The need to protect computers from malicious software is ongoing. One approach uses static analysis of Java source code for security. Here, programs are analyzed for their expected behavior prior to being executed. Included within this approach are techniques which perform inter-procedural static analysis. These analyses create each program's call graph prior to the analysis because it is the call graph upon which the analysis operates. Inter-procedural static analyses are very few in number however. One reason for this is due to the time requirement to create call graphs for object-oriented programs.
This dissertation presents the CSG algorithm, a technique to speed up statically analyzing object-oriented computer programs. The CSG algorithm first parses some Java program for properties that will trigger only the security oriented inter-procedural static analyses the program requires. The algorithm proceeds to create a single construction of any call graph algorithm required by one or more of the triggered analyses. This work will show the efficiency of constructing a single call graph for n number of analyses requiring that unique call graph as apposed to duplicating the call graph construction n times. We also show the efficiency of triggering for a Java program, only those analyses the program requires as apposed to applying every available analysis to the program.
