Internet Archive Scholar
Filters
























297 Hits in 9.0 sec

Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques

Amit Seal Ami, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2021 ACM Transactions on Privacy and Security  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.6 MB)
https://web.archive.org/web/20210721081749/https://arxiv.org/pdf/2102.06829v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2021 accepted arXiv:2102.06829v2 fatcat:smp3nn2sl5egba5bk4asndiwga

Other Versions

2021 pre-print
arXiv:2102.06829v1 fatcat:yvyh7njajzdrvf7wkzpnsvfmoa
This article describes the Mutation-Based Soundness Evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws, by leveraging the well-founded  ...  However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance and are hence sound y .  ...  ACKNOWLEDGMENTS We thank the developers of the evaluated tools for making their tools available to the community, and for being open to suggestions.  ... 
doi:10.1145/3439802 fatcat:jij564rmn5akhdpqdk5pzdempi
Multiple Versions
Citation

Amit Seal Ami, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk. "Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques." ACM Transactions on Privacy and Security 24.3 (2021) 1-37

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation [article]

Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk
2018 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.0 MB)
https://web.archive.org/web/20200830054853/https://arxiv.org/pdf/1806.09761v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2018 pre-print
arXiv:1806.09761v1 fatcat:yeuliajyzfcu3jmda73ygcqjx4
This paper proposes the Mutation-based soundness evaluation (μSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded  ...  However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance, and are hence soundy.  ...  We thank the FlowDroid developers, as well as the developers of the other tools we evaluate in this paper, for making their tools available to the community, providing us with the necessary information  ... 
arXiv:1806.09761v2 fatcat:2qfojo6c7veavmrgwliulbui5i
Multiple Versions
Citation

Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, Denys Poshyvanyk. "Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation." arXiv (2018)

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques [article]

Amit Seal Ami, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.1 MB)
https://web.archive.org/web/20210825060824/https://arxiv.org/pdf/2107.07065v4.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2021 pre-print
arXiv:2107.07065v1 fatcat:tfhyz3gb25buvitx5sy4ml7taa
2021 pre-print
arXiv:2107.07065v2 fatcat:ktnz3tu5rnhvjefrm6h25ip4jm
2021 pre-print
arXiv:2107.07065v3 fatcat:xhrp4pt33neopnk7chxfgq7ylu
2022 accepted
doi:10.1109/sp46214.2022.00024 arXiv:2107.07065v5 fatcat:p2yujmr53jcnvijo47umvudi4i
This paper presents the MASC framework, which enables a systematic and data-driven evaluation of crypto-detectors using mutation testing.  ...  We develop 12 generalizable usage-based mutation operators and three mutation scopes that can expressively instantiate thousands of compilable variants of the misuse cases for thoroughly evaluating crypto-detectors  ...  ACKNOWLEDGMENT We thank the developers of the evaluated tools for making their tools available to the community, and for being open to discussion, suggestions, and improvements.  ... 
arXiv:2107.07065v4 fatcat:dae4vcxftjhftpiafpuur7vr4a
Multiple Versions
Citation

Amit Seal Ami, Nathan Cooper, Kaushal Kafle, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni. "Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques." arXiv (2021)

Mystique

Guozhu Meng, Yinxing Xue, Chandramohan Mahinthan, Annamalai Narayanan, Yang Liu, Jie Zhang, Tieming Chen
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.7 MB)
https://web.archive.org/web/20190218130134/https://static.aminer.org/pdf/20170130/pdfs/ccs/brfeuhcwlbtlxq9tpzfqghdv4s8y0nra.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

Thus, it is desired to conduct a systematic investigation and evaluation of anti-malware solutions and tools based on different attacks and evasion techniques.  ...  With the help of MYSTIQUE, we conduct experiments to 1) understand Android malware and the associated attack features as well as evasion techniques; 2) evaluate and compare the 57 off-the-shelf anti-malware  ...  This work is also sponsored by the National Science Foundation of China (No. 61572349, 61272106) .  ... 
doi:10.1145/2897845.2897856 dblp:conf/ccs/MengXCN0ZC16 fatcat:ssubdviipffe3k5lc7ue2evzu4
Citation

