conference series:

  • 1397 Accesses

Abstract

As new security problems and innovative attacks continue to be discovered, program analysis remains a burgeoning area of research. QL builds on previous attempts to enable declarative program analysis through Datalog, but solves some of the traditional challenges: Its object-oriented nature enables the creation of extensive libraries, and the query optimizer minimizes the performance cost of the abstraction layers introduced in this way. QL enables agile security analysis, allowing security response teams to find all variants of a newly discovered vulnerability. Their work can then be leveraged to provide automated on-going checking, thus ensuring that the same mistake never makes it into the code base again. This paper demonstrates declarative variant analysis by example.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    More recent versions of the QL libraries are able to track this pattern out of the box, but the same customization mechanisms are still available.

References

  1. Avgustinov, P., de Moor O., Jones, M.P., Schäfer. M.: QL: object-oriented queries on relational data. In: Krishnamurthi, S., Lerner, B.S. (eds.) 30th European Conference on Object-Oriented Programming, ECOOP 2016, LIPIcs, Rome, Italy, 18–22 July 2016, vol. 56, pp. 2:1–2:25. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2016)

    Google Scholar 

  2. Backhouse, K.: Using QL to find a memory exposure vulnerability in Apple’s macOS XNU kernel. In: lgtm.com blog (2017). https://lgtm.com/blog/apple_xnu_dtrace_CVE-2017-13782

  3. Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-to analyses. In: OOPSLA (2009)

    Article  Google Scholar 

  4. Frohoff, C., Lawrence, G.: Deserialize My Shorts, Or How I Learned to Start Worrying and Hate Java Object Deserialization. In: AppSec California (2015)

    Google Scholar 

  5. Mo, M.Y.: Using QL to find a remote code execution vulnerability in Apache Struts. lgtm.com blog (2017). https://lgtm.com/blog/apache_struts_CVE-2017-9805

  6. Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using datalog with binary decision diagrams for program analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005). https://doi.org/10.1007/11575467_8

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Semmle Ltd., Oxford, UK

    Pavel Avgustinov, Kevin Backhouse & Man Yue Mo

Authors
  1. Pavel Avgustinov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kevin Backhouse
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Man Yue Mo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pavel Avgustinov .

Editor information

Editors and Affiliations

  1. NASA Jet Propulsion Laboratory, Pasadena, California, USA

    Klaus Havelund

  2. University of Bremen, Bremen, Germany

    Jan Peleska

  3. University of Oxford, Oxford, United Kingdom

    Bill Roscoe

  4. Eindhoven University of Technology, Eindhoven, The Netherlands

    Erik de Vink

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Avgustinov, P., Backhouse, K., Mo, M.Y. (2018). Variant Analysis with QL. In: Havelund, K., Peleska, J., Roscoe, B., de Vink, E. (eds) Formal Methods. FM 2018. Lecture Notes in Computer Science(), vol 10951. Springer, Cham. https://doi.org/10.1007/978-3-319-95582-7_42

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-95582-7_42

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-95581-0

  • Online ISBN: 978-3-319-95582-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation