SCAM tool session

In this session block, 5 presenters will explain tools they made. It is not a tool demo session: so no live demos and the presenters submitted accompanying papers of 6 pages.

Aucsmith-Like Obfuscation of Java Bytecode

Dynamic obfuscation is a technique that produces self-modifying programs. Andrea Zambon builds upon the work of Aucsmith, but apply this to bytecode. This way, a high-level of obfuscation is obtained, however, this comes at the price of performance: the method is about 1000 times slower than the non-obfuscated version.

AccessAnalysis: A Tool for Measuring the Appropriateness of Access Modifiers in Java Systems

This is actual a brilliant idea, as it is simple. Analyse accessibility of types and methods with their actual usage. Fields are left out of the analysis: they just supposed to be private. Their tool calculates two metrics: IGAT and IGAM: inappropiate generosity with accessibility ot types and methods. The tool now only calculates the metrics and does not fix the program. One of the attendees mentions that this might be tricky changing accessibility might change behavior.

Dynamic Trace-Based Data Dependency Analysis for Parallelization of C Programs

Next speaker Mihai T. Lazarescu proposes a method to support programmers to transform sequential C programs into parallel versions.  The tool has been tested on real-world source code with success, although some challenges still remain. Especially visual guidance is a challenge. Interesting!

Bakar Alir: Supporting Developers in Construction of Information Flow Contracts in SPARK

This presentation concerns a tool for SPARK. SPARK  is a subset of Ada that has been used in a number of industrial
contexts for implementing certified safety and security critical systems. It contains special syntax for flow contracts. In real-life projects, the authors noted that  sometimes there was 6 times more contract code than normal code. And where the IDE does support users in writing SPARK, it does not support users to write and manage these contract statements. Their tool Bakar Alir slices SPARK programs, and subsequently visualizes and checks the information flows.

InputTracer: A Data-Flow Analysis Tool for Manual Program Comprehension of x86 Binaries

Analysis of closed-source  programs is generally been done by manual reverse engineering of the machine code. This is extremely time-consuming and costly task, much research has been performed to develop more powerful methods for analysis of program binaries, for instance by dynamic taint analysis, which answers the question ‘where is this data used’. This speaker proposes InputTracer: a tool that used DTA to support manual  analysis x86 executables. It works well in almost all version of Linux, although there is a considerable overhead. Again a tool that focuses on supporting manual tasks, Tao Xie will be so happy 🙂