English
Related papers

Related papers: Discovering Flaws in Security-Focused Static Analy…

200 papers

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool,…

Software Engineering · Computer Science 2014-04-30 Li Li , Alexandre Bartel , Jacques Klein , Yves Le Traon , Steven Arzt , Siegfried Rasthofer , Eric Bodden , Damien Octeau , Patrick McDaniel

The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic…

In verification-aware languages, such as Dafny, despite their critical role, specifications are as prone to error as implementations. Flaws in specifications can result in formally verified programs that deviate from the intended behavior.…

Software Engineering · Computer Science 2026-04-14 Isabel Amaral , Alexandra Mendes , José Campos

Today's small and medium-sized enterprises (SMEs) in the software industry are faced with major challenges. While having to work efficiently using limited resources they have to perform quality assurance on their code to avoid the risk of…

Software Engineering · Computer Science 2016-11-24 Mario Gleirscher , Dmitriy Golubitskiy , Maximilian Irlbeck , Stefan Wagner

Mutation analysis has long been used in classical software testing and has recently been adopted for assessing the robustness of quantum software testing techniques. However, existing studies assume ideal, noiseless execution, overlooking…

Software Engineering · Computer Science 2026-05-14 Sophie Fortz , Eñaut Mendiluze Usandizaga , Shaukat Ali , Paolo Arcaini , Mohammad Reza Mousavi

Static security analysis is a widely used technique for detecting software vulnerabilities across a wide range of weaknesses, application domains, and programming languages. While prior work surveyed static analyzes for specific weaknesses…

Cryptography and Security · Computer Science 2026-02-23 Kevin Hermann , Sven Peldszus , Thorsten Berger

Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are…

Cryptography and Security · Computer Science 2016-07-28 Mohammed K. Alzaylaee , Suleiman Y. Yerima , Sakir Sezer

Web applications continue to be a favorite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high impact vulnerabilities. Static analysis tools are important to…

Cryptography and Security · Computer Science 2022-01-19 Ibéria Medeiros , Nuno Neves , Miguel Correia

Modern automotive software is highly complex and consists of millions lines of code. For safety-relevant automotive software, it is recommended to use sound static program analysis to prove the absence of runtime errors. However, the…

Software Engineering · Computer Science 2023-10-26 Jesko Hecking-Harbusch , Jochen Quante , Maximilian Schlund

As the dominant mobile operating system, Android continues to attract a substantial influx of new applications each year. However, this growth is accompanied by increased attention from malicious actors, resulting in a significant rise in…

Software Engineering · Computer Science 2025-12-16 Dewen Suo , Lei Xue , Weihao Huang , Runze Tan , Guozi Sun

Java static analysis frameworks are commonly compared under the assumption that analysis algorithms and configurations compose monotonically and yield semantically comparable results across tools. In this work, we show that this assumption…

Software Engineering · Computer Science 2026-04-02 Fangtian Zhong , Ollie Wold , Joseph Windmann

Android apps cooperate through message passing via intents. However, when apps do not have identical sets of privileges inter-app communication (IAC) can accidentally or maliciously be misused, e.g., to leak sensitive information contrary…

Software Engineering · Computer Science 2023-05-09 Abhishek Tiwari , Sascha Groß , Christian Hammer

Academic research in static analysis produces software implementations. These implementations are time-consuming to develop and some need to be maintained in order to enable building further research upon the implementation. While…

Programming Languages · Computer Science 2024-11-06 Raphaël Monat , Abdelraouf Ouadjaout , Antoine Miné

Early identification of security issues in software development is vital to minimize their unanticipated impacts. Code review is a widely used manual analysis method that aims to uncover security issues along with other coding issues in…

Software Engineering · Computer Science 2024-07-18 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Despite its widespread use in Android apps, reflection poses graving problems for static security analysis. Currently, string inference is applied to handle reflection, resulting in significantly missed security vulnerabilities. In this…

Cryptography and Security · Computer Science 2016-12-19 Yifei Zhang , Tian Tan , Yue Li , Jingling Xue

Machine learning (ML) applications have become an integral part of our lives. ML applications extensively use floating-point computation and involve very large/small numbers; thus, maintaining the numerical stability of such complex…

Software Engineering · Computer Science 2025-04-24 Shaila Sharmin , Anwar Hossain Zahid , Subhankar Bhattacharjee , Chiamaka Igwilo , Miryung Kim , Wei Le

Android apps rely heavily on Data Manipulation Functionalities (DMFs) for handling app-specific data through CRUDS operations, making their correctness vital for reliability. However, detecting Data Manipulation Errors (DMEs) is challenging…

Software Engineering · Computer Science 2026-05-12 Xiangyang Xiao , Huaxun Huang , Rongxin Wu

Since Android has become a popular software platform for mobile devices recently; they offer almost the same functionality as personal computers. Malwares have also become a big concern. As the number of new Android applications tends to be…

Cryptography and Security · Computer Science 2020-06-05 Muhammad Zuhair Qadir , Atif Nisar Jilani , Hassam Ullah Sheikh

Mutation testing has been demonstrated to be one of the most powerful fault-revealing tools in the tester's tool kit. Much previous work implicitly assumed it to be sufficient to re-compute mutant suites per release. Sadly, this makes…

Software Engineering · Computer Science 2022-12-23 Milos Ojdanic , Mike Papadakis , Mark Harman

Frequently advised secure development recommendations often fall short in practice for app developers. Tool-driven (e.g., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested. App…

Software Engineering · Computer Science 2021-11-04 Muhammad Sajidur Rahman , Blas Kojusner , Ryon Kennedy , Prerit Pathak , Lin Qi , Byron Williams