Karonte: Detecting insecure multi-binary interactions in embedded firmware
Low-power, single-purpose embedded devices (eg, routers and IoT devices) have become
ubiquitous. While they automate and simplify many aspects of users' lives, recent large-scale …
ubiquitous. While they automate and simplify many aspects of users' lives, recent large-scale …
Context-, flow-, and field-sensitive data-flow analysis using synchronized pushdown systems
Precise static analyses are context-, field-and flow-sensitive. Context-and field-sensitivity are
both expressible as context-free language (CFL) reachability problems. Solving both CFL …
both expressible as context-free language (CFL) reachability problems. Solving both CFL …
P/taint: Unified points-to and taint analysis
N Grech, Y Smaragdakis - Proceedings of the ACM on Programming …, 2017 - dl.acm.org
Static information-flow analysis (especially taint-analysis) is a key technique in software
security, computing where sensitive or untrusted data can propagate in a program. Points-to …
security, computing where sensitive or untrusted data can propagate in a program. Points-to …
Combinator-Based Fixpoint Algorithms for Big-Step Abstract Interpreters
Big-step abstract interpreters are an approach to build static analyzers based on big-step
interpretation. While big-step interpretation provides a number of benefits for the definition of …
interpretation. While big-step interpretation provides a number of benefits for the definition of …
Call graph construction for java libraries
Today, every application uses software libraries. Yet, while a lot of research exists wrt
analyzing applications, research that targets the analysis of libraries independent of any …
analyzing applications, research that targets the analysis of libraries independent of any …
Access-path abstraction: Scaling field-sensitive data-flow analysis with unbounded access paths (t)
Precise data-flow analyses frequently model field accesses through access paths with
varying length. While using longer access paths increases precision, their size must be …
varying length. While using longer access paths increases precision, their size must be …
Audacious: User-driven access control with unmodified operating systems
User-driven access control improves the coarse-grained access control of current operating
systems (particularly in the mobile space) that provide only all-or-nothing access to a …
systems (particularly in the mobile space) that provide only all-or-nothing access to a …
Android malware static analysis techniques
During 2014, Business Insider announced that there are over a billion users of Android
worldwide. Government officials are also trending towards acquiring Android mobile …
worldwide. Government officials are also trending towards acquiring Android mobile …
Pre-deployment Analysis of Smart Contracts--A Survey
Smart contracts are programs that execute transactions involving independent parties and
cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and …
cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and …
Secure data-flow compliance checks between models and code based on automated mappings
During the development of security-critical software, the system implementation must
capture the security properties postulated by the architectural design. This paper presents …
capture the security properties postulated by the architectural design. This paper presents …