Abstract
As new security problems and innovative attacks continue to be discovered, program analysis remains a burgeoning area of research. QL builds on previous attempts to enable declarative program analysis through Datalog, but solves some of the traditional challenges: Its object-oriented nature enables the creation of extensive libraries, and the query optimizer minimizes the performance cost of the abstraction layers introduced in this way. QL enables agile security analysis, allowing security response teams to find all variants of a newly discovered vulnerability. Their work can then be leveraged to provide automated on-going checking, thus ensuring that the same mistake never makes it into the code base again. This paper demonstrates declarative variant analysis by example.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
More recent versions of the QL libraries are able to track this pattern out of the box, but the same customization mechanisms are still available.
References
Avgustinov, P., de Moor O., Jones, M.P., Schäfer. M.: QL: object-oriented queries on relational data. In: Krishnamurthi, S., Lerner, B.S. (eds.) 30th European Conference on Object-Oriented Programming, ECOOP 2016, LIPIcs, Rome, Italy, 18–22 July 2016, vol. 56, pp. 2:1–2:25. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2016)
Backhouse, K.: Using QL to find a memory exposure vulnerability in Apple’s macOS XNU kernel. In: lgtm.com blog (2017). https://lgtm.com/blog/apple_xnu_dtrace_CVE-2017-13782
Bravenboer, M., Smaragdakis, Y.: Strictly declarative specification of sophisticated points-to analyses. In: OOPSLA (2009)
Frohoff, C., Lawrence, G.: Deserialize My Shorts, Or How I Learned to Start Worrying and Hate Java Object Deserialization. In: AppSec California (2015)
Mo, M.Y.: Using QL to find a remote code execution vulnerability in Apache Struts. lgtm.com blog (2017). https://lgtm.com/blog/apache_struts_CVE-2017-9805
Whaley, J., Avots, D., Carbin, M., Lam, M.S.: Using datalog with binary decision diagrams for program analysis. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 97–118. Springer, Heidelberg (2005). https://doi.org/10.1007/11575467_8
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Avgustinov, P., Backhouse, K., Mo, M.Y. (2018). Variant Analysis with QL. In: Havelund, K., Peleska, J., Roscoe, B., de Vink, E. (eds) Formal Methods. FM 2018. Lecture Notes in Computer Science(), vol 10951. Springer, Cham. https://doi.org/10.1007/978-3-319-95582-7_42
Download citation
DOI: https://doi.org/10.1007/978-3-319-95582-7_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-95581-0
Online ISBN: 978-3-319-95582-7
eBook Packages: Computer ScienceComputer Science (R0)