Filters








2,854 Hits in 5.8 sec

Cross-Programming Language Taint Analysis for the IoT Ecosystem

Pietro Ferrara, Amit Kr Mandal, Agostino Cortesi, Fausto Spoto
2019 Electronic Communications of the EASST  
During the last decades, static analysis, and in particular taint analysis, has been widely applied to detect software vulnerabilities.  ...  In addition, security and privacy vulnerabilities of IoT software might be particularly dangerous due to the pervasiveness and physical nature of these systems.  ...  Acknowledgments Work partially supported by CINI Cybersecurity National Laboratory within the project FilieraSicura.  ... 
doi:10.14279/tuj.eceasst.77.1104 dblp:journals/eceasst/FerraraMCS19 fatcat:p3gabj4acjhjznqn4m2x7f4ydi

COMPARISON OF JAVA PROGRAMMING TESTING TOOLS

Shikha Gautam
2020 International Journal of Engineering Technologies and Management Research  
This paper provides the overview of various testing tools and analyzed Java programming testing tools because Java programming is very important due to its mature nature to develop software.  ...  Java testing tools are analyzed based on various quality attributes. Analysis shows that selection of testing tool depends on requirement.  ...  Shikha Gautam is thankful to Prof. Brijendra Singh, Ph.D. supervisor for proper guidance to do creative research work and IIIT Lucknow to give such a beautiful and research-oriented environment.  ... 
doi:10.29121/ijetmr.v5.i2.2018.147 fatcat:654duevfxzfhfiodsbjlnhyylu

Comparison Of Java Programming Testing Tools

Shikha Gautam
2018 Zenodo  
This paper provides the overview of various testing tools and analyzed Java programming testing tools because Java programming is very important due to its mature nature to develop software.  ...  Java testing tools are analyzed based on various quality attributes. Analysis shows that selection of testing tool depends on requirement.  ...  Shikha Gautam is thankful to Prof. Brijendra Singh, Ph.D. supervisor for proper guidance to do creative research work and IIIT Lucknow to give such a beautiful and research-oriented environment.  ... 
doi:10.5281/zenodo.1179382 fatcat:anut55ju2vfmrcn6w3vggpt2ke

Evaluation of Static Vulnerability Detection Tools with Java Cryptographic API Benchmarks [article]

Sharmin Afrose, Ya Xiao, Sazzadur Rahaman, Barton P. Miller, Danfeng Yao
2021 arXiv   pre-print
There exist several open-sourced and commercial security tools that automatically screen Java programs to detect misuses.  ...  We present their performance and comparative analysis. The ApacheCryptoAPI-Bench also examines the scalability of the tools.  ...  ACKNOWLEDGMENTS This work has been supported by the National Science Foundation under Grant No. CNS-1929701 and the Virginia Commonwealth Cyber Initiative (CCI).  ... 
arXiv:2112.04037v1 fatcat:kv4jwcw2wnfulfz2yh6zjoleyi

A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software

Alireza Sadeghi, Hamid Bagheri, Joshua Garcia, Sam Malek
2017 IEEE Transactions on Software Engineering  
This paper contributes a comprehensive taxonomy to classify and characterize the state-of-the-art research in this area.  ...  In parallel with the meteoric rise of mobile software, we are witnessing an alarming escalation in the number and sophistication of the security threats targeted at mobile platforms, particularly Android  ...  -09-1-0273 from the Army Research Office, HSHQDC-14-C-B0040 from the Department of Homeland Security, and FA95501610030 from the Air Force Office of Scientific Research.  ... 
doi:10.1109/tse.2016.2615307 fatcat:lf4auma3fbe6thk4bxxsvasg4u

Securing Legacy Code with the TRACER Platform

Kostantinos Stroggylos, Dimitris Mitropoulos, Zacharias Tzermias, Panagiotis Papadopoulos, Fotios Rafailidis, Diomidis Spinellis, Sotiris Ioannidis, Panagiotis Katsaros
2014 Proceedings of the 18th Panhellenic Conference on Informatics - PCI '14  
A number of tools and techniques are available for performing vulnerability detection in software written in various programming platforms, in a pursuit to mitigate such defects.  ...  To demonstrate the efficiency and usability of the platform, we integrated two popular static analysis tools, FindBugs and Frama-c as sample implementations, and report on preliminary results from their  ...  Reference Framework (nsrf)-Research Funding Program: Thalis-Athens University of Economics and Business-Software Engineering Research Platform.  ... 
doi:10.1145/2645791.2645796 dblp:conf/pci/StroggylosMTPRSIK14 fatcat:vvctqvpowje27cbrvdnq3jwfty

Parfait

Cristina Cifuentes, Bernhard Scholz
2008 Proceedings of the 2008 workshop on Static analysis - SAW '08  
We present the design of Parfait, a static layered program analysis framework for bug checking, designed for scalability and precision by improving false positive rates and scale to millions of lines of  ...  Results are quantified in terms of correctly-reported, false positive and false negative rates against the NIST SAMATE synthetic benchmarks for C code.  ...  Acknowledgments We would like to thank Nathan Keynes and Erica Mealy for comments to improve the presentation of this paper.  ... 
doi:10.1145/1394504.1394505 fatcat:yswfcd3v55h4docpmax3gh55ou

Android Inter-App Communication Threats, Solutions, and Challenges [article]

