TUM Logo

Abstract Interpretation Framework for Source Code Analysis

Abstract Interpretation Framework for Source Code Analysis

Supervisor(s): Dr. Julian Schütte
Status: open
Topic: Others
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

In cooperation with Fraunhofer AISEC


Abstract Interpretation Framework for Source Code Analysis


Motivation and Topic
Abstract Interpretation is a powerful static analysis technique that approximates the semantics of a program and
is able to prove that a program adheres to certain constraints. While its origins are in compiler optimizations,
abstract interpretation can also be used as a tool to automatically find hard-to-detect vulnerabilities such as
integer overflows. In contrast to fuzzing, unit testing, and symbolic execution, it does not attempt to explore as
many relevant execution paths as feasible within a time span, but rather aims at creating an assertion about all
possible execution paths. This is especially relevant in cases where the absence of a vulnerability should be
shown.
There is a substantial body of theoretical work on abstract interpretation. However, practical implementations
are scarce and typically focused at niche programming languages and applications. The aim of this thesis is
thus to build the foundation for a practically relevant abstract interpretation framework that can be applied to
intermediate representations such as Code Property Graphs or LLVM IR. It will be your task to design and
implement an abstract interpretation framework and apply one of the existing abstract domains to detect errors
in cryptographic code, such as violations of key sizes.


Requirements
-  Programming skills (Java is preferred, but other languages are also fine)
- A preliminary understanding of abstract interpretation or the motivation to get into the topic
- An interest in transferring challenging theories into practical applications
- Ability to work self-directed and systematically


The thesis can be written in English or German.


Contact
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Dr. Julian Schütte
E-Mail: julian.schuette@aisec.fraunhofer.de
Phone: +49 89 322-9986-173