898 Hits in 7.0 sec

Effective and efficient API misuse detection via exception propagation and search-based testing

Maria Kechagia, Xavier Devroey, Annibale Panichella, Georgios Gousios, Arie van Deursen
2019 Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2019  
We introduce Catcher, a novel API misuse detection approach that combines static exception propagation analysis with automatic search-based test case generation to effectively and efficiently pinpoint  ...  KEYWORDS API misuse, software crash, static exception propagation, searchbased software testing * This work was done and completed at the Delft University of Technology.  ...  ACKNOWLEDGMENTS This research was partially funded by the EU Horizon 2020 ICT-10-2016-RIA "STAMP" project (No.731529) and the Dutch 4TU project "Big Software on the Run".  ... 
doi:10.1145/3293882.3330552 dblp:conf/issta/KechagiaDPGD19 fatcat:wkrf4g32lbcxbbr65psa572doq

Toward Understanding Deep Learning Framework Bugs [article]

Junjie Chen, Yihua Liang, Qingchao Shen, Jiajun Jiang
2022 arXiv   pre-print
Understanding the characteristics of DL framework bugs is a fundamental step for this quality assurance task, facilitating to design effective bug detection and debugging approaches.  ...  Such wide effect demonstrates the necessity and importance of guaranteeing DL frameworks' quality.  ...  Defining effective test oracles deserves much more attention for the detection of this kind of bugs. Based on the symptoms, we then analyzed when we can observe these bugs.  ... 
arXiv:2203.04026v1 fatcat:x5lalzlaijagjkzl3iajbv3li4

When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid [article]

Daoyuan Wu and Debin Gao and Robert H. Deng and Rocky K. C. Chang
2020 arXiv   pre-print
detection effectiveness.  ...  Atop of this new inter-procedural analysis, we further adjust the traditional backward slicing and forward constant propagation to provide the complete dataflow tracking of sink API calls.  ...  Since FlowDroid does not support sink-based API misuse detection and BackDroid in this paper does not aim to analyze privacy leaks, we thus do not compare them (except a rough performance comparison shown  ... 
arXiv:2005.11527v1 fatcat:xd2ytszspvdu7nrwpdikw4ng3q


Xinxin Jin, Peng Huang, Tianyin Xu, Yuanyuan Zhou
2016 Proceedings of the Eleventh European Conference on Computer Systems - EuroSys '16  
Compared to desktop-based networks, mobile networks are much more dynamic with frequent connectivity disruptions, network type switches, and quality changes, posing unique programming challenges for mobile  ...  Most of today's mobile apps rely on the underlying networks to deliver key functions such as web browsing, file synchronization, and social networking.  ...  This research is supported by NSF CNS-1017784 and NSF CNS-1321006.  ... 
doi:10.1145/2901318.2901353 dblp:conf/eurosys/JinHXZ16 fatcat:eosa334zhbdj3evikmignqxdmm

Modular Anomaly Detection for Smartphone Ad Hoc Communication [chapter]

Jordi Cucurull, Simin Nadjm-Tehrani, Massimiliano Raciti
2012 Lecture Notes in Computer Science  
While intrusion detection in MANETs is typically evaluated with network simulators, we argue that it is important to implement and test the solutions in real devices to evaluate their resource footprint  ...  The study shows the feasibility of the statistics based anomaly detection regime, having low CPU usage, little added latency, and acceptable memory footprint.  ...  We want also thank Ekhiotz Jon Vergara and Mikael Asplund for inspiration due to earlier works.  ... 
doi:10.1007/978-3-642-29615-4_6 fatcat:uo6u5fqirvcz3i5v23yvi5em3m

Static Program Analysis for Java Card Applets [chapter]

Vasilios Almaliotis, Alexandros Loizidis, Panagiotis Katsaros, Panagiotis Louridas, Diomidis Spinellis
2008 Lecture Notes in Computer Science  
Our work introduces automatic static program analysis as a means for the early detection of misused and therefore dangerous API calls.  ...  Several characteristics of the Java Card applets and their multiple-entry-point program structure make it possible for a potentially unhandled exception to reach the invoked entry point.  ...  Acknowledgments This work was supported by the funds of the bilateral research programme between Greece and Cyprus, Greek General Research Secretariat, 2006-2008.  ... 
doi:10.1007/978-3-540-85893-5_2 fatcat:qj4tvdigfjd57cslh5qwbdmzme

Research Towards Key Issues of API Security [chapter]

Ronghua Sun, Qianxun Wang, Liang Guo
2022 Communications in Computer and Information Science  
Aiming at new API vulnerability detection, a security analysis method based on finite state machine is proposed.  ...  For the first time, the cross-network communication taint propagation based on dynamic taint analysis technology and system-level simulation technology is realized, enabling sensitive data flow tracing  ...  API Security Audit System Based on Traffic At present, it is not easy to manage APIs safely and effectively.  ... 
doi:10.1007/978-981-16-9229-1_11 fatcat:r7s3ee5sefh7ppuvyx3vqbwlou

How Reliable is the Crowdsourced Knowledge of Security Implementation? [article]

