Docstoc

Static and Dynamic Protection fr

Document Sample
Static and Dynamic Protection fr Powered By Docstoc
					    Improving Software Security with Precise
                Static and Runtime Analysis


                                       Benjamin Livshits
                                                  SUIF Compiler Group
                                                 Computer Systems Lab
                                                   Stanford University




        http://suif.stanford.edu/~livshits/work/griffin/
1
    Security Vulnerabilities: Last 10 Years


    6,000


    5,000


    4,000


    3,000


    2,000


    1,000


       0
            1995   1996   1997   1998   1999   2000   2001   2002   2003    2004      2005


2                                                                   *Source: NIST/DHS Vulnerability DB
    Which Security Vulnerabilities are Most Prevalent?

       •     Analyzed 500 vulnerability reports, one week in November 2005



                                                                         294 vuln.
              Input Validation
                                                                         or 58%
              Denial of Service

                         Other

                   File Include

      Authentication Bypass

    Tem p. File M anipulation

           M em ory Corruption

        Unauthorized Access

           Privilege Escalation

                Heap Overflow

                                  0   50   100   150   200   250   300    350


3                                                                          *Source: securityfocus.com
      Focusing on Input Validation Issues


               SQL Injection
         Cross-site Scripting
            Buffer Overrun
     Information Disclosure
           Code Execution
                      Other
             Path Traversal
                                              Web application
              Format String                    vulnerabilities
          Integer Overflow
    HTTP Response Splitting

                                0   20   40          60            80               100

4                                                                *Source: securityfocus.com
    SQL Injection Example

                              •    Web form allows user to look up
                                   account details

                              •    Underneath: Java J2EE Web
                                   application serving requests




        String username = req.getParameter(“user”);
        String password = req.getParameter(“pwd”);
        String query = “SELECT * FROM Users WHERE
                username =“ + user +
               “ AND Password =“ + password;
        con.executeQuery(query);
5
    Injecting Malicious Data (1)



                                  submit




       ...
       ...
       String query = “SELECT * FROM Users WHERE
               username = 'bob'
              AND password = „********„”;
       ...
6
    Injecting Malicious Data (2)



                                submit




       ...
       ...
       String query = “SELECT * FROM Users WHERE
               username = 'bob„--
               „AND password = „ „”;
       ...
7
    Injecting Malicious Data (3)



                                submit




       ...
       ...
       String query = “SELECT * FROM Users WHERE
               username = 'bob„; DROP Users--
              „AND password = „„”;
       ...
8
    Attack Techniques for Taint-Style Vulnerabilities



       1. Sources (inject)               2. Sinks (exploit)
       •   Parameter manipulation        •   SQL injections
       •   Hidden field manipulation     •   Cross-site scripting
       •   Header manipulation           •   HTTP request splitting
       •   Cookie poisoning              •   Path traversal
       •   Second-level injection        •   Command injection




        1. Parameter manipulation + 2. SQL injection = vulnerability


9
     Goals of the Griffin Software Security Project

      Cross Site Scripting                            Cross Site Tracing              HTTP Response
                          SQL injection Hotmail                                     mySpace
                                                                                         Splitting
                                     (persistent XSS)                  HTTP Request (XSS)        RI Government
               Guess            Path traversal
                                                                         Smuggling               (SQL injection)
                                                                                         DOM-Based XSS
          (SQL injection)             Cookie Poisoning           Hundreds of Stanford
                                 Microsoft Passport                      sites                    Domain Contamination
                                        (XSS)                     (command injection)

             2000            2001            2002            2003            2004            2005            2006




     • Financial impact
        – Cost per incident:          $300,000+
        – Total cost of online fraud: $400B/year


     • Griffin Project goals
        – Address vulnerabilities in Web applications
        – Focus on large Java J2EE Web applications
10
     Griffin Project Contributions

     Effective solution   •   Effective solution addressing a large range of real
     of Web App Sec           life problem in domain of Web Application Security
     problems


     Static               •   Pushed state of the art in global static/pointer
     analysis                 analysis; precisely handle large modern applications



     Runtime              • Design of an efficient dynamic techniques that
     analysis               recover from security exploits at runtime



     Experimental         •   Comprehensive, large scale evaluation of problem
     validation               complexity and analysis features; discovered many
                              previously unknown vulnerabilities


