Lya is a corse-grained dynamic analysis framework for interposes at the boundaries of libraries within an application. It is useful for both industrial users and academic researchers working with programs (i) that use many small libraries often written in functional style, and (ii) with significant dynamic behaviors -- e.g., runtime code evaluation, dynamic loading, and runtime reflection. Lya enables concise analyses targeting JavaScript libraries and multi-library programs to extract information or enforce invariants. Examples include identifying security vulnerabilities, highlighting performance bottlenecks, and applying corrective actions.
The tutorial consists of three parts. The first part provides an overview of Lya, including a comparison with more conventional approaches to dynamic analysis. The second part is a hands-on session of applying built-in analyses to real libraries, including configuration parameters targeting their granularity. The third part is a live coding session focused on building an analysis -- we use Lya’s interfaces to build one of the aforementioned analyses from scratch.
Join us on Zoom, Slack, and Clawdr.
(Slides)
- Administrivia
- Introduction / Motivation
- Overview / Demo
- Security: Allow-Deny Analysis
- Performance: Call-Number/Time Analysis
- Other Analyses: Source-index
- Externals: Hook Interface
- Internals: Transformations & Rebinding
- Diving Deeper: Writing an Analysis
- Nikos Vasilakis (Massachusetts Institute of Technology)
- Grigoris Ntousakis (TU Crete)
Ideally, use Node 8.9.4
Installation: npm i -g @andromeda/lya.
GitHub Project: github.com/andromeda/lya
Mailing lists: Commits | Discussion
@inproceedings{lyaTutorial,
author = {Vasilakis, Nikos and Ntousakis, Grigoris},
title = {Library-Oriented Dynamic Analysis with Lya},
year = {2020}
}