English
Related papers

Related papers: To what extent can we analyze Kotlin programs usin…

200 papers

Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definition of deny-listing data-flow…

Programming Languages · Computer Science 2022-04-08 Goran Piskachev , Johannes Späth , Ingo Budde , Eric Bodden

Static analysis has established itself as a weapon of choice for detecting security vulnerabilities. Taint analysis in particular is a very general and powerful technique, where security policies are expressed in terms of forbidden flows,…

Cryptography and Security · Computer Science 2021-11-19 Saikat Dutta , Diego Garbervetsky , Shuvendu Lahiri , Max Schäfer

Java remains one of the most popular programming languages in education. Although Java programming education is well supported by study materials, learners also need more immediate support on the problems they face in their own code. When…

Software Engineering · Computer Science 2024-06-25 Philipp Straubinger , Florian Obermüller , Gordon Fraser

Identifying dependency call graphs of multilanguage software systems using static code analysis is challenging. The different languages used in developing today's systems often have different lexical, syntactical, and semantic rules that…

We present JAttack, a framework that enables template-based testing for compilers. Using JAttack, a developer writes a template program that describes a set of programs to be generated and given as test inputs to a compiler. Such a…

Programming Languages · Computer Science 2022-09-13 Zhiqiang Zang , Nathan Wiatrek , Milos Gligoric , August Shi

In recent years, researchers have developed a number of tools to conduct taint analysis of Android applications. While all the respective papers aim at providing a thorough empirical evaluation, comparability is hindered by varying or…

Software Engineering · Computer Science 2019-07-31 Felix Pauck , Eric Bodden , Heike Wehrheim

Building Android applications reliably remains a persistent challenge due to complex dependencies, diverse configurations, and the rapid evolution of the Android ecosystem. This study conducts an empirical analysis of 200 open-source…

Software Engineering · Computer Science 2025-11-11 Lakshmi Priya Bodepudi , Yutong Zhao , Ming Quan Fu , Yuanyuan Wu , Sen He , Yu Zhao

To ensure the quality of software systems, software engineers can make use of a variety of quality assurance approaches, such as software testing, modern code review, automated static analysis, and build automation. Each of these quality…

Software Engineering · Computer Science 2026-04-21 Ali Khatami , Andy Zaidman

Open-source software (OSS) pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time.…

Cryptography and Security · Computer Science 2026-05-11 Jean-Charles Noirot Ferrand , Kyle Domico , Yohan Beugin , Patrick McDaniel

Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements…

The increasing frequency of attacks on Android applications coupled with the recent popularity of large language models (LLMs) necessitates a comprehensive understanding of the capabilities of the latter in identifying potential…

Cryptography and Security · Computer Science 2025-03-18 Vasileios Kouliaridis , Georgios Karopoulos , Georgios Kambourakis

Tizen is a new Linux-based open source platform for consumer devices including smartphones, televisions, vehicles, and wearables. While Tizen provides kernel-level mandatory policy enforcement, it has a large collection of libraries,…

Cryptography and Security · Computer Science 2015-04-24 Daniel Song , Jisheng Zhao , Michael Burke , Dragoş Sbîrlea , Dan Wallach , Vivek Sarkar

Although the importance of using static analysis to detect taint-style vulnerabilities in Linux-based embedded firmware is widely recognized, existing approaches are plagued by three major limitations. (a) Approaches based on symbolic…

Cryptography and Security · Computer Science 2021-09-28 Kai Cheng , Tao Liu , Le Guan , Peng Liu , Hong Li , Hongsong Zhu , Limin Sun

Software vulnerabilities pose significant security challenges and potential risks to society, necessitating extensive efforts in automated vulnerability detection. There are two popular lines of work to address automated vulnerability…

Software Engineering · Computer Science 2024-07-24 Xin Zhou , Duc-Manh Tran , Thanh Le-Cong , Ting Zhang , Ivana Clairine Irsan , Joshua Sumarlin , Bach Le , David Lo

Many applications are being written in more than one language to take advantage of the features that different languages provide such as native code support, improved performance, and language-specific libraries. However, there are few…

Software Engineering · Computer Science 2023-05-19 Kishanthan Thangarajah , Noble Mathews , Michael Pu , Meiyappan Nagappan , Yousra Aafer , Sridhar Chimalakonda

Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation…

Software Engineering · Computer Science 2024-02-13 Mugdha Khedkar , Eric Bodden

Formal contracts and assertions are effective methods to enhance software quality by enforcing preconditions, postconditions, and invariants. Previous research has demonstrated the value of contracts in traditional software development…

Software Engineering · Computer Science 2024-01-26 David R. Ferreira , Alexandra Mendes , João F. Ferreira

Over the years, static taint analysis emerged as the analysis of choice to detect some of the most common web application vulnerabilities, such as SQL injection (SQLi) and cross-site scripting (XSS)~\cite{OWASP}. Furthermore, from an…

Programming Languages · Computer Science 2021-03-31 Nicholas Allen , François Gauthier , Alexander Jordan

Increasing interest in securing the Android ecosystem has spawned numerous efforts to assist app developers in building secure apps. These efforts have resulted in tools and techniques capable of detecting vulnerabilities (and malicious…

Cryptography and Security · Computer Science 2019-08-06 Venkatesh-Prasad Ranganath , Joydeep Mitra

Authentication is a critical security feature for confirming the identity of a system's users, typically implemented with help from frameworks like Spring Security. It is a complex feature which should be robustly tested at all stages of…

Software Engineering · Computer Science 2020-06-26 Danielle Gonzalez , Michael Rath , Mehdi Mirakhorli