{"id":18609527,"url":"https://github.com/secure-software-engineering/mic9bench","last_synced_at":"2025-11-02T20:30:25.089Z","repository":{"id":148704440,"uuid":"115708971","full_name":"secure-software-engineering/mic9bench","owner":"secure-software-engineering","description":null,"archived":false,"fork":false,"pushed_at":"2018-03-08T14:00:01.000Z","size":249,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-27T01:25:17.945Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secure-software-engineering.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-29T09:33:37.000Z","updated_at":"2018-06-30T17:15:46.000Z","dependencies_parsed_at":"2023-05-29T15:00:28.393Z","dependency_job_id":null,"html_url":"https://github.com/secure-software-engineering/mic9bench","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fmic9bench","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fmic9bench/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fmic9bench/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secure-software-engineering%2Fmic9bench/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secure-software-engineering","download_url":"https://codeload.github.com/secure-software-engineering/mic9bench/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239400596,"owners_count":19632049,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T03:06:21.224Z","updated_at":"2025-11-02T20:30:24.979Z","avatar_url":"https://github.com/secure-software-engineering.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [](#mic9bench---a-module-integrity-and-confidentiality-for-java-9-analysis-benchmark-suite)MIC9Bench - An Integrity and Confidentiality for Java 9 Modules Analysis Benchmark Suite \n\n\nMIC9Bench (module, integrity, confidentiality for Java 9) is an open benchmark suite for evaluating static analyses w.r.t. integrity and confidentiality violations of Java 9 modules.\nTherefore, MIC9Bench provides various types of modules' confidentiality and integrity violations (1) and the ground truth that holds the information where the violation occurs (2).\n\n\nMIC9Bench contains 22 hand-crafted modules each violating either integrity or confidentiality. \nThe benchmark suite constitutes test cases for generic static-analysis challenges, e.g., field and object-sensitivity, as well as the module-specific challenges of computing an entry-point model and correctly emulating a module’s usage identifying violations.\n\n\nThe test cases contain special annotations (see instructions below). The statement and argument of the function calls describe the variable to test. To test different analyses, these annotations must be parsed and interpreted. These deliver input and output to the analyses.\n\n### [](#list-of-tests)List of tests\n\n| Fields |  Integrity/Confidentiality | \n| --- | :-: |\n| public.primitive.field | I/C  |\n| public.nonprimitive.field | I/C |\n| public.field.array | I/C |\n| public.field.collection | I/C |\n| field.abstract.superclass  | I/C | \n| getter.method | C |\n| setter.method | I |\n\n\n\n| Methods | Integrity/Confidentiality |\n| --- | :-: |\n| explicit.method  | C |\n| implicit.method.interface | C |   \t\n| implicit.method.abstract.superclass | C |\n\n\n\n| Method Parameter | Integrity/Confidentiality |\n| --- | :-: |\n| added.to.collection | I/C |\n| added.to.array | I/C |\n| static.method.access.to.field | C |\n\n\n\n| Callback | Integrity/Confidentiality |\n| --- | :-: |\n| argument.callback | C |\n| object.reference  | C |\n\n\n\n| Exception | Integrity/Confidentiality |\n| --- | :-: |\n| declared.exception | C |\n| undeclared.exception | C |\n\n\n\n| Reflection \u0026 Invoke API | Integrity/Confidentiality |\n| --- | :-: |\n| access.varhandle | I/C |\n| access.methodhandle | C | \n| access.methodhandle.lookup | I/C |\n| access.reflection  | I/C |\n\n\n| Side-Effect | Integrity/Confidentiality |\n| --- | :-: |\n| native.code | I/C | \n\n\n### [](#instructions-on-special-annotations)Instructions on Annotations\n\nThe annotation `@Critical` marks sensitive entities to analyze with respect to integrity or confidentiality violations.\nThus, the annotation describes the test case's variable and allocation site directly within the test program's code. \nTo use this benchmark, the appropriate information must be parsed from this annotation.\nThe annotations are defined in the module `mic9bench.annotation`, which must be on the module-path while compiling the test suite.\n\n\nAdditionally, the annotation `@Critical(path=\"Leak.field\", type=ViolationType.INTEGRITY);`  defines the statement at which the test is conducted and contains the ground truth. \nThe first argument, `\"Leak.field\"` is the access path for which the violation may occur, e.g., the field `field` of class `Leak`. \nThe second argument specifies whether  an `INTEGRITY`, `CONFIDENTIALITY`, `BOTH`, or `NONE` violation occurs w.r.t. the marked allocation site.\n\n### [](#how-to-test-a-module-analysis)How to test a Confidentiality and Integrity Java 9 Module Analysis\n\nQuery: Can the integrity or confidentiality of the field/method/class `t`  be violated through the access path `a`?\n\nThe field/method/class `t` is given through the `Critical` annotation. Parse all fields/methods/classes given the annotation.\n Match them to the all their possible allocation sites `s`. For each matching make sure that the allocation site is within the computed points-to set that is accessible outside of the module.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecure-software-engineering%2Fmic9bench","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecure-software-engineering%2Fmic9bench","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecure-software-engineering%2Fmic9bench/lists"}