Tim Bächle

Context: Vulnerabilities in software systems are often overlooked, even though their exploitation through an attacker can have drastic consequences. In the context of configurable software systems, the situation becomes even more problematic, as the presence of a vulnerability can be tied to specific configurations (i.e., variants) of the system. Our analysis platform Vari-Joern, which is built around the query-based static analysis tool Joern, aims to address this problem by scanning the code of a configurable system for patterns typical of vulnerabilities using two common analysis strategies. Vari-Joern’s product-based strategy samples a set of representative configurations and analyses the associated variants of the system individually. It supports t-wise interaction sampling (i.e., sampling configurations such that all valid interactions between t features are covered) and uniform random sampling (i.e., sampling configurations at random with a uniform distribution). For (uniform) random sampling, multiple different approaches have been proposed. Currently, only Smarch of Oh et al. is supported.

Goal: Identify other available (uniform) random sampling approaches for configurable software systems, integrate support for them into Vari-Joern, and compare them with each other and t-wise interaction sampling regarding their vulnerability discovery capabilities in the context of real-world subject systems.

Requirements: Prior knowledge of configurable software systems (i.e., software product lines) is not required, but might be helpful.