Secucheck: Engineering configurable taint analysis for software developers
G Piskachev, R Krishnamurthy… - 2021 IEEE 21st …, 2021 - ieeexplore.ieee.org
Due to its ability to detect many frequently occurring security vulnerabilities, taint analysis is
one of the core static analyses used by many static application security testing (SAST) tools …
one of the core static analyses used by many static application security testing (SAST) tools …
Can the configuration of static analyses make resolving security vulnerabilities more effective?-A user study
The use of static analysis security testing (SAST) tools has been increasing in recent years.
However, previous studies have shown that, when shipped to end users such as …
However, previous studies have shown that, when shipped to end users such as …
Detecting Security-Relevant Methods using Multi-label Machine Learning
O Johnson, G Piskachev, R Krishnamurthy… - Proceedings of the 1st …, 2024 - dl.acm.org
To detect security vulnerabilities, static analysis tools need to be configured with security-
relevant methods. Current approaches can automatically identify such methods using binary …
relevant methods. Current approaches can automatically identify such methods using binary …
Focused: An Approach to Framework-Oriented Cross-Language Link Specification and Detection
A Yu, Y Shi, B Shen, W Zhang, H Zhao… - 2024 IEEE …, 2024 - ieeexplore.ieee.org
Framework-based multilingual software development (MLSD) is becoming prevalent in
software engineering practice. Despite the advantages, framework-based MLSD also leads …
software engineering practice. Despite the advantages, framework-based MLSD also leads …
Model Generation For Java Frameworks
Modern applications often rely on rich frameworks to provide functionality. Android, for
instance, handles many aspects of building a mobile app. But these frameworks also have …
instance, handles many aspects of building a mobile app. But these frameworks also have …
Customizing Static Analysis using Codesearch
A Hayoun, V Raychev, J Hair - arXiv preprint arXiv:2404.12747, 2024 - arxiv.org
Static analysis is a growing application of software engineering, leading to a range of
essential security tools, bug-finding tools, as well as software verification. Recent years …
essential security tools, bug-finding tools, as well as software verification. Recent years …
DocFlow: Extracting Taint Specifications from Software Documentation
Security practitioners routinely use static analysis to detect security problems and privacy
violations in Android apps. The soundness of these analyses depends on how the platform …
violations in Android apps. The soundness of these analyses depends on how the platform …
[PDF][PDF] Security and Privacy in a World of Interconnected Devices
M Tileria - 2023 - pure.royalholloway.ac.uk
In a world of interconnected devices, app-based ecosystems enable a seamless user
experience across devices. Although convenient for users, this expanded ecosystem also …
experience across devices. Although convenient for users, this expanded ecosystem also …
To what extent can we analyze Kotlin programs using existing Java taint analysis tools?
R Krishnamurthy, G Piskachev… - 2022 IEEE 22nd …, 2022 - ieeexplore.ieee.org
As an alternative to Java, Kotlin has gained rapid popularity since its introduction and has
become the default choice for developing Android apps. However, due to its inter-operability …
become the default choice for developing Android apps. However, due to its inter-operability …
Unveiling the Power of Intermediate Representations for Static Analysis: A Survey
Static analysis techniques enhance the security, performance, and reliability of programs by
analyzing and portraiting program behaviors without the need for actual execution. In …
analyzing and portraiting program behaviors without the need for actual execution. In …