Filters








7 Hits in 7.0 sec

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation [article]

Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2018 arXiv   pre-print
This paper proposes the Mutation-based soundness evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded  ...  We implement μSE as a semi-automated framework, and apply it to a set of prominent Android static analysis tools that detect private data leaks in apps.  ...  We thank the FlowDroid developers, as well as the developers of the other tools we evaluate in this paper, for making their tools available to the community, providing us with the necessary information  ... 
arXiv:1806.09761v2 fatcat:2qfojo6c7veavmrgwliulbui5i

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Amit Seal Ami, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2021 ACM Transactions on Privacy and Security  
This article describes the Mutation-Based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded  ...  We implemented μSE and applied it to a set of prominent Android static analysis tools that detect private data leaks in apps.  ...  ACKNOWLEDGMENTS We thank the developers of the evaluated tools for making their tools available to the community, and for being open to suggestions.  ... 
doi:10.1145/3439802 fatcat:jij564rmn5akhdpqdk5pzdempi

Table of Contents

2021 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)  
Testing 1 1 µSE: Mutation-Based Evaluation of Security-Focused Static Analysis Tools for Android 53 Amit Seal Ami (William & Mary, USA), Kaushal Kafle (William & Mary, USA), Adwait Nadkarni (William &  ...  of Virginia, USA), and Matthew Dwyer (University of Virginia, USA) IMGDroid: A Static Analyzer for Detecting Image Loading Defects in Android Applications 164 Wei Song (Nanjing University of Science and  ... 
doi:10.1109/icse-companion52605.2021.00004 fatcat:7dfrtn6aevbmlf3ikg6gmifcw4

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques [article]

Amit Seal Ami, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni
2021 arXiv   pre-print
Hence, several academic and commercial static analysis tools have been developed for detecting and mitigating crypto-API misuse.  ...  We develop 12 generalizable usage-based mutation operators and three mutation scopes that can expressively instantiate thousands of compilable variants of the misuse cases for thoroughly evaluating crypto-detectors  ...  ACKNOWLEDGMENT We thank the developers of the evaluated tools for making their tools available to the community, and for being open to discussion, suggestions, and improvements.  ... 
arXiv:2107.07065v4 fatcat:dae4vcxftjhftpiafpuur7vr4a

A Mutation Framework for Evaluating Security Analysis tools in IoT Applications [article]

Manar H. Alalfi, Sajeda Parveen, Bara Nazzal
2021 arXiv   pre-print
To ensure information security, we require better security analysis tools for IoT applications.  ...  To the best of our knowledge, our framework is the first framework to address the need for evaluating taint-flow analysis tools and specifically those developed for IoT SmartThings applications.  ...  [41] presented the Mutation-based soundness evaluation (µSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws and that by leveraging the well-founded  ... 
arXiv:2110.05562v1 fatcat:g7epw34mvjb25dasqhzbk4chve

When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid [article]

Daoyuan Wu and Debin Gao and Robert H. Deng and Rocky K. C. Chang
2020 arXiv   pre-print
Widely-used Android static program analysis tools, e.g., Amandroid and FlowDroid, perform the whole-app inter-procedural analysis that is comprehensive but fundamentally difficult to handle modern (large  ...  Such search-based inter-procedural analysis, however, is challenging due to Java polymorphism, callbacks, asynchronous flows, static initializers, and inter-component communication in Android apps.  ...  Besides µSE, two surveys [57] , [58] also tried to systematically assess the performance and accuracy of existing Android static analysis tools. IX.  ... 
arXiv:2005.11527v1 fatcat:xd2ytszspvdu7nrwpdikw4ng3q

How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection [article]

Asem Ghaleb, Karthik Pattabiraman
2020 pre-print
A number of static analysis tools have been developed for finding security bugs in smart contracts.  ...  This paper proposes SolidiFI, an automated and systematic approach for evaluating smart contract static analysis tools.  ...  We thank Julia Rubin, Sathish Gopalakrishnan, Konstantin Beznosov, and the anonymous reviewers of ISSTA'20 for their helpful comments about this work.  ... 
doi:10.1145/3395363.3397385 arXiv:2005.11613v1 fatcat:vsh6bcvkdzfrpbd4gd4k6mir2m