11
     Overview


     Static


     Extensions
                   Overview of the Griffin Project
     Dynamic


     Experiments


     Conclusions


     Future


12
      Griffin Project: Framework Architecture

                          Vulnerability              Application                 Provided
                          specification               bytecode                   by user



               Static analysis                                Dynamic analysis

            [Livshits and Lam,                              [Martin, Livshits, and Lam,
            Usenix Security ’05]                            OOPSLA ’05]




              Vulnerability                                     Instrumented
               warnings                                          application



     Pros:                                         Pros:
      Find vulnerabilities early                   Keeps vulnerabilities from doing harm
      Explores all program executions              Can recover from exploits
      Sound, finds all vuln. of particular kind    No false positives, but has overhead
13
       Following Unsafe Information Flow / Taint Flow

                                    How do we know
                                     what these are?




                                                                 sanitizer
                 “…” + “…”
                                                                             sink
     Servlet.getParameter(“user”)
                (source)




                                                       Statement.executeQuery(...)
                                                                 (sink)



14
      Vulnerability Specification

     • User needs to specify
        –   Source methods                     query simpleSQLInjection
        –   Sink methods                        returns
        –   Derivation methods                     object String param, derived;
                                                uses
        –   Sanitization methods
                                                   object HttpServletRequest req;
                                                   object Connection          con;
     • PQL: Program Query Language                 object StringBuffer        temp;
       [Martin, Livshits, and Lam               matches {
                                                   param = req.getParameter(_);
       OOPSLA’05]
        – General language for describing           temp.append(param);
          events on objects                         derived = temp.toString();

                                                    con.executeQuery(derived);
     • Real queries are longer                  }
        – 100+ lines of PQL
        – Captures all vulnerabilities
        – Suitable for all J2EE applications

15
     Overview


     Static


     Extensions
                   Static Analysis
     Dynamic


     Experiments


     Conclusions


     Future


16
     Motivation: Why Pointer Analysis?


           String username = req.getParameter(“user");
           list1.addFirst(username);
           ...
           String str = (String) list2.getFirst();
           con.executeQuery(str);




     • What objects do username and str point to?

     • Question answered by pointer analysis
        – A classic compiler problem for 20 years+

        – Rely on context-sensitive inclusion-based pointer analysis
          [Whaley and Lam PLDI’04]
17
     Pointer Analysis Precision

                              Runtime                                     Static
                              heap                                        representation




                                                   Static approximation




                                                                                   h
            o1         o2         o3




     •   Imprecision of pointer analysis → false positives
     •   Precision-enhancing pointer analysis features
           •     Context sensitivity [Whaley and Lam, PLDI’04] (not enough)
           •     Object sensitivity
           •     Map sensitivity
18
     Importance of Context Sensitivity

          Imprecision → Excessive tainting → false positives



                                     c1
       tainted                c1
                                   String id(String str) {
                                        return str;
                                   }
       untainted
       tainted                c2
                                    c2



                           points-to(v : Var, v Var, h
                   points-to(vc : VarContext,h :: Heap) : Heap)




                              Context sensitivity
                              Context insensitive
19
     Handling Containers: Object Sensitivity
     1. String s1 = new String(); // h1                     points-to(*, s, h1)
     2. String s2 = new String(); // h2
                                                            points-to(*, s, h2)
     3.
     4. Map map1 = new HashMap();
     5. Map map2 = new HashMap();
     6.
                                                            points-to(*, s, *)
     7. map1.put(key, s1);
     8. map2.put(key, s2);
     9.
     10. String s = (String) map2.get(key);




               points-to(vc : VarContext, :Var, h v: Heap,
                  points-to(vo1::Heap, 1: 2: vHeap, Heap)
         points-to(vc : VarContext, vovoHeap, vo:2h:: Var, v : Var,
                  points-to(vo Heap, v        : Var,  Heap)
                                 ho Heap, h Heap)
                                ho ::Heap, h ::Heap)


                 1-level      1-level object sensitivity sensitivity
                                  Object sensitivity
                                  sensitivity + context
                           objectContextsensitivity
20
     Inlining: Poor Man’s Object Sensitivity
     •   Call graph inlining is a practical alternative
         –   Inline selected allocations sites
             •     Containers: HashMap, Vector, LinkedList,…
             •     String factories: String.toLowerCase(), StringBuffer.toString(), ...
         –   Generally, gives precise object sensitive results


