Browse Source

Finish.

master
Nicolas Hafner 2 years ago
parent
commit
fed0ea1f7b
Signed by: shinmera GPG Key ID: E12B14478BE4C922
2 changed files with 41 additions and 7 deletions
  1. BIN
      presentation.pdf
  2. +41
    -7
      presentation.tex

BIN
presentation.pdf View File


+ 41
- 7
presentation.tex View File

@ -102,10 +102,25 @@
}
\end{frame}
\begin{frame}
\title{Static Analysis Idea}
\begin{itemize}
\item Look at source code without executing it
\item Simulate source code execution
\item Determine all possible program states
\item Use state domain to reason about program
\end{itemize}
\end{frame}
\begin{frame}
\title{Static Analysis}
% FIXME: static analysis overview
\begin{itemize}
\item Define possible execution states
\item Define starting state
\item Define how statements and expressions change state
\item Iterate through function statements, applying state changes
\item Continue until a steady state is reached
\end{itemize}
\end{frame}
\begin{frame}[fragile]
@ -116,7 +131,7 @@ class AESCipher{
String algorithm = "AES";
void setKey(Secret key){
cipher = Cipher.getInstance(algoritm);
cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, key);
}
}
@ -137,7 +152,7 @@ class AESCipher{
void setKey(Secret key, String iv){
byte[] bytes = Hex.decodeHex(iv.toCharArray());
IVParameterSpec ivSpec = new IVParameterSpec(bytes);
cipher = Cipher.getInstance(algoritm);
cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
}
}
@ -289,7 +304,7 @@ class AESCipher{
\title{Thoughts}
\begin{itemize}
\item Paper does not discuss any future work
\item Static analysis uses very simple grammar
\item Static analysis uses rather simple grammar
\item Maybe useful to ease other API migrations
\item How to deal with languages unlike Java
\end{itemize}
@ -301,6 +316,7 @@ class AESCipher{
\item Filtering out semantic changes automatically is a feasible approach
\item In a sample case, 13 security rules were derived
\item Of the analysed projects, 57\% were vulnerable to at least one of the derived rules
\item Manual intervention still required
\end{itemize}
\vspace{\fill}
\makebox[\linewidth][c]{
@ -316,8 +332,26 @@ class AESCipher{
\begin{frame}
\end{frame}
\begin{frame}
Todo: backup slides with more detail
\begin{frame}[fragile]
\title{How About This?}
\begin{javacode}
class AESCipher{
Cipher cipher;
String getAlgorithm(){
switch(Config.AESMode){
case Config.AES: return "AES";
case Config.AES_CBC: return "AES/ECB";
default: throw new RuntimeException();
}
}
void setKey(Secret key){
cipher = Cipher.getInstance(getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, key);
}
}
\end{javacode}
\end{frame}
\end{document}

Loading…
Cancel
Save