Guozhu Meng, Yinxing Xue, Chandramohan Mahinthan, Annamalai Narayanan, Yang Liu, Jie Zhang, Tieming Chen. "Mystique." Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16 (2016) 365-376

Automated Testing of Android Apps: A Systematic Literature Review

Pingfan Kong, Li Li, Jun Gao, Kui Liu, Tegawende F. Bissyande, Jacques Klein
2018 IEEE Transactions on Reliability  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.8 MB)
https://web.archive.org/web/20190430152537/http://orbilu.uni.lu/bitstream/10993/36765/1/article.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

In this paper, we aim at providing a clear overview of the state-of-the-art works around the topic of Android app testing, in an attempt to highlight the main trends, pinpoint the main methodologies applied  ...  Given the widespread adoption of Android and the specificities of its development model, the literature has proposed various testing approaches for ensuring that not only functional requirements but also  ...  Comparing to the distribution of the number of evaluated apps summarized in an SLR of static analysis of Android apps [22] , where the median and maximum numbers are respectively 374 and 318,515, far  ... 
doi:10.1109/tr.2018.2865733 fatcat:rshkb3a3ajev5gce3crha5netm
Citation

Pingfan Kong, Li Li, Jun Gao, Kui Liu, Tegawende F. Bissyande, Jacques Klein. "Automated Testing of Android Apps: A Systematic Literature Review." IEEE Transactions on Reliability 68.1 (2018) 1-22

A Mutation Framework for Evaluating Security Analysis tools in IoT Applications [article]

Manar H. Alalfi, Sajeda Parveen, Bara Nazzal
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.6 MB)
https://web.archive.org/web/20211016181905/https://arxiv.org/pdf/2110.05562v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

First, we propose a set of mutational operators tailored to evaluate three types of sensitivity analysis, flow, path and context sensitivity.  ...  Hence, this paper presents an automated framework to evaluate taint-flow analysis tools in the domain of IoT applications.  ...  [41] presented the Mutation-based soundness evaluation (µSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix flaws and that by leveraging the well-founded  ... 
arXiv:2110.05562v1 fatcat:g7epw34mvjb25dasqhzbk4chve
Open Access
Citation

Manar H. Alalfi, Sajeda Parveen, Bara Nazzal. "A Mutation Framework for Evaluating Security Analysis tools in IoT Applications." arXiv (2021)

Exploring Software Security Test Generation Techniques: Challenges and Opportunities

Mamdouh Alenezi, Mohammed Akour, Hamid Abdul Basit
2021 International Journal of Education and Information Technologies  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.0 MB)
https://web.archive.org/web/20210605115402/https://www.naun.org/main/NAUN/educationinformation/2021/a222008-011(2021).pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Moreover, this paper aims to depict the sound of security in the current state of the art of test case generation.  ...  The process of ensuring the security of software includes the introduction of processes in the Software Development Life Cycle where one of them is testing after the software is developed.  ...  [62] try to combine dynamic and static analysis in order to find security weaknesses in Java based applications.  ... 
doi:10.46300/9109.2021.15.11 fatcat:jfrdf2fi4zdo7mv7jbz5hot3aa
Citation

Mamdouh Alenezi, Mohammed Akour, Hamid Abdul Basit. "Exploring Software Security Test Generation Techniques: Challenges and Opportunities." International Journal of Education and Information Technologies (2021) 107-121

Security analysis of permission re-delegation vulnerabilities in Android apps

Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar
2020 Empirical Software Engineering  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.9 MB)
https://web.archive.org/web/20201108132707/https://link.springer.com/content/pdf/10.1007/s10664-020-09879-8.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

