English
Related papers

Related papers: Finding Tizen security bugs through whole-system s…

200 papers

Android is present in more than 85% of mobile devices, making it a prime target for malware. Malicious code is becoming increasingly sophisticated and relies on logic bombs to hide itself from dynamic analysis. In this paper, we perform a…

Cryptography and Security · Computer Science 2021-08-26 Jordan Samhi , Alexandre Bartel

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically…

To detect and fix bugs and security vulnerabilities, software companies use static analysis as part of the development process. However, static analysis code itself is also prone to bugs. To ensure a consistent level of precision, as…

Software Engineering · Computer Science 2018-01-16 Lisa Nguyen Quang Do , Stefan Krüger , Patrick Hill , Karim Ali , Eric Bodden

As quantum computing is rising in popularity, the amount of quantum programs and the number of developers writing them are increasing rapidly. Unfortunately, writing correct quantum programs is challenging due to various subtle rules…

Software Engineering · Computer Science 2024-05-17 Matteo Paltenghi , Michael Pradel

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

The Android mining sandbox approach consists in running dynamic analysis tools on a benign version of an Android app and recording every call to sensitive APIs. Later, one can use this information to (a) prevent calls to other sensitive…

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to…

Cryptography and Security · Computer Science 2020-06-03 Mohammad Ghafari , Pascal Gadient , Oscar Nierstrasz

The sources of reliable, code-level information about vulnerabilities that affect open-source software (OSS) are scarce, which hinders a broad adoption of advanced tools that provide code-level detection and assessment of vulnerable OSS…

Software Engineering · Computer Science 2021-05-10 Therese Fehrer , Rocío Cabrera Lozoya , Antonino Sabetta , Dario Di Nucci , Damian A. Tamburri

Static analysis, the process of examining code without executing it, is crucial for identifying software issues. Yet, static analysis is hampered by its complexity and the need for customization for different targets. Traditional static…

Software Engineering · Computer Science 2023-12-15 Yu Hao , Weiteng Chen , Ziqiao Zhou , Weidong Cui

Many Android applications collect data from users. When they do, they must protect this collected data according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the…

Software Engineering · Computer Science 2023-03-20 Mugdha Khedkar

Static analysis is an essential component of many modern software development tools. Unfortunately, the ever-increasing complexity of static analyzers makes their coding error-prone. Even analysis tools based on rigorous mathematical…

Software Engineering · Computer Science 2025-05-08 Daniela Ferreiro , Ignacio Casso , Jose F. Morales , Pedro López-García , Manuel V. Hermenegildo

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool,…

Software Engineering · Computer Science 2014-04-30 Li Li , Alexandre Bartel , Jacques Klein , Yves Le Traon , Steven Arzt , Siegfried Rasthofer , Eric Bodden , Damien Octeau , Patrick McDaniel

Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking,…

Cryptography and Security · Computer Science 2023-02-16 Xiaoyu Sun

As an alternative to Java, Kotlin has gained rapid popularity since its introduction and has become the default choice for developing Android apps. However, due to its interoperability with Java, Kotlin programs may contain almost the same…

Programming Languages · Computer Science 2022-08-01 Ranjith Krishnamurthy , Goran Piskachev , Eric Bodden

Although the importance of using static analysis to detect taint-style vulnerabilities in Linux-based embedded firmware is widely recognized, existing approaches are plagued by three major limitations. (a) Approaches based on symbolic…

Cryptography and Security · Computer Science 2021-09-28 Kai Cheng , Tao Liu , Le Guan , Peng Liu , Hong Li , Hongsong Zhu , Limin Sun

This demo paper presents the technical details and usage scenarios of $\mu$SE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess…

Software Engineering · Computer Science 2021-07-16 Amit Seal Ami , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

Android is the most used Operating System worldwide for mobile devices, with hundreds of thousands of apps downloaded daily. Although these apps are primarily written in Java and Kotlin, advanced functionalities such as graphics or…

Cryptography and Security · Computer Science 2024-12-03 Silvia Lucia Sanna , Diego Soi , Davide Maiorca , Giorgio Fumera , Giorgio Giacinto

The diversity of web configuration interfaces for IoT devices has exacerbated issues such as inadequate permission controls and insecure interfaces, resulting in various vulnerabilities. Owing to the varying interface configurations across…

Cryptography and Security · Computer Science 2025-04-02 Jiahui Xiang , Lirong Fu , Tong Ye , Peiyu Liu , Huan Le , Liming Zhu , Wenhai Wang

In our times, when the world is increasingly becoming more dependent on software programs, writing bug-free, correct programs is crucial. Program verification based on formal methods can guarantee this by detecting run-time errors in…

Programming Languages · Computer Science 2024-03-21 Rajendra Kumar Solanki