In this work we present an industry-driven case study of applying static program analysis to the Android kernel. In particular, we investigate the ability of open source tools as represented by Cppcheck and of commercial tools as represented by Goanna to detect security vulnerabilities. In our case study, we explore static security checking along the dimensions of setup effort, run time, quality of results and usability for large code bases. We present the results we obtained from analyzing the Android Goldfish kernel module of around 740 kLoC of C/C++ code. Moreover, we highlight some lessons learned that might serve as a guidance for future applications.
CITATION STYLE
Liu, T., & Huuck, R. (2015). Case study: Static security analysis of the android goldfish kernel. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9109, pp. 589–592). Springer Verlag. https://doi.org/10.1007/978-3-319-19249-9_39
Mendeley helps you to discover research relevant for your work.