English
Related papers

Related papers: Discovering Flaws in Security-Focused Static Analy…

200 papers

Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However,…

Cryptography and Security · Computer Science 2021-07-20 Amit Seal Ami , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

This demo paper presents the technical details and usage scenarios of $\mu$SE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess…

Software Engineering · Computer Science 2021-07-16 Amit Seal Ami , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

Static analysis is sound in theory, but an implementation may unsoundly fail to analyze all of a program's code. Any such omission is a serious threat to the validity of the tool's output. Our work is the first to measure the prevalence of…

Software Engineering · Computer Science 2024-07-11 Jordan Samhi , René Just , Tegawendé F. Bissyandé , Michael D. Ernst , Jacques Klein

The existence of native code in Android apps plays an important role in triggering inconspicuous propagation of secrets and circumventing malware detection. However, the state-of-the-art information-flow analysis tools for Android apps all…

Cryptography and Security · Computer Science 2022-03-01 Cong Sun , Yuwan Ma , Dongrui Zeng , Gang Tan , Siqi Ma , Yafei Wu

Mutation testing has been widely used to assess the fault-detection effectiveness of a test suite, as well as to guide test case generation or prioritization. Empirical studies have shown that, while mutants are generally representative of…

To identify security vulnerabilities in Android applications, numerous static application security testing (SAST) tools have been proposed. However, it poses significant challenges to assess their overall performance on diverse…

Software Engineering · Computer Science 2024-10-29 Jingyun Zhu , Kaixuan Li , Sen Chen , Lingling Fan , Junjie Wang , Xiaofei Xie

The security of smart contracts is critical in blockchain systems, where even minor vulnerabilities can lead to substantial financial losses. Researchers proposed several vulnerability detection tools evaluated using existing benchmarks.…

Software Engineering · Computer Science 2025-04-23 Gerardo Iuliano , Luigi Allocca , Matteo Cicalese , Dario Di Nucci

Security of Android devices is now paramount, given their wide adoption among consumers. As researchers develop tools for statically or dynamically detecting suspicious apps, malware writers regularly update their attack mechanisms to hide…

Cryptography and Security · Computer Science 2022-10-21 Xiaoyu Sun , Xiao Chen , Li Li , Haipeng Cai , John Grundy , Jordan Samhi , Tegawendé F. Bissyandé , Jacques Klein

Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking,…

Cryptography and Security · Computer Science 2023-02-16 Xiaoyu Sun

Mutation analysis assesses a test suite's adequacy by measuring its ability to detect small artificial faults, systematically seeded into the tested program. Mutation analysis is considered one of the strongest test-adequacy criteria.…

Software Engineering · Computer Science 2021-03-01 Goran Petrović , Marko Ivanković , Gordon Fraser , René Just

We present HornDroid, a new tool for the static analysis of information flow properties in Android applications. The core idea underlying HornDroid is to use Horn clauses for soundly abstracting the semantics of Android applications and to…

Cryptography and Security · Computer Science 2017-07-26 Stefano Calzavara , Ilya Grishchenko , Matteo Maffei

Mutation testing has shown great promise in assessing the effectiveness of test suites while exhibiting additional applications to test-case generation, selection, and prioritization. Traditional mutation testing typically utilizes a set of…

We present Anadroid, a static malware analysis framework for Android apps. Anadroid exploits two techniques to soundly raise precision: (1) it uses a pushdown system to precisely model dynamically dispatched interprocedural and…

Programming Languages · Computer Science 2013-11-19 Shuying Liang , Andrew W. Keep , Matthew Might , Steven Lyde , Thomas Gilray , Petey Aldous , David Van Horn

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

Just like other software, spreadsheets can contain significant faults. Static analysis is an accepted and well-established technique in software engineering known for its capability to discover faults. In recent years, a growing number of…

Software Engineering · Computer Science 2014-01-30 Daniel Kulesz , Jan-Peter Ostberg

The impressive growth of smartphone devices in combination with the rising ubiquity of using mobile platforms for sensitive applications such as Internet banking, have triggered a rapid increase in mobile malware. In recent literature, many…

Cryptography and Security · Computer Science 2023-12-20 Harris Papadopoulos , Nestoras Georgiou , Charalambos Eliades , Andreas Konstantinidis

The Android OS has become the most popular mobile operating system leading to a significant increase in the spread of Android malware. Consequently, several static and dynamic analysis systems have been developed to detect Android malware.…

Cryptography and Security · Computer Science 2017-05-19 Mohammed K. Alzaylaee , Suleiman Y. Yerima , Sakir Sezer

The Android mining sandbox approach consists in running dynamic analysis tools on a benign version of an Android app and recording every call to sensitive APIs. Later, one can use this information to (a) prevent calls to other sensitive…

Many Android applications collect data from users. When they do, they must protect this collected data according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the…

Software Engineering · Computer Science 2023-03-20 Mugdha Khedkar

Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation…

Software Engineering · Computer Science 2024-02-13 Mugdha Khedkar , Eric Bodden
‹ Prev 1 2 3 10 Next ›