     •   Need to know what to inline: determining that is hard
         –       Inlining too much → doesn’t scale
         –       Inlining too little → false positives
         –       Iterative process


     •   Can’t always do inlining
         –       Recursion
         –       Virtual methods with >1 target


21
     Map Sensitivity
       1. ...
       2. String username = request.getParameter(“user”)
       3. map.put(“USER_NAME”, username);


       ...                “USER_NAME” ≠ “SEARCH_QUERY”


       4. String query = (String) map.get(“SEARCH_QUERY”);
       5. stmt.executeQuery(query);
       6. ...



     • Maps with constant string keys are common
     • Map sensitivity: augment pointer analysis:
        – Model HashMap.put/get operations specially


22
     Analysis Hierarchy


         Context        Object           Map                  Flow
        sensitivity   sensitivity     sensitivity           sensitivity

          None            None             None                 None


                          1-OS                                Local flow


          k-CFA           k-OS            Constant            Predicate-
                                            keys               sensitive



         ∞-CFA            ∞-OS        Symbolic analysis    Interprocedural
                                          of keys         predicate-sensitive


         ∞-CFA         Partial 1-OS      Constant           Local flow
                                        string keys


23
      PQL into Datalog Translation
     Datalog Query
     PQL Query
                                                      [Whaley, Avots,
     query simpleSQLInjection
     simpleSQLInjection(hparam, hderived ) :–
        returns
       ret(i1, v1),
                                                      Carbin, Lam,              Relevant
       call(c1, i2, String param, derived;
             object "ServletRequest.getParameter"),   APLAS ’05]
                                                                            instrumentation
        uses
       pointsto(c1, v1, hparam),
             object ServletRequest req;                                           points
             object , 0), actual(i2, con; 1),
       actual(i2, v2Connection          v3,




                                                           Datalog solver
             object "StringBuffer.append"),
       call(c2, i2, StringBuffer       temp;
        matches {
       pointsto(c2, v2, htemp),
             param = req.getParameter(_);
       pointsto(c2, v3, hparam),

            temp.append(param);
       actual(i3, v4, 0), ret(i3, v5),
            derived = temp.toString();
       call(c3, i3, "StringBuffer.toString"),
       pointsto(c3, v4, htemp),
            con.executeQuery(derived);
       pointsto(c3, v5, hderived),
        }
       actual(i4, v6, 0), actual(i4, v7, 1),
       call(c4, i4, "Connection.execute"),                                  Vulnerability
       pointsto(c4, v6, hcon),
       pointsto(c4, v7, hderived).
                                                                             warnings




24
     Eclipse Interface to Analysis Results

     • Vulnerability traces are exported into Eclipse for review
        – source → o1 → o2 → … → on → sink




25
     Importance of a Sound Solution

     • Soundness:

        – only way to provide guarantees on application’s security posture

        – allows us to remove instrumentation points for runtime analysis

     • Soundness claim




                  Our analysis finds all vulnerabilities
                in statically analyzed code that are
                     captured by the specification


26
     Overview


     Static


     Extensions
                   Static Analysis Extensions
     Dynamic


     Experiments


     Conclusions


     Future


27
     Towards Completeness

     • Completeness goal:
       – analyze all code that
         may be executed at
         runtime
                                 specify roots




                                                 discover the rest
28
     Generating a Static Analysis Harness
                  public class Harness {
                   <servlet>
                          <servlet-name>blojsomcommentapi</servlet-name>
                       public static void main(String[] args){
                          <servlet-class>
                             processServlets();
                            org.blojsom.extension.comment.CommentAPIServlet
                            </servlet-class>
                             processActions();
                           <init-param>
                               <param-name>blojsom-configuration</param-name>
                             processTags();
                           </init-param>
                             processFilters();
                           <init-param>
                               <param-name>smtp-server</param-name>
                       }       <param-value>localhost</param-value>
                       ...</init-param>
                           <load-on-startup>3</load-on-startup>
                  }</servlet>

       App          App           App
                                                      500,000+ lines of code
     web.xml     web.xml       web.xml


                                                    1,500,000+ lines of code
             Application Server
                   (JBoss)
                                                           2M+ lines of code
29
     Reflection Resolution
            Constants              Specification points




     1.   String className = ...;
     2.   Class c = Class.forName(className);           Q: what
     3.   Object o = c.newInstance();                 object does
     4.   T t      = (T) o;                           this create?



     1. String className = ...;
     2. Class c = Class.forName(className);
        Object o = new T1();
        Object o = new T2();                                [Livshits,
        Object o = new T3();                             Whaley, and
     4. T t      = (T) o;                             Lam, APLAS’05]
30
     Reflection Resolution Results
     • Applied to 6 large Java apps, 190,000 lines combined

              Methods                Call graph sizes compared
     18,000


     16,000


     14,000


     12,000


     10,000


      8,000


      6,000


      4,000


      2,000


         0
                        jgap   f reet t s   grunt spud   jedit   columba   jf reechart
31
     Overview


     Static


     Extensions
                   Dynamic Analysis
     Dynamic


     Experiments


     Conclusions


     Future


32
     Runtime Vulnerability Prevention

                                [Martin, Livshits, and
                                Lam, OOPSLA’05]
         App

                                         1. Detect and stop
                              App        2. Detect and recover

     Vulnerability
     specification




                                                    App



                                Application Server
                                      (JBoss)

33
     Runtime Instrumentation Engine

       • PQL spec → into state machines
              – Run alongside program, keep track of partial matches
              – Run recovery code before match


                         {x=o3}     y := x         {x=y=o3}
                   ε
                                                                       ε
                   ε     t=x.toString()      y := derived(t)
                                                                   ε

     {x=o3}    ε                    {x=o3}              {x=y=o3}       ε
                          t.append(x)        y := derived(t)
                {x=o3}

                                                                       sanitizer



34
     Reducing Instrumentation Overhead
                      query simpleSQLInjection
                         returns
                              object String param, derived;
                         uses
                              object ServletRequest req;
                              object Connection      con;
                              object StringBuffer    temp;
                         matches {
                              param = req.getParameter(_);
           1.   String name = req.getParameter(“name”);
           2.   StringBuffer temp.append(param);
                              buf1 = new StringBuffer();
                             derived = temp.toString();
           3.   StringBuffer buf2 = new StringBuffer(“def”);
           4.   buf2.append(“abc”);
                             con.executeQuery(derived);
           5.            }
                buf1.append(name);
           6.   con.executeQuery(buf1.toString());
           7.   con.executeQuery(buf2.toString());


     • Instrument events on objects that may be part of a match
     • Soundness allows to remove instrumentation points

35
     Overview


     Static


     Extensions
                   Experimental Results
     Dynamic


     Experiments


     Conclusions


     Future


36
     Experimental Evaluation


                     Benchmarks Total Lines        Griffin   CodeAssure
     SecuriBench
                          11        3,203,698
     Macro
     SecuriBench
                         102          5,588
     Micro


     • Comprehensive evaluation:
        – SecuriBench Macro [SoftSecTools ’05]
        – SecuriBench Micro
        – Google: SecuriBench


     • Compare Griffin to a commercially available tool
        – Griffin vs. Secure Software CodeAssure
        – CodeAssure: March 2006 version
37
     Benchmark Statistics




                                                                                                                                                    Lines of Code
        Benchmark       Version                                               LOC                    Exp. LOC                 Files                       Jars
                                                                                                                                              Classes 600,000
     jboard      LOC          0.3                                             17,542                             95,845          90                      311500,00029
                 Expanded LOC
     webgoat                  0.9                                             17,678                     117,207                 73                      296                  27
                                                                                                                                                                    400,000
     jgossip                                                  1.1             72,795                    170,893                 537                      575                  63
     personalblog                                1.2.6                         5,635                    226,931                  38                      754300,00065
     blojsom                                           2.30                   53,309                    332,902                 245                      395200,00041
     road2hibernate                                           1.1              2,601                    352,737                  21                      796100,00034
     snipsnap                             1.0-BETA-1                          48,220                    445,461                 446                      859                  68
                                                                                                                                                                    0
     pebble                                1.6-beta1                          42,920                    449,395                 333                      945                  47




                                                                                                      snipsnap
                                               personalblog




                                                                                                                                 jorganizer
                                                                                    road2hibernate
                                jgossip




                                                                                                                     pebble
                                                                    blojsom




                                                                                                                                                roller
             jboard



                      webgoat




     jorganizer                               0.0.22                          14,495                    454,735                 107                      920                  35
     roller                                      0.9.9                        52,089                     557,592                276                      972             133
     Total                                                           327,284 3,203,698 2,166                                                   6,823                    542




