No abstract available.
Proceeding Downloads
Using targeted symbolic execution for reducing false-positives in dataflow analysis
Static data flow analysis is an indispensable tool for finding potentially malicious data leaks in software programs. Programs, nowadays often consisting of millions of lines of code, have grown much too large to allow for a complete manual inspection. ...
Understanding caller-sensitive method vulnerabilities: a class of access control vulnerabilities in the Java platform
Late 2012 and early 2013 saw a spike of new Java vulnerabilities being reported in 0-day attacks and used in the wild, that allowed bypass of the Java sandbox. These vulnerabilities were of a variety of types: unguarded caller-sensitive methods, unsafe ...
Combining type-analysis with points-to analysis for analyzing Java library source-code
The predominant work in static program analysis is focused on whole program analysis assuming that the whole program is present at analysis time and the only unknowns are program inputs. However, for library designers it is of paramount importance to ...
Droidel: a general approach to Android framework modeling
We present an approach and tool for general-purpose modeling of Android for static analysis. Our approach is to explicate the reflective bridge between the Android framework and an application to make the framework source amenable to static analysis. ...
Design your analysis: a case study on implementation reusability of data-flow functions
The development of efficient data flow analyses is a complicated task. As requirements change and special cases have to be considered, implementations may get hard to maintain, test and reuse. We propose to design these analyses regarding the principle ...
Index Terms
- Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis