Design & Architecture

SecureFlow – Static Taint Analysis Tool for Java

Overview

SecureFlow is a lightweight, research-oriented static analysis tool designed to demonstrate core taint tracking concepts used in software security research. The design prioritizes clarity, modularity, and extensibility over completeness.

High-Level Architecture

Java Source File
       ↓
JavaParser (AST Generation)
       ↓
TaintAnalyzer (AST Visitor)
       ↓
Issue Collection
       ↓
Report Generation

Core Components

AST Parsing

SecureFlow uses JavaParser to convert Java source files into an Abstract Syntax Tree (AST). This enables precise static inspection of program structure without executing code.

TaintAnalyzer

The analysis engine is implemented using the Visitor pattern. It tracks taint across:

Taint propagation is conservative to avoid false negatives, a common trade-off in static security analysis.

Rule Configuration

Security rules are loaded from an external JSON configuration file. This includes:

This design cleanly separates analysis logic from security policy.

Reporting Engine

Detected issues are formatted into a structured, human-readable report with:

Analysis Characteristics

Extensibility

SecureFlow is designed to support incremental research extensions, including:

← Back to SecureFlow Home