Bibliography | Krawczyk, Lukas: An Approach for Identifiying False Positive Warnings in SAST Tooling. University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Bachelor Thesis No. 34 (2022). 61 pages, english.
|
Abstract | In this paper, we present an approach to reduce the number of false positive results in static analysis of cryptographic libraries. To achieve this, we use an existing path-sensitive algorithm to eliminate RCE vulnerabilities and adapt it to recognize a group of vulnerabilities found in cryptographic libraries. We implement a prototype of our approach in Java using the Soot API for control flow graph and call graph generation. The prototype is then evaluated from two perspectives: accuracy and performance. We use a cryptographic benchmark to evaluate accuracy and a set of randomly chosen executable Java programs to evaluate performance. We summarize our results in a concluding chapter.
|
Department(s) | University of Stuttgart, Institute of Software Technology, Empirical Software Engineering
|
Superviser(s) | Wagner, Prof. Stefan; Franco da Silva, Dr. Ana Christina; Haug, Markus; Graziotin, Dr. Daniel |
Entry date | October 25, 2022 |
---|