Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
Wed 8 Jul 2020 16:36 - 16:44 at Goguryeo - A11-Performance and Analysis Chair(s): Pooyan Jamshidi

With version 9, Java has been given the new module system Jigsaw. Major goals were to simplify the maintainability of the JDK and improve its security by encapsulating modules’ internal types. While the module system successfully limits the visibility of internal types, it does not prevent sensitive data from escaping. Since the module system reasons about types only, objects are allowed to escape even if that module declares the type as internal. Finding such unintended escapes is important, as they may violate a module’s integrity and confidentiality, but is a complex task as it requires one to reason about pointers and type hierarchy. We thus present ModGuard, a novel static analysis based on Doop which complements the Java module system with an analysis to automatically identify instances that escape their declaring module. Along with ModGuard, we contribute a complete formal definition of a module’s entrypoints, i.e., the method implementations that a module actually allows other modules to directly invoke. We further make available a novel micro-benchmark suite MIC9Bench to show the effectiveness but also current shortcomings of ModGuard, and to enable comparative studies in the future. Finally, we describe a case study that we conducted using Apache Tomcat, which shows that a migration of applications towards Jigsaw modules does not prevent sensitive instances from escaping, yet also shows that ModGuard is an effective aid in identifying integrity and confidentiality violations of sensitive instances. The paper has been accepted to IEEE Transactions on Software Engineering (IEEE TSE) on July 11th, 2019 and is available as early access since July 29th, 2019.

Wed 8 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

16:05 - 17:05: Paper Presentations - A11-Performance and Analysis at Goguryeo
Chair(s): Pooyan JamshidiUniversity of South Carolina
Demonstrations16:05 - 16:08
Robert ChatleyImperial College London, Thomas AllertonStarling Bank
icse-2020-Journal-First16:08 - 16:16
Giovanni GranoUniversity of Zurich, Christoph LaaberUniversity of Zurich, Annibale PanichellaDelft University of Technology, Sebastiano PanichellaZurich University of Applied Sciences
Link to publication DOI Pre-print
icse-2020-Journal-First16:16 - 16:24
Diego CostaConcordia University, Canada, Cor-Paul BezemerUniversity of Alberta, Canada, Philipp LeitnerChalmers University of Technology & University of Gothenburg, Artur AndrzejakHeidelberg University
icse-2020-papers16:24 - 16:36
Zishuo DingConcordia University, Canada, Jinfu ChenConcordia University, Canada, Weiyi ShangConcordia University
icse-2020-Journal-First16:36 - 16:44
Andreas DannPaderborn University, Ben HermannPaderborn University, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Link to publication DOI
icse-2020-New-Ideas-and-Emerging-Results16:44 - 16:50
Qi XinGeorgia Institute of Technology, Myeongsoo KimGeorgia Institute of Technology, Qirun ZhangGeorgia Institute of Technology, USA, Alessandro OrsoGeorgia Tech
icse-2020-Journal-First16:50 - 16:58
Marco PaolieriUniversity of Southern California, Marco BiagiUniversity of Florence, Laura CarnevaliUniversity of Florence, Enrico VicarioUniversity of Florence