38
     SecuriBench Macro: Static Summary

              Benchmark   Sources   Sinks       Vulnerabilities   False positives
     jboard                     1           8                 2                 0
     blueblog                  11       32                    2                 0
     webgoat                   13       47                    5                 0
     personalblog              45       22                   40                 0
     blojsom                   34       29                    6                 0
     snipsnap                 138       88                   16                 0
     road2hibernate             2       13                   13                 0
     pebble                   123       39                    0                 0
     roller                    41       66                    5               147
     jorganizer               116       20                    7                 0
     jgossip                   22       29                    0                 0
                                    Totals                   98              147




39
     Vulnerability Classification

                 Sinks      SQL       HTTP splitting   Cross-site         Path      Totals
     Sources             injections                    scripting        traversal
     Header
                                  0                1                0           0       1
     manipulation
     Parameter
                                 55               11                2          10      78
     manipulation
     Cookie
                                  0                1                0           0       1
     poisoning
     Non-Web
                                 15                0                0           3      18
     inputs
     Totals                     70               13                 2         13       98



     • Reported issues back to program maintainers
         • Most of them responded, most confirmed as exploitable
         • Vulnerability advisories issued


40
     SecuriBench Micro: Static Summary

     Category          Tests   Vulnerabilities        False Positives

     basic                41                     59                     3
     collections          14                     13                     3
     interprocedural       0                      0                     0
     arrays                9                      8                     4
     predicates            9                      4                     4
     sanitizers            6                      4                     2
     aliasing              6                     11                     1
     data structures       6                      5                     1
     strong updates        5                      1                     2
     factories             0                      0                     0
     session               3                      3                     1
     Total              102                 111                    21



41
     A Study of False Positives in blojsom

        Base
                                             Lines of Code               50 K
                                             Expanded LOC             333 K
                                             Classes                     395
                                             Sources                      40
                With context                 Sinks                        29
                 sensitivity
                                             Vulnerabilities               6
           Q: How important are analysis
        114
       features for avoiding false positives?
                       With object
                               sensitivity
                    84


                                  43           With map        With sanitizers
                                               sensitivity        added
                                                     5               0
42
     Griffin vs. CodeAssure
                                            Griffin   CodeAssure
                    160
                    140
                    120
                    100
     SecuriBench
                    80
     Macro                                                                 80+
                    60
                    40
                    20


       Q: What is the relationship between false
                     0

                  Vulnerabilities False positives False negatives

                   positives and false negatives?
                    120

                    100

                     80

                     60
     SecuriBench
                     40
     Micro                                                                 40+
                     20

                      0

                          Vulnerabilities   False positives        False negatives

43
     Deep vs. Shallow Vulnerability Traces


                       80


                       70


                       60

                                Q: How complex are the
     Number of paths




                       50



                                    vulnerabilities we find?
                       40


                       30


                       20


                       10


                        0
                            1   3    4   5   6   7     8     9     10   11   12   13   14   16

                                                     Path length



44
     Analyzing personalblog
                     Application code                      Hibernate library code
     Analyzed lines of code                 226,931
     Total sources                                 45
     Total sinks                               137                                  sinks
     Used sources                                   5
     Used sinks                                     8
     Reachable objects                        1,806
     Paths through the graph                   100
             sf.hibernate.Session.find(…)
       Q: What is the connectivity between
     Source-sink invocation site pairs             40



                sources and sinks?
           sources
                                         objects
                                                        roller

                              1 falsely tainted object → 100+ false positives

45
     Runtime Analysis Results
     • Experimental confirmation
           – Blocked exploits at runtime in our experiments

     • Naïve implementation
           – Instrument every string operation → high overhead

     • Optimized implementation
           – 82-99% of all instrumentation points are removed


                       140%
                                                       Unoptim ized       Optim ized
                       120%

                       100%
       Overhead (% )




                       80%                                                                        < 1%
                       60%

                       40%

                       20%

                        0%
                              webgoat   personalblog     road2hibernate       snipsnap   roller
46
     Overview


     Static


     Extensions
                   Related Work &
                       Conclusions
     Dynamic


     Experiments


     Conclusions


     Future


47
     Lessons Learned

     • Context sensitivity is good. Object sensitivity is great,
       but hard to scale. Scaling it: important open problem

