Skip to main content
Top

2020 | OriginalPaper | Chapter

Towards the Efficient Use of Dynamic Call Graph Generators of Node.js Applications

Authors : Zoltán Herczeg, Gábor Lóki, Ákos Kiss

Published in: Evaluation of Novel Approaches to Software Engineering

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

JavaScript is the most popular programming language these days and it is used in many environments such as node.js. The node.js ecosystem allows sharing JavaScript code easily, and the shared code can be reused as building blocks to create new applications. However, this ever growing environment has its own challenges as well. One of them is security: even simple applications can have many dependencies, and these dependencies might contain malware software. Another challenge is fault localization: finding the reason of a fault could be difficult in a software with many dependencies. Dynamic program analysis can help solving these problems. In particular, dynamic call graphs were used successfully in both cases before. Since no call graph generators were available for node.js before, we created them. In this paper, we compare the call graphs constructed by our generator tools. We show that a large amount of engine-specific information is present in the call graphs and filtering can efficiently remove it. We also discuss how the asynchronous nature of JavaScript affects call graphs. Finally, we show the performance overhead of call graph generation and its side effects on module testing.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literature
5.
go back to reference Elhadi, A., Maarof, M., Hamza Osman, A.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9, 283–288 (2012)CrossRef Elhadi, A., Maarof, M., Hamza Osman, A.: Malware detection based on hybrid signature behaviour application programming interface call graph. Am. J. Appl. Sci. 9, 283–288 (2012)CrossRef
6.
go back to reference Feldthaus, A., Schäfer, M., Sridharan, M., Dolby, J., Tip, F.: Efficient construction of approximate call graphs for JavaScript IDE services. In: Proceedings of the 2013 International Conference on Software Engineering (ICSE 2013), pp. 752–761. IEEE Press (2013) Feldthaus, A., Schäfer, M., Sridharan, M., Dolby, J., Tip, F.: Efficient construction of approximate call graphs for JavaScript IDE services. In: Proceedings of the 2013 International Conference on Software Engineering (ICSE 2013), pp. 752–761. IEEE Press (2013)
8.
go back to reference Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of Android malware using embedded call graphs. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security (AISec 2013), pp. 45–54. ACM (2013). https://doi.org/10.1145/2517312.2517315 Gascon, H., Yamaguchi, F., Arp, D., Rieck, K.: Structural detection of Android malware using embedded call graphs. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security (AISec 2013), pp. 45–54. ACM (2013). https://​doi.​org/​10.​1145/​2517312.​2517315
10.
go back to reference Guarnieri, S., Livshits, V.B.: Gatekeeper: mostly static enforcement of security and reliability policies for JavaScript code. USENIX Secur. Symp. 10, 78–85 (2009) Guarnieri, S., Livshits, V.B.: Gatekeeper: mostly static enforcement of security and reliability policies for JavaScript code. USENIX Secur. Symp. 10, 78–85 (2009)
11.
12.
go back to reference Herczeg., Z., Lóki., G.: Evaluation and comparison of dynamic call graph generators for JavaScript. In: Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - (ENASE 2019), vol. 1, pp. 472–479. INSTICC, SciTePress (2019). https://doi.org/10.5220/0007752904720479 Herczeg., Z., Lóki., G.: Evaluation and comparison of dynamic call graph generators for JavaScript. In: Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - (ENASE 2019), vol. 1, pp. 472–479. INSTICC, SciTePress (2019). https://​doi.​org/​10.​5220/​0007752904720479​
16.
go back to reference Madsen, M., Livshits, B., Fanning, M.: Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 499–509. ACM (2013) Madsen, M., Livshits, B., Fanning, M.: Practical static analysis of JavaScript applications in the presence of frameworks and libraries. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 499–509. ACM (2013)
27.
go back to reference Turhan, B., Kocak, G., Bener, A.: Software defect prediction using call graph based ranking (cgbr) framework. In: Proceedings of the 2008 34th Euromicro Conference Software Engineering and Advanced Applications (SEAA 2008), pp. 191–198. IEEE Computer Society, Washington, DC, USA (2008). https://doi.org/10.1109/SEAA.2008.52 Turhan, B., Kocak, G., Bener, A.: Software defect prediction using call graph based ranking (cgbr) framework. In: Proceedings of the 2008 34th Euromicro Conference Software Engineering and Advanced Applications (SEAA 2008), pp. 191–198. IEEE Computer Society, Washington, DC, USA (2008). https://​doi.​org/​10.​1109/​SEAA.​2008.​52
Metadata
Title
Towards the Efficient Use of Dynamic Call Graph Generators of Node.js Applications
Authors
Zoltán Herczeg
Gábor Lóki
Ákos Kiss
Copyright Year
2020
DOI
https://doi.org/10.1007/978-3-030-40223-5_14

Premium Partner