Scribd Logo
Upload

Welcome to Scribd!

  • Sheet 2

    Uploaded by

    for fun
    3 views10 pages

    Original Title

    sheet_2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views10 pages

    Sheet 2

    Uploaded by

    for fun

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    4/23/23, 11:21 PM OneNote

    Exercise sheet2: demand driven analysis and spllift 


    23 April 2023  18:45 

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 1/10
    4/23/23, 11:21 PM OneNote

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 2/10
    4/23/23, 11:21 PM OneNote

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 3/10
    4/23/23, 11:21 PM OneNote

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 4/10
    4/23/23, 11:21 PM OneNote

    In the case of a taint analysis with ten times more sources


    than sinks, because we could go from each sink backward to
    their related sources and avoid all the unrelated lines,
    demand-driven analysis can efficiently handle the large
    number of sources and avoid analysing the parts of the
    program that are not relevant to the security analysis. This
    can significantly reduce the time and computational resources
    required for the analysis and provide accurate results, making
    it a better choice than exhaustive. Demand analysis would be

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 5/10
    4/23/23, 11:21 PM OneNote

    better in this case because we are avoiding then all the not
    related part to security. 
    In the case of buffer overflow detection it's useful and better
    to use the Demand analysis because we needs to track
    integers: there might be many integers in a program but
    only few serve as array indices, using demand analysis
    would make us avoid the none used integer for array
    indicies  

    In the case of Reflection analysis for a program where


    every String is used to load classes or methods the
    exhaustive analysis would be the same as demand
    analysis in term of efficiency (not better) because we
    would need to analyze all the string in the program 

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 6/10
    4/23/23, 11:21 PM OneNote

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 7/10
    4/23/23, 11:21 PM OneNote

    software product lines are characterized by the presence of multiple


    with a unique set of features and functionality. Therefore, traditional s
    are not able to handle the variability and diversity of a software produ
      
    if we would like to analysis a software product line product by produc
    variation and possible configuration will take a lot of time maybe a lot
    traditional static analyses may not be able to handle the complexity a
    software product line. With multiple products, there can be a large nu
    features, variations, and configurations to consider, which can make
    to perform effective analysis using traditional techniques. Therefore,
    analysis techniques designed for software product lines are required
    these shortcomings. 
      
    the main goal of product line analysis approach is to make the analys
    using family based approach by not going product by product but ins
    the whole product family in one shot by looking into representation of
    product line at once.  
      
     

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 8/10
    4/23/23, 11:21 PM OneNote

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=t… 9/10
    4/23/23, 11:21 PM OneNote

    https://mailunipaderbornde-my.sharepoint.com/personal/zaghlol_mail_uni-paderborn_de/_layouts/15/Doc.aspx?sourcedoc={8656e472-694a-400a-8a2b-80d4f40a9cf8}&action=edit&wd=… 10/10

    You might also like