Mengsu Chen, Felix Fischer, Na Meng, Xiaoyin Wang, Jens Grossklags
2019 arXiv   pre-print
Moreover, we also traced duplicated answers to assess whether the community behavior facilitates propagation of secure and insecure code suggestions.  ...  We investigated whether SO incentive mechanism is effective in improving security properties of distributed code examples.  ...  Encourage moderators or trusted users to exploit clone detection technologies in order to efficiently detect and remove both duplicated questions and answers.  ... 
arXiv:1901.01327v1 fatcat:jberrvxb2zfybi2mvgqxpmxoea

A Journey Through Android App Analysis: Solutions and Open Challenges

Jacques Klein
2021 Proceedings of the 2021 International Symposium on Advanced Security on Software and Systems  
In this paper, we will briefly introduce our key contributions in both (1) Android app static analysis to detect security issues, and (2) Android Malware Detection with machine learning.  ...  CCS CONCEPTS • Security and privacy → Software security engineering; • Software and its engineering → Software verification and validation.  ...  This often arises from the misuse of Android framework APIs, making it harder to debug since official Android documentation does not discuss thoroughly potential exceptions.  ... 
doi:10.1145/3457340.3458298 fatcat:ei5vjazjz5akrgj5nlt3cvfodm

Behavioral detection of malware on mobile handsets

Abhijit Bose, Xin Hu, Kang G. Shin, Taejoon Park
2008 Proceeding of the 6th international conference on Mobile systems, applications, and services - MobiSys '08  
A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices.  ...  First, we propose an efficient representation of malware behaviors based on a key observation that the logical ordering of an application's actions over time often reveals the malicious intent even when  ...  CNS 0523932, Samsung Electronics, and Intel Corporation. We would like to thank our shepherd Dr. Anthony D. Joseph and the anonymous reviewers for their constructive comments and helpful advice.  ... 
doi:10.1145/1378600.1378626 dblp:conf/mobisys/BoseHSP08 fatcat:n6b5xgygqval5claabarxyfnca

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation [article]

Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2018 arXiv   pre-print
We implement μSE as a semi-automated framework, and apply it to a set of prominent Android static analysis tools that detect private data leaks in apps.  ...  Our results motivate the urgent need for systematic discovery and documentation of unsound choices in soundy tools, and demonstrate the opportunities in leveraging mutation testing in achieving this goal  ...  being open to suggestions and improvements.  ... 
arXiv:1806.09761v2 fatcat:2qfojo6c7veavmrgwliulbui5i

Secure Coding Practices in Java: Challenges and Vulnerabilities [article]

Na Meng, Stefan Nagy, Daphne Yao, Wenjie Zhuang, Gustavo Arango Argoty
2017 arXiv   pre-print
Multiple programming challenges are related to APIs or libraries, including the complicated cross-language data handling of cryptography APIs, and the complex Java-based or XML-based approaches to configure  ...  Prior research was focused on the misuse of cryptography and SSL APIs, but did not explore the key fundamental research question: what are the biggest challenges and vulnerabilities in secure coding practices  ...  Detecting Security Vulnerabilities Approaches were built to detect security vulnerabilities caused by API misuse [75, 78, 80, 81, 83, 85, 87, 94] .  ... 
arXiv:1709.09970v1 fatcat:j4m3gjblinfermu737cpheaeum

Coverage-guided tensor compiler fuzzing with joint IR-pass mutation

Jiawei Liu, Yuxiang Wei, Sen Yang, Yinlin Deng, Lingming Zhang
2022 Proceedings of the ACM on Programming Languages (PACMPL)  
Also, different components of Tzer have been validated via ablation study. To date, Tzer has detected 49 previously unknown bugs for TVM, with 37 bugs confirmed and 25 bugs fixed (PR merged).  ...  Our experimental results show that Tzer substantially outperforms existing fuzzing techniques on tensor compiler testing, with 75% higher coverage and 50% more valuable tests than the 2nd-best technique  ...  CCF-2131943 and CCF-2141474.  ... 
doi:10.1145/3527317 fatcat:qppht5gkmfdp7ofjxx6ffjlaxu

Static Analysis for AWS Best Practices in Python Code [article]

Rajdeep Mukherjee, Omer Tripp, Ben Liblit, Michael Wilson
2022 arXiv   pre-print
AWS SDKs provide access to AWS services through API endpoints. However, incorrect use of these APIs can lead to code defects, crashes, performance issues, and other problems.  ...  We have assessed the efficacy of these rules based on real-world developer feedback.  ...  Detection of APIs from other cloud vendors can be considered as a side-effect of the type inference strategy when it resorts to using the API name-based resolution as a fallback strategy.  ... 
arXiv:2205.04432v1 fatcat:mebtqe6dzng6zhgshpgtuozsgi


Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, Engin Kirda
2007 Proceedings of the 14th ACM conference on Computer and communications security - CCS '07  
We propose a system, Panorama, to detect and analyze malware by capturing this fundamental trait.  ...  Unfortunately, existing techniques for detecting malware and analyzing unknown code samples are insufficient and have significant shortcomings.  ...  The communication between the test engine and the taint engine is via an intercepted registry writing API: the test engine writes information into a predetermined registry entry, and taint engine intercepts  ... 
doi:10.1145/1315245.1315261 dblp:conf/ccs/YinSEKK07 fatcat:6bs4cgn565axdg43rpyrgbra6e
« Previous Showing results 1 — 15 out of 898 results