Effective and efficient API misuse detection via exception propagation and search-based testing.

We introduce Catcher, a novel API misuse detection approach that combines static exception propagation analysis with automatic search-based test case generation to effectively and efficiently pinpoint ... KEYWORDS API misuse, software crash, static exception propagation, searchbased software testing * This work was done and completed at the Delft University of Technology. ... ACKNOWLEDGMENTS This research was partially funded by the EU Horizon 2020 ICT-10-2016-RIA "STAMP" project (No.731529) and the Dutch 4TU project "Big Software on the Run". ...

doi:10.1145/3293882.3330552 dblp:conf/issta/KechagiaDPGD19 fatcat:wkrf4g32lbcxbbr65psa572doq

Understanding the characteristics of DL framework bugs is a fundamental step for this quality assurance task, facilitating to design effective bug detection and debugging approaches. ... Such wide effect demonstrates the necessity and importance of guaranteeing DL frameworks' quality. ... Defining effective test oracles deserves much more attention for the detection of this kind of bugs. Based on the symptoms, we then analyzed when we can observe these bugs. ...

arXiv:2203.04026v1 fatcat:x5lalzlaijagjkzl3iajbv3li4

Open Access

detection effectiveness. ... Atop of this new inter-procedural analysis, we further adjust the traditional backward slicing and forward constant propagation to provide the complete dataflow tracking of sink API calls. ... Since FlowDroid does not support sink-based API misuse detection and BackDroid in this paper does not aim to analyze privacy leaks, we thus do not compare them (except a rough performance comparison shown ...

arXiv:2005.11527v1 fatcat:xd2ytszspvdu7nrwpdikw4ng3q

Compared to desktop-based networks, mobile networks are much more dynamic with frequent connectivity disruptions, network type switches, and quality changes, posing unique programming challenges for mobile ... Most of today's mobile apps rely on the underlying networks to deliver key functions such as web browsing, file synchronization, and social networking. ... This research is supported by NSF CNS-1017784 and NSF CNS-1321006. ...

doi:10.1145/2901318.2901353 dblp:conf/eurosys/JinHXZ16 fatcat:eosa334zhbdj3evikmignqxdmm

While intrusion detection in MANETs is typically evaluated with network simulators, we argue that it is important to implement and test the solutions in real devices to evaluate their resource footprint ... The study shows the feasibility of the statistics based anomaly detection regime, having low CPU usage, little added latency, and acceptable memory footprint. ... We want also thank Ekhiotz Jon Vergara and Mikael Asplund for inspiration due to earlier works. ...

doi:10.1007/978-3-642-29615-4_6 fatcat:uo6u5fqirvcz3i5v23yvi5em3m

Our work introduces automatic static program analysis as a means for the early detection of misused and therefore dangerous API calls. ... Several characteristics of the Java Card applets and their multiple-entry-point program structure make it possible for a potentially unhandled exception to reach the invoked entry point. ... Acknowledgments This work was supported by the funds of the bilateral research programme between Greece and Cyprus, Greek General Research Secretariat, 2006-2008. ...

doi:10.1007/978-3-540-85893-5_2 fatcat:qj4tvdigfjd57cslh5qwbdmzme

Aiming at new API vulnerability detection, a security analysis method based on finite state machine is proposed. ... For the first time, the cross-network communication taint propagation based on dynamic taint analysis technology and system-level simulation technology is realized, enabling sensitive data flow tracing ... API Security Audit System Based on Traffic At present, it is not easy to manage APIs safely and effectively. ...

doi:10.1007/978-981-16-9229-1_11 fatcat:r7s3ee5sefh7ppuvyx3vqbwlou

Open Access

Moreover, we also traced duplicated answers to assess whether the community behavior facilitates propagation of secure and insecure code suggestions. ... We investigated whether SO incentive mechanism is effective in improving security properties of distributed code examples. ... Encourage moderators or trusted users to exploit clone detection technologies in order to efficiently detect and remove both duplicated questions and answers. ...

arXiv:1901.01327v1 fatcat:jberrvxb2zfybi2mvgqxpmxoea

In this paper, we will briefly introduce our key contributions in both (1) Android app static analysis to detect security issues, and (2) Android Malware Detection with machine learning. ... CCS CONCEPTS • Security and privacy → Software security engineering; • Software and its engineering → Software verification and validation. ... This often arises from the misuse of Android framework APIs, making it harder to debug since official Android documentation does not discuss thoroughly potential exceptions. ...