     • Can’t ignore reflection in large programs; reflection
       makes the call graph much bigger

     • Many of the bugs are pretty shallow; there are,
       however, complex bugs, especially in library code

     • Practical tools tend to introduce false negatives to
       avoid false positives; not necessarily a good choice

     • Automatic recovery from vulnerabilities is a very
       attractive approach; overhead can be reduced


48
     Related Work
     •   Web application security work
          – Penetration testing tools (black box testing)
          – Application firewalls (listen on the wire and find patterns)
     • Practical automatic static error detection tools
          – WebSSARI (static and dynamic analysis of PHP) [Huang,... ’04]
          – JDBC checker (analysis of Java strings) [Wasserman, Su ’04]
          – SQLRand (SQL keyword randomization) [Boyd and Keromytis ’04]

                                  Web Application Security Papers

                20
                               [Usenix ’05]
                15
                10

                 5
                 0
                           2004                   2005                    2006

                                     [OOSPLA ’05]


49                                      *Source: http://suif.stanford.edu/~livshits/work/griffin/lit.html
     Future Work

            Applying Model-checking to Web applications (Michael Martin)


            Learning Specification from Runtime Histories (with Naeim)


            Partitioned BDDs to Scale bddbddb Better (with Jean-Gabriel/Prof. Dill)


            Analyze Sources of Imprecision in Datalog


            Analyzing Sanitization Routines


            Attack Vectors in Library Code


            Type Qualifiers in Java (with Dave Greenfieldboyce at UMD)


            Using Model Checking to Break Sanitizers

50
                               Special Thanks

                             Stella, My parents, My sister


                                        Monica


                             Alex, Dan, Dawson, Elizabeth


        Ramesh Chandra, Darlene Hadding, David Heine, Michael Martin, Brian
         Murphy, Joel Sandin, Constantine Sapuntzakis, Chris Unkel, John Whaley,
                                    Kolya Zeldovich


     Dzintars Avots, Ron Burg, Mark Dilman, Craig Foster, Chris Kaelin, Amit Klein,
        Ted Kremenek, Iddo Lev, John Mitchell, Carrie Nielsen, David Pecora, Ayal
         Pincus, Jai Ranganathan, Noam Rinetzky, Mooly Sagiv, Elena Spector, Jeff
             Ullman, Eran Yahav, Gaylin Yee, Andreas Zeller, Tom Zimmerman


                             National Science Foundation

51
                                                                                                     The End.

     Griffin Security Project                            http://suif.stanford.edu/~livshits/work/griffin/

     Stanford SecuriBench                                http://suif.stanford.edu/~livshits/securibench/

     Stanford SecuriBench Micro                          http://suif.stanford.edu/~livshits/work/securibench-micro/

     PQL language                                        http://pql.sourceforge.net/


              1.      Finding Security Vulnerabilities in Java Applications with Static Analysis, Livshits and Lam, 2005.
              2.      Finding Application Errors and Security Flaws Using PQL, Martin, Livshits, and Lam, 2005.
              3.      Defining a Set of Common Benchmarks for Web Application Security, Livshits, 2005.
              4.      Reflection Analysis for Java, Livshits, Whaley and Lam, 2005.
              5.      DynaMine: Finding Common Error Patterns by Mining Software Revision Histories, Livshits and
                      Zimmermann, 2005.
              6.      Locating Matching Method Calls by Mining Revision History Data, Livshits and Zimmermann, 2005.
              7.      Turning Eclipse Against Itself: Finding Bugs in Eclipse Code Using Lightweight Static Analysis, 2005.
              8.      Context-Sensitive Program Analysis as Database Queries, Lam, Whaley, Livshits, Martin, Avots, Carbin,
                      Unkel, 2005.
              9.      Improving Software Security with a C Pointer Analysis, Avots, Dalton, Livshits, M.S. Lam, 2005.
              10.     Findings Security Errors in Java Applications Using Lightweight Static Analysis, Livshits, 2004.
              11.     Tracking Pointers with Path and Context Sensitivity for Bug Detection in C Programs, Livshits and Lam, 2003.
52            12.     Mining Additions of Method Calls in ArgoUML, Zimmerman, Breu, Lindig, and Livshits, 2006.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:4
posted:4/23/2010
language:English
pages:52