SmartDagger: a bytecode-based static analysis approach for detecting cross-contract vulnerability
With the increasing popularity of blockchain, automatically detecting vulnerabilities in smart
contracts is becoming a significant problem. Prior research mainly identifies smart contract …
contracts is becoming a significant problem. Prior research mainly identifies smart contract …
{PolyCruise}: A {Cross-Language} dynamic information flow analysis
Despite the fact that most real-world software systems today are written in multiple
programming languages, existing program analysis based security techniques are still …
programming languages, existing program analysis based security techniques are still …
Jucify: A step towards android code unification for enhanced static analysis
Native code is now commonplace within Android app packages where it co-exists and
interacts with Dex bytecode through the Java Native Interface to deliver rich app …
interacts with Dex bytecode through the Java Native Interface to deliver rich app …
A multilanguage static analysis of python programs with native C extensions
Modern programs are increasingly multilanguage, to benefit from each programming
language's advantages and to reuse libraries. For example, developers may want to …
language's advantages and to reuse libraries. For example, developers may want to …
On the vulnerability proneness of multilingual code
Software construction using multiple languages has long been a norm, yet it is still unclear if
multilingual code construction has significant security implications and real security …
multilingual code construction has significant security implications and real security …
How are multilingual systems constructed: Characterizing language use and selection in open-source multilingual software
For many years now, modern software is known to be developed in multiple languages
(hence termed as multilingual or multi-language software). Yet, to date, we still only have …
(hence termed as multilingual or multi-language software). Yet, to date, we still only have …
Language-agnostic dynamic analysis of multilingual code: Promises, pitfalls, and prospects
Analyzing multilingual code holistically is key to systematic quality assurance of real-world
software which is mostly developed in multiple computer languages. Toward such analyses …
software which is mostly developed in multiple computer languages. Toward such analyses …
Declarative static analysis for multilingual programs using CodeQL
Declarative static program analysis has become one of the widely‐used program analysis
techniques. Declarative static analyzers perform three steps: creating databases of facts …
techniques. Declarative static analyzers perform three steps: creating databases of facts …
Static analysis of jni programs via binary decompilation
JNI programs are widely used thanks to the combined benefits of C and Java programs.
However, because understanding the interaction behaviors between two different …
However, because understanding the interaction behaviors between two different …
Insight: Exploring cross-ecosystem vulnerability impacts
Vulnerabilities, referred to as CLV issues, are induced by cross-language invocations of
vulnerable libraries. Such issