TaintBench: Automatic real-world malware benchmarking of Android taint analyses
Due to the lack of established real-world benchmark suites for static taint analyses of
Android applications, evaluations of these analyses are often restricted and hard to …
Android applications, evaluations of these analyses are often restricted and hard to …
Judge: Identifying, understanding, and evaluating sources of unsoundness in call graphs
Call graphs are widely used; in particular for advanced control-and data-flow analyses. Even
though many call graph algorithms with different precision and scalability properties have …
though many call graph algorithms with different precision and scalability properties have …
How does refactoring impact security when improving quality? a security-aware refactoring approach
While state of the art of software refactoring research uses various quality attributes to
identify refactoring opportunities and evaluate refactoring recommendations, the impact of …
identify refactoring opportunities and evaluate refactoring recommendations, the impact of …
Systematic evaluation of the unsoundness of call graph construction algorithms for java
Call graphs are at the core of many static analyses ranging from the detection of unused
methods to advanced control-and data-flow analyses. Therefore, a comprehensive …
methods to advanced control-and data-flow analyses. Therefore, a comprehensive …
CamBench--Cryptographic API Misuse Detection Tool Benchmark Suite
Context: Cryptographic APIs are often misused in real-world applications. Therefore, many
cryptographic API misuse detection tools have been introduced. However, there exists no …
cryptographic API misuse detection tools have been introduced. However, there exists no …
Njr: A normalized java resource
J Palsberg, CV Lopes - Companion Proceedings for the ISSTA/ECOOP …, 2018 - dl.acm.org
We are on the cusp of a major opportunity: software tools that take advantage of Big Code.
Specifically, Big Code will enable novel tools in areas such as security enhancers, bug …
Specifically, Big Code will enable novel tools in areas such as security enhancers, bug …
Sootfx: A static code feature extraction tool for java and android
K Karakaya, E Bodden - 2021 IEEE 21st International Working …, 2021 - ieeexplore.ieee.org
Static code features are necessary components when using machine learning-based
techniques to reason about a program of interest. To extract static code features …
techniques to reason about a program of interest. To extract static code features …
[PDF][PDF] Improving Real-World Applicability of Static Taint Analysis.
L Luo - 2021 - fb-swt.gi.de
Security breaches happen on a daily basis and are a serious threat to our society. The
average cost of a data breach in 2021 has achieved the highest record in the 17-year history …
average cost of a data breach in 2021 has achieved the highest record in the 17-year history …
PAClab: a program analysis collaboratory
We present a web-based Program Analysis Collaboratory (PAClab) tool that helps
researchers to obtain realistic program benchmarks using user-defined selection criteria …
researchers to obtain realistic program benchmarks using user-defined selection criteria …
FOSS version differentiation as a benchmark for static analysis security testing tools
I Pashchenko - Proceedings of the 2017 11th Joint Meeting on …, 2017 - dl.acm.org
We propose a novel methodology that allows automatic construction of benchmarks for
Static Analysis Security Testing (SAST) tools based on real-world software projects by …
Static Analysis Security Testing (SAST) tools based on real-world software projects by …