English

$\mu$SE: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android

Software Engineering 2021-07-16 v1

Abstract

This demo paper presents the technical details and usage scenarios of μ\muSE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess the robustness of a given test-suite. However, we leverage this technique to systematically evaluate static analysis tools and uncover and document soundness issues. μ\muSE's analysis has found 25 previously undocumented flaws in static data leak detection tools for Android. μ\muSE offers four mutation schemes, namely Reachability, Complex-reachability, TaintSink, and ScopeSink, which determine the locations of seeded mutants. Furthermore, the user can extend μ\muSE by customizing the API calls targeted by the mutation analysis. μ\muSE is also practical, as it makes use of filtering techniques based on compilation and execution criteria that reduces the number of ineffective mutations.

Keywords

Cite

@article{arxiv.2102.06823,
  title  = {$\mu$SE: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android},
  author = {Amit Seal Ami and Kaushal Kafle and Kevin Moran and Adwait Nadkarni and Denys Poshyvanyk},
  journal= {arXiv preprint arXiv:2102.06823},
  year   = {2021}
}

Comments

43rd International Conference on Software Engineering, Virtual (originally in Madrid, Spain) - Demonstrations Track

R2 v1 2026-06-23T23:07:25.485Z