doi:10.1145/3457340.3458298 fatcat:ei5vjazjz5akrgj5nlt3cvfodm

A novel behavioral detection framework is proposed to detect mobile worms, viruses and Trojans, instead of the signature-based solutions currently available for use in mobile devices. ... First, we propose an efficient representation of malware behaviors based on a key observation that the logical ordering of an application's actions over time often reveals the malicious intent even when ... CNS 0523932, Samsung Electronics, and Intel Corporation. We would like to thank our shepherd Dr. Anthony D. Joseph and the anonymous reviewers for their constructive comments and helpful advice. ...

doi:10.1145/1378600.1378626 dblp:conf/mobisys/BoseHSP08 fatcat:n6b5xgygqval5claabarxyfnca

We implement μSE as a semi-automated framework, and apply it to a set of prominent Android static analysis tools that detect private data leaks in apps. ... Our results motivate the urgent need for systematic discovery and documentation of unsound choices in soundy tools, and demonstrate the opportunities in leveraging mutation testing in achieving this goal ... being open to suggestions and improvements. ...

arXiv:1806.09761v2 fatcat:2qfojo6c7veavmrgwliulbui5i

Multiple Versions

Multiple programming challenges are related to APIs or libraries, including the complicated cross-language data handling of cryptography APIs, and the complex Java-based or XML-based approaches to configure ... Prior research was focused on the misuse of cryptography and SSL APIs, but did not explore the key fundamental research question: what are the biggest challenges and vulnerabilities in secure coding practices ... Detecting Security Vulnerabilities Approaches were built to detect security vulnerabilities caused by API misuse [75, 78, 80, 81, 83, 85, 87, 94] . ...

arXiv:1709.09970v1 fatcat:j4m3gjblinfermu737cpheaeum

Open Access

Also, different components of Tzer have been validated via ablation study. To date, Tzer has detected 49 previously unknown bugs for TVM, with 37 bugs confirmed and 25 bugs fixed (PR merged). ... Our experimental results show that Tzer substantially outperforms existing fuzzing techniques on tensor compiler testing, with 75% higher coverage and 50% more valuable tests than the 2nd-best technique ... CCF-2131943 and CCF-2141474. ...

doi:10.1145/3527317 fatcat:qppht5gkmfdp7ofjxx6ffjlaxu

AWS SDKs provide access to AWS services through API endpoints. However, incorrect use of these APIs can lead to code defects, crashes, performance issues, and other problems. ... We have assessed the efficacy of these rules based on real-world developer feedback. ... Detection of APIs from other cloud vendors can be considered as a side-effect of the type inference strategy when it resorts to using the API name-based resolution as a fallback strategy. ...

arXiv:2205.04432v1 fatcat:mebtqe6dzng6zhgshpgtuozsgi

We propose a system, Panorama, to detect and analyze malware by capturing this fundamental trait. ... Unfortunately, existing techniques for detecting malware and analyzing unknown code samples are insufficient and have significant shortcomings. ... The communication between the test engine and the taint engine is via an intercepted registry writing API: the test engine writes information into a predetermined registry entry, and taint engine intercepts ...

doi:10.1145/1315245.1315261 dblp:conf/ccs/YinSEKK07 fatcat:6bs4cgn565axdg43rpyrgbra6e

Effective and efficient API misuse detection via exception propagation and search-based testing

Preserved Fulltext

Toward Understanding Deep Learning Framework Bugs [article]

Preserved Fulltext

When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid [article]

Preserved Fulltext

NChecker

Preserved Fulltext

Modular Anomaly Detection for Smartphone Ad Hoc Communication [chapter]

Preserved Fulltext

Static Program Analysis for Java Card Applets [chapter]

Preserved Fulltext

Research Towards Key Issues of API Security [chapter]

Preserved Fulltext

How Reliable is the Crowdsourced Knowledge of Security Implementation? [article]

Preserved Fulltext

A Journey Through Android App Analysis: Solutions and Open Challenges

Preserved Fulltext

Behavioral detection of malware on mobile handsets

Preserved Fulltext

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation [article]

Preserved Fulltext

Other Versions

Secure Coding Practices in Java: Challenges and Vulnerabilities [article]

Preserved Fulltext

Coverage-guided tensor compiler fuzzing with joint IR-pass mutation

Preserved Fulltext

Static Analysis for AWS Best Practices in Python Code [article]

Preserved Fulltext

Panorama

Preserved Fulltext