ABSTRACT
Atlas is a new software analysis platform from EnSoft Corp. Atlas decouples the domain-specific analysis goal from its underlying mechanism by splitting analysis into two distinct phases. In the first phase, polynomial-time static analyzers index the software AST, building a rich graph database. In the second phase, users can explore the graph directly or run custom analysis scripts written using a convenient API. These features make Atlas ideal for both interaction and automation. In this paper, we describe the motivation, design, and use of Atlas. We present validation case studies, including the verification of safe synchronization of the Linux kernel, and the detection of malware in Android applications. Our ICSE 2014 demo explores the comprehension and malware detection use cases. Video: http://youtu.be/cZOWlJ-IO0k
- S. K. Ahmed Tamrawi, Gui Kang. Event Flow Graphs to Verify Absence of Vulnerabilities and Malicious Behaviors. IEEE Trans. Softw. Eng., 2013.Google Scholar
- A. Aiken, S. Bugrara, I. Dillig, T. Dillig, B. Hackett, and P. Hawkins. An Overview of the Saturn Project. In Proc. 7th ACM SIGPLAN-SIGSOFT Work. Progr. Anal. Softw. Tools Eng., PASTE ’07, pages 43–48, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- S. B. Akers. Binary Decision Diagrams. Comput. IEEE Trans., C-27(6):509–516, June 1978. Google ScholarDigital Library
- D. Babic. Exploiting structure for scalable software verification. 2008.Google Scholar
- A. Brühlmann and T. Gˆırba. Enriching reverse engineering with annotations. Model Driven Eng.. .., 5301:660–674, 2008.Google Scholar
- Y. Chen. The C information abstraction system.. .., IEEE Trans., 16(3), 1990. Google ScholarDigital Library
- J. Cordy. Comprehending reality-practical barriers to industrial adoption of software maintenance automation.. .., 2003. 11th IEEE Int. Work., 2003. Google ScholarDigital Library
- P. Devanbu. GENOA: a customizable language-and front-end independent code analyzer. Proc. 14th Int. Conf.. .., pages 307–317, 1992. Google ScholarDigital Library
- J. Ebert and D. Bildhauer. Reverse engineering using graph queries.. .. Transform. Model. Eng., pages 335–362, 2010. Google ScholarDigital Library
- J. Ebert, B. Kullbach, V. Riediger, and A. Winter. GUPRO - Generic Understanding of Programs An Overview. Electron. Notes Theor. Comput. Sci., 72(2):47–56, Nov. 2002.Google ScholarCross Ref
- S. Elliott Sim, C. Clarke, R. Holt, and a.M. Cox. Browsing and searching software architectures. Proc. IEEE Int. Conf. Softw. Maint. - 1999 (ICSM’99). ’Software Maint. Bus. Chang. (Cat. No.99CB36360), pages 381–390, 1999. Google ScholarDigital Library
- K. Gui. Proving safety properties of software. PhD thesis, Iowa State University, 2012. Google ScholarDigital Library
- F. B. Jr. The computer scientist as toolsmith II. Commun. ACM, 39(3):61–68, 1996. Google ScholarDigital Library
- S. Paul and A. Prakash. A framework for source code search using program patterns. Softw. Eng. IEEE Trans.. .., 1994. Google ScholarDigital Library
- S. Paul and A. Prakash. A query algebra for program databases. Softw. Eng. IEEE Trans.. .., 1996. Google ScholarDigital Library
Index Terms
- Atlas: a new way to explore software, build analysis tools
Recommendations
HybriDroid: static analysis framework for Android hybrid applications
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software EngineeringMobile applications (apps) have long invaded the realm of desktop apps, and hybrid apps become a promising solution for supporting multiple mobile platforms. Providing both platform-specific functionalities via native code like native apps and user ...
Comments