If that is the case, it generates test cases to detect the vulnerabilities. We evaluated the vulnerability detection capability of our approach based on 1,258 official apps and 20 mutated apps.  ...  We also compared our approach with two static analysis-based approaches — Covert and IccTA — based on 595 open source apps.  ...  Acknowledgements The content of this paper is part of the PhD thesis of the first author Biniam Fisseha Demissie.  ... 
doi:10.1007/s10664-020-09879-8 fatcat:ephbimiylndmrmz7xqtavnvy4i
Open Access
Citation

Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar. "Security analysis of permission re-delegation vulnerabilities in Android apps." Empirical Software Engineering 25.6 (2020)

Mutation Testing Advances: An Analysis and Survey [chapter]

Mike Papadakis, Marinos Kintis, Jie Zhang, Yue Jia, Yves Le Traon, Mark Harman
2018 Advances in Computers  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.1 MB)
https://web.archive.org/web/20190429011957/http://orbilu.uni.lu/bitstream/10993/31612/1/survey.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

Mutation is typically used as a way to evaluate the adequacy of test suites, to guide the generation of test cases and to support experimentation.  ...  Mutation testing realises the idea of using artificial defects to support testing activities.  ...  [28] (in 2014), a systematic mapping of mutation-based test generation by Souza et al.  ... 
doi:10.1016/bs.adcom.2018.03.015 fatcat:5xmuznmnd5ea7larfbdlvmvyeq
Citation

Mike Papadakis, Marinos Kintis, Jie Zhang, Yue Jia, Yves Le Traon, Mark Harman. "Mutation Testing Advances: An Analysis and Survey." Advances in Computers (2018)

An Automated Approach for Privacy Leakage Identification in IoT Apps [article]

Bara' Nazzal, Manar H. Alalfi
2022 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.0 MB)
https://web.archive.org/web/20220215081725/https://arxiv.org/pdf/2202.02895v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

This paper presents a fully automated static analysis approach and a tool, Taint-Things, for the identification of tainted flows in SmartThings IoT apps.  ...  Our approach reports potential vulnerable tainted flows in a form of a concise security slice, where the relevant parts of the code are given with the lines affecting the sensitive information, which could  ...  [25] to evaluate taint analysis tools for IoT applications using a mutation-based framework. The analysis evaluated Taint-Things with another two tools, SaINT and FlowsMiner.  ... 
arXiv:2202.02895v1 fatcat:r7nh2wk4xrcgzi3l4okssiiopi
Open Access
Citation

Bara' Nazzal, Manar H. Alalfi. "An Automated Approach for Privacy Leakage Identification in IoT Apps." arXiv (2022)

Self-protection of Android systems from inter-component communication attacks

Mahmoud Hammad, Joshua Garcia, Sam Malek
2018 Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering - ASE 2018  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (3.5 MB)
https://web.archive.org/web/20200313122208/https://escholarship.org/content/qt9358q667/qt9358q667.pdf?t=pjrya7

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

While the above techniques rely on static program analysis to detect security risks and prevent them at runtime, another set of approaches leverage dynamic analysis techniques to detect and prevent security  ...  SEALANT is a technique that combine static analysis with dynamic monitoring to detect security vulnerabilities in Android apps and prevent ICC attacks.  ...  Specifically, our selected features leverage categorized Android API usage, reflection-based features, and features from native binaries of apps.  ... 
doi:10.1145/3238147.3238207 dblp:conf/kbse/HammadGM18 fatcat:qht4e54ehjfltlht6wjuwzsata
Citation

Mahmoud Hammad, Joshua Garcia, Sam Malek. "Self-protection of Android systems from inter-component communication attacks." Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering - ASE 2018 (2018) 726-737

A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices

Miao Yu, Jianwei Zhuge, Ming Cao, Zhiwei Shi, Lin Jiang
2020 Future Internet  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (516.3 kB)
https://web.archive.org/web/20200208035338/https://res.mdpi.com/d_attachment/futureinternet/futureinternet-12-00027/article_deploy/futureinternet-12-00027.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Finally, we forecast and discuss the research directions on vulnerability analysis techniques of IoT devices.  ...  With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users' privacy and property.  ...  Through the above investigations, we find that the current study focuses on IoT security issues and lack analysis techniques.  ... 
doi:10.3390/fi12020027 fatcat:rbg5eyfvj5h7lezzzyiyhjrpci
DOAJ Szczepanski
Citation

