Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager
Static analysis is a software testing technique that analyzes the code without executing it. It is widely used to detect vulnerabilities, errors, and other issues during software development. Many tools are available for static analysis of Java code, including SpotBugs. Methods that perform a securi...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-11-01
|
| Series: | Computers |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2073-431X/12/12/247 |
| _version_ | 1797381518208794624 |
|---|---|
| author | Midya Alqaradaghi Muhammad Zafar Iqbal Nazir Tamás Kozsik |
| author_facet | Midya Alqaradaghi Muhammad Zafar Iqbal Nazir Tamás Kozsik |
| author_sort | Midya Alqaradaghi |
| collection | DOAJ |
| description | Static analysis is a software testing technique that analyzes the code without executing it. It is widely used to detect vulnerabilities, errors, and other issues during software development. Many tools are available for static analysis of Java code, including SpotBugs. Methods that perform a security check must be declared private or final; otherwise, they can be compromised when a malicious subclass overrides the methods and omits the checks. In Java, security checks can be performed using the SecurityManager class. This paper addresses the aforementioned problem by building a new automated checker that raises an issue when this rule is violated. The checker is built under the SpotBugs static analysis tool. We evaluated our approach on both custom test cases and real-world software, and the results revealed that the checker successfully detected related bugs in both with optimal metrics values. |
| first_indexed | 2024-03-08T20:52:43Z |
| format | Article |
| id | doaj.art-6ab102c2a9484e0b81cc8931dbf5380d |
| institution | Directory Open Access Journal |
| issn | 2073-431X |
| language | English |
| last_indexed | 2024-03-08T20:52:43Z |
| publishDate | 2023-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Computers |
| spelling | doaj.art-6ab102c2a9484e0b81cc8931dbf5380d2023-12-22T14:01:23ZengMDPI AGComputers2073-431X2023-11-01121224710.3390/computers12120247Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManagerMidya Alqaradaghi0Muhammad Zafar Iqbal Nazir1Tamás Kozsik2Department of Programming Languages and Compilers, ELTE Eötvös Loránd University, Pázmány Péter stny. 1/C, H-1117 Budapest, HungaryDepartment of Programming Languages and Compilers, ELTE Eötvös Loránd University, Pázmány Péter stny. 1/C, H-1117 Budapest, HungaryDepartment of Programming Languages and Compilers, ELTE Eötvös Loránd University, Pázmány Péter stny. 1/C, H-1117 Budapest, HungaryStatic analysis is a software testing technique that analyzes the code without executing it. It is widely used to detect vulnerabilities, errors, and other issues during software development. Many tools are available for static analysis of Java code, including SpotBugs. Methods that perform a security check must be declared private or final; otherwise, they can be compromised when a malicious subclass overrides the methods and omits the checks. In Java, security checks can be performed using the SecurityManager class. This paper addresses the aforementioned problem by building a new automated checker that raises an issue when this rule is violated. The checker is built under the SpotBugs static analysis tool. We evaluated our approach on both custom test cases and real-world software, and the results revealed that the checker successfully detected related bugs in both with optimal metrics values.https://www.mdpi.com/2073-431X/12/12/247SecurityManager classJavaSpotBugsstatic analysisaccurate checker |
| spellingShingle | Midya Alqaradaghi Muhammad Zafar Iqbal Nazir Tamás Kozsik Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager Computers SecurityManager class Java SpotBugs static analysis accurate checker |
| title | Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager |
| title_full | Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager |
| title_fullStr | Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager |
| title_full_unstemmed | Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager |
| title_short | Design and Implement an Accurate Automated Static Analysis Checker to Detect Insecure Use of SecurityManager |
| title_sort | design and implement an accurate automated static analysis checker to detect insecure use of securitymanager |
| topic | SecurityManager class Java SpotBugs static analysis accurate checker |
| url | https://www.mdpi.com/2073-431X/12/12/247 |
| work_keys_str_mv | AT midyaalqaradaghi designandimplementanaccurateautomatedstaticanalysischeckertodetectinsecureuseofsecuritymanager AT muhammadzafariqbalnazir designandimplementanaccurateautomatedstaticanalysischeckertodetectinsecureuseofsecuritymanager AT tamaskozsik designandimplementanaccurateautomatedstaticanalysischeckertodetectinsecureuseofsecuritymanager |