liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Tools for static code analysis: A survey
Linköping University, Department of Computer and Information Science.
2009 (English)Independent thesis Advanced level (degree of Master (One Year)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This thesis has investigated what different tools for static code analysis, with anemphasis on security, there exist and which of these that possibly could be used in a project at Ericsson AB in Linköping in which a HIGA (Home IMS Gateway) is constructed. The HIGA is a residential gateway that opens up for the possibility to extend an operator’s Internet Multimedia Subsystem (IMS) all the way to the user’s home and thereby let the end user connect his/her non compliant IMS devices, such as a media server, to an IMS network.

Static analysis is the process of examining the source code of a program and in that way test a program for various weaknesses without having to actually execute it (compared to dynamic analysis such as testing).

As a complement to the regular testing, that today is being performed in the HIGA project, four different static analysis tools were evaluated to find out which one was best suited for use in the HIGA project. Two of them were open source tools and two were commercial.

All of the tools were evaluated in five different areas: documentation, installation & integration procedure, usability, performance and types of bugs found. Furthermore all of the tools were later on used to perform testing of two modules of the HIGA.

The evaluation showed many differences between the tools in all areas and not surprisingly the two open source tools turned out to be far less mature than the commercial ones. The tools that were best suited for use in the HIGA project were Fortify SCA and Flawfinder.

As far as the evaluation of the HIGA code is concerned some different bugs which could have jeopardized security and availability of the services provided by it were found.

Place, publisher, year, edition, pages
2009. , 119 p.
Keyword [en]
Static analysis, Software security, IMS, HIGA
National Category
Computer Science
Identifiers
URN: urn:nbn:se:liu:diva-16658ISRN: LIU-IDA/LITH-EX-A--09/003--SEOAI: oai:DiVA.org:liu-16658DiVA: diva2:160205
Presentation
2009-02-06, al-Khwarizmi, IDA, Linköpings universitet, Linköping, 10:00 (Swedish)
Uppsok
teknik
Examiners
Available from: 2009-02-16 Created: 2009-02-09 Last updated: 2009-02-16Bibliographically approved

Open Access in DiVA

fulltext(0 kB)2923 downloads
File information
File name FULLTEXT01.pdfFile size 0 kBChecksum SHA-512
a8a9ae5fbd8ee99e8026e7568313b3fb547d36d66bc5e7c3ec962829f6fc36a8c8a859ec209536d56f9f78f6c48562cfc465ec2bd5fda61eae0a3cf5fa620b3f
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Hellström, Patrik
By organisation
Department of Computer and Information Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 2923 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1682 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf