Bibliograph. Daten | Krawczyk, Lukas: An Approach for Identifiying False Positive Warnings in SAST Tooling. Universität Stuttgart, Fakultät Informatik, Elektrotechnik und Informationstechnik, Bachelorarbeit Nr. 34 (2022). 61 Seiten, englisch.
|
Kurzfassung | In this paper, we present an approach to reduce the number of false positive results in static analysis of cryptographic libraries. To achieve this, we use an existing path-sensitive algorithm to eliminate RCE vulnerabilities and adapt it to recognize a group of vulnerabilities found in cryptographic libraries. We implement a prototype of our approach in Java using the Soot API for control flow graph and call graph generation. The prototype is then evaluated from two perspectives: accuracy and performance. We use a cryptographic benchmark to evaluate accuracy and a set of randomly chosen executable Java programs to evaluate performance. We summarize our results in a concluding chapter.
|
Abteilung(en) | Universität Stuttgart, Institut für Softwaretechnologie, Empirisches Software Engineering
|
Betreuer | Wagner, Prof. Stefan; Franco da Silva, Dr. Ana Christina; Haug, Markus; Graziotin, Dr. Daniel |
Eingabedatum | 25. Oktober 2022 |
---|