Jice Wang, Hongqi Wu
2018 arXiv   pre-print
Researchers and commercial companies have made a lot of efforts on detecting malware in Android platform. However, a recent malware threat, App collusion, makes malware detection challenging.  ...  Then we summarize the security vulnerabilities and potential threats introduced by App communication. Finally, we discuss state of art researches and challenges on App collusion detection.  ...  Finally, as the huge number of Apps available in the Android market, detection methods should be scalable.  ... 
arXiv:1803.05039v1 fatcat:5xol7tuek5c6rk5y53xhlykvlu

On the Static Analysis of Hybrid Mobile Apps [chapter]

Achim D. Brucker, Michael Herzberg
2016 Lecture Notes in Computer Science  
Moreover, we report on the current state of the overall quality and security of Cordova apps.  ...  This results in an increasing use of cross-platform development frameworks that allow developing an app once and offering it on multiple mobile platforms such as Android, iOS, or Windows.  ...  Both are tools supporting the Android life-cycle model and are able to build call graphs for native Android apps as well as perform a static data-flow analysis for finding security vulnerabilities as well  ... 
doi:10.1007/978-3-319-30806-7_5 fatcat:2ontveila5g6zlzkuq353d6hqy

FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases

Johannes Lerch, Ben Hermann, Eric Bodden, Mira Mezini
2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014  
Over the past years, widely used platforms such as the Java Class Library have been under constant attack through vulnerabilities that involve a combination of two taint-analysis problems: an integrity  ...  In this work, we expose a design of the analysis approach based on the IFDS algorithm, and explain several extensions to IFDS that enable not only this coordination but also a helpful reporting of error  ...  In the most common attack vector against Java, the attacker exploits the vulnerability to have the platform load a class on his behalf, which otherwise he would have no permission to load.  ... 
doi:10.1145/2635868.2635878 dblp:conf/sigsoft/LerchHBM14 fatcat:rnqajudkcnb5rbwiisnaqwujoy

Continuous code-quality assurance with SAFE

Emmanuel Geay, Eran Yahav, Stephen Fink
2006 Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation - PEPM '06  
This paper presents the design of SAFE (Scalable and Flexible Error Detection), a static analysis tool targeting lightweight program verification and bug finding for Java.  ...  We describe how the tool integrates into a team development platform for analysis of batch builds, and user interface support built on the Eclipse platform.  ...  Acknowledgements Many thanks to Steve Gutz for his contributions to the SAFE Eclipse environment.  ... 
doi:10.1145/1111542.1111567 dblp:conf/pepm/GeayYF06 fatcat:y4hldejj6rf6nlca3dn65xho54

Software Security Static Analysis False Alerts Handling Approaches

Aymen Akremi
2021 International Journal of Advanced Computer Science and Applications  
False Positive Alerts (FPA), generated by Static Analyzers Tools (SAT), reduce the effectiveness of the automatic code review, letting them be underused in practice.  ...  It also studies the used datasets to validate the identified methods and show their effectiveness to cover most program defects.  ...  OWASP provides a Java test suite designed to investigate and evaluate the accuracy, coverage, and speed of Software vulnerabilities analysis and detection tools.  ... 
doi:10.14569/ijacsa.2021.0121180 fatcat:4fvjpsfemfg7hprrqg3apzr7di

An Efficient and Scalable Platform for Java Source Code Analysis using Overlaid Graph Representations

Oscar Rodriguez-Prieto, Alan Mycroft, Francisco Ortin
2020 IEEE Access  
We evaluate ProgQuery and compare it to the related systems. Our platform outperforms the other systems in analysis time, and scales better to program sizes and analysis complexity.  ...  For this reason, we created ProgQuery, a platform to allow users to write their own Java program analyses in a declarative fashion, using graph representations.  ...  SonarQube is an open-source platform for continuous inspection of code quality, which performs static code analysis to detect bugs, code smells, and security vulnerabilities on more than 20 programming  ... 
doi:10.1109/access.2020.2987631 fatcat:adrnrvzlyzf5tpt25oix7lrchm

A security policy oracle

Varun Srivastava, Michael D. Bond, Kathryn S. McKinley, Vitaly Shmatikov
2011 Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation - PLDI '11  
Our analysis finds 20 new, confirmed security vulnerabilities and 11 interoperability bugs in the Sun, Harmony, and Classpath implementations of the Java Class Library, many of which were missed by prior  ...  Previous techniques for static verification of authorization enforcement rely on manually specified policies or attempt to infer the policy by code-mining.  ...  Acknowledgments Thanks to Andrew John Hughes for his generous help with verifying Classpath bugs and for feedback on the paper text; Sam Guyer for useful discussions about static analysis; and the anonymous  ... 
doi:10.1145/1993498.1993539 dblp:conf/pldi/SrivastavaBMS11 fatcat:v6mn2ea6cjf2pdspkwqcuvkqmi

VAM-aaS: Online Cloud Services Security Vulnerability Analysis and Mitigation-as-a-Service [chapter]

Mohamed Almorsy, John Grundy, Amani S. Ibrahim
2012 Lecture Notes in Computer Science  
This increases the possibility of malicious service attacks. Existing cloud platforms do not provide a means to validate the security of offered cloud services.  ...  Moreover, the public accessibility of cloud services increases the potential for exploitation of newly discovered vulnerabilities that usually take a long time to discover and to mitigate.  ...  An OCL-based vulnerability signature specifies a set of invariants that verifies the existence or absence of a given vulnerability in a target program.  ... 
doi:10.1007/978-3-642-35063-4_30 fatcat:wnnxfyewyveahdcbjfdeaglane
« Previous Showing results 1 — 15 out of 2,854 results