What is PEAKS?
PEAKS is an acronym for "Platform for the Efficient Analysis and Secure Composition of Software Components"
A fundamental building block in making software engineering more efficient is the reuse of existing components and libraries. Applications are composed of a stack of libraries in conjunction with the respective business code. But as the code of the libraries becomes a part of the control flow of the application, it will run in the same process and thus in the same security context as the main application regardless of the actual need for such a privilege. We aim to build a tool to detect these unnecessary permissions in software libraries and to recommend procedures to limit these privileges or their impact.
PEAKS is developed by the Security Subgroup of the Software Technology Group at Technische Universität Darmstadt
PEAKS was funded by the German Ministry of Education and Research (BMBF) (Reference no. 01IS12054) as part of the Softwarecampus initiative.
Find out more »Components
PEAKS is actually the hub of a lot of smaller projects. Here are the ones that we already made available publicly:
High-level Capability Inference
Ever wondered what system resources the library you are about to include into your software project uses? We can find out for you!
SootConfig
Configuring Soot to run your analysis can be a tough job. We have a fluent interface that can help you.
SootKeeper
Do you have a large evaluation base to run your analysis on? Tired of rerunning the basic analyses when only your specific analysis changes? We developed OSGi modularity for static analysis to counter this.
Team
Ben Hermann
Project lead
Leonid Glanz
Developer/Researcher
Michael Reif
Developer/Researcher
Lawrence Dean
Student Developer
Tim Kranz
Student Developer
Florian Kübler
Student Developer
Patrick Müller
Student Developer
Ben Setzer
Intern
Moritz Tiedje
Student Developer
Publications
Getting to Know You: Towards a Capability Model for Java.
Ben Hermann, Michael Reif, Michael Eichberg, and Mira Mezini.
To appear in Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’15)
[Preprint]
Hidden Truths in Dead Software Paths
Michael Eichberg, Ben Hermann, Mira Mezini, and Leonid Glanz.
To appear in Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’15)
[Preprint]
Design your analysis: a case study on implementation reusability of data-flow functions.
Johannes Lerch and Ben Hermann.
In Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis (SOAP 2015). ACM, New York, NY, USA, 26-30.
[Preprint]
A software product line for static analyses: the OPAL framework.
Michael Eichberg and Ben Hermann.
In Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis (SOAP '14). ACM, New York, NY, USA, 1-6.
[Preprint]
Presentations and Downloads
Contact
Ben Hermann
hermann@st.informatik.tu-darmstadt.de
Technische Universität Darmstadt
Fachbereich Informatik
Fachgebiet Softwaretechnik
Ben Hermann
Hochschulstraße 10
64285 Darmstadt
GERMANY