Miao Yu, Jianwei Zhuge, Ming Cao, Zhiwei Shi, Lin Jiang. "A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices." Future Internet 12.2 (2020) 27

Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS

Luke Deshotels, Costin Carabas, Jordan Beichler, Razvan Deaconescu, William Enck
2020 2020 IEEE Symposium on Security and Privacy (SP)  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (247.6 kB)
https://web.archive.org/web/20220522100834/https://ieeexplore.ieee.org/ielx7/9144328/9152199/09152695.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

In this paper, we present the Kobold framework to study NSXPC-based system services using a combination of static and dynamic analysis.  ...  Apple uses several access control mechanisms to prevent third party applications from directly accessing security sensitive resources, including sandboxing and file access control.  ...  Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agencies.  ... 
doi:10.1109/sp40000.2020.00023 dblp:conf/sp/DeshotelsCBDE20 fatcat:d5ktavl3cnhxlfwavvrcs5xury
Citation

Luke Deshotels, Costin Carabas, Jordan Beichler, Razvan Deaconescu, William Enck. "Kobold: Evaluating Decentralized Access Control for Remote NSXPC Methods on iOS." 2020 IEEE Symposium on Security and Privacy (SP) (2020) 1056-1070

A Survey of Context Simulation for Testing Mobile Context-Aware Applications

Chu Luo, Jorge Goncalves, Eduardo Velloso, Vassilis Kostakos
2020 ACM Computing Surveys  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (870.1 kB)
https://web.archive.org/web/20201107000754/https://minerva-access.unimelb.edu.au/bitstream/handle/11343/238470/Luo_A%20Survey%20of%20Context.pdf;jsessionid=C92D800B79F31CF0AC04586BFB8A086F?sequence=1

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

This article aims to give a comprehensive overview of the state-of-the-art context simulation methods for testing mobile context-aware applications.  ...  Accordingly, researchers have proposed diverse context simulation techniques to enable low-cost and effective tests, instead of conducting costly and time-consuming real-world experiments.  ...  Eduardo Velloso is the recipient of an Australian Research Council Discovery Early Career Award (Project Number: DE180100315).  ... 
doi:10.1145/3372788 fatcat:mpkgpye24jetbkep7hh2bkjf7y
Citation

Chu Luo, Jorge Goncalves, Eduardo Velloso, Vassilis Kostakos. "A Survey of Context Simulation for Testing Mobile Context-Aware Applications." ACM Computing Surveys 53.1 (2020) 1-39

Mining Android crash fixes in the absence of issue- and change-tracking systems

Pingfan Kong, Li Li, Jun Gao, Tegawendé F. Bissyandé, Jacques Klein
2019 Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2019  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.2 MB)
https://web.archive.org/web/20200506202757/https://orbilu.uni.lu/bitstream/10993/41499/1/article.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

This often arises from the misuse of Android framework APIs, making it harder to debug since official Android documentation does not discuss thoroughly potential exceptions.Recently, the program repair  ...  Finally, we release ReCBench, a benchmark consisting of 200 crashed apks and the crash replication scripts, which the community can explore for evaluating generated crash-inducing bug patches.  ...  For example, researchers have used static taint analysis to discovery privacy leaks in Android apps [4] and leveraged model checking techniques to verify Android apps in terms of their security properties  ... 
doi:10.1145/3293882.3330572 dblp:conf/issta/KongLGBK19 fatcat:5mhibuftsfdxrhb6d6u3pyztme
Citation

Pingfan Kong, Li Li, Jun Gao, Tegawendé F. Bissyandé, Jacques Klein. "Mining Android crash fixes in the absence of issue- and change-tracking systems." Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2019 (2019) 78-89

« Previous Showing results 1 — 15 out of 297 results