Skip to main content
SpringerLink
Log in

Normalization of Java Source Codes

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SECITC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11359))

Abstract

Security issues can be leveraged when input parameters are not checked. These missing checks can lead an application to an unexpected state where an attacker can get access to assets. The tool Chucky-ng aims at detecting such missing checks in source code. Such source codes are the only input required for ChuckyJava. Since it is sensible to the identifier names used in these source codes, we want to normalize them in order to improve its efficiency. To achieve this, we propose an algorithm which works in four steps. It renames constant, parameter, variable and method names. We evaluate the impact of this renaming on two different experiments. Since our results are concluding, we show the benefits of using our tool. Moreover, we suggest another new way to improve Chucky-ng.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/CSSHL/MyPGPid.

  2. 2.

    https://github.com/Yubico/ykneo-openpgp.

  3. 3.

    https://sourceforge.net/projects/jcopenpgp/.

  4. 4.

    https://github.com/FluffyKaon/OpenPGP-Card.

References

  1. Greenan, K.: Method-level code clone detection on transformed abstract syntax trees using sequence matching algorithms (2005)

    Google Scholar 

  2. Kuhn, A., Ducasse, S., Girba, T.: Semantic clustering: Identifying topics in source code. Inf. Softw. Technol. 49, 230–243 (2007)

    Article  Google Scholar 

  3. Maier, A.: Assisted discovery of vulnerabilities in source code by analyzing program slices (2015)

    Google Scholar 

  4. Ouairy, L., Le-Bouder, H., Lanet, J.: Protection des systemes face aux attaques par fuzzing (2018)

    Google Scholar 

  5. Pietig, A.: Functional specification of the OpenPGP application on ISO smart card operating systems (2004)

    Google Scholar 

  6. Sridhara, G., Hill, E., Pollock, L., Vijay-Shanker, K.: Identifying word relations in software: a comparative study of semantic similarity tools (2008)

    Google Scholar 

  7. Tairas, R., Gray, J.: Phoenix-based clone detection using suffix trees (2006)

    Google Scholar 

  8. Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery (2013)

    Google Scholar 

  9. Zhou, S., Stanciulescu, S., LeBenich, O., Xiong, Y., Wasowski, A., Kästner, C.: Identifying features in forks (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA, Rennes, France

    Léopold Ouairy & Jean-Louis Lanet

  2. IMT-Atlantique, Rennes, France

    Hélène Le-Bouder

Authors
  1. Léopold Ouairy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hélène Le-Bouder
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Louis Lanet
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Léopold Ouairy .

Editor information

Editors and Affiliations

  1. Inria-RBA, Rennes, France

    Jean-Louis Lanet

  2. Bucharest University of Economic Studies, Bucharest, Romania

    Cristian Toma

A Renaming example

A Renaming example

1.1 A.1 Code snippet 1

figure d

1.2 A.2 Code snippet 2

figure e

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ouairy, L., Le-Bouder, H., Lanet, JL. (2019). Normalization of Java Source Codes. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12942-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12941-5

  • Online ISBN: 978-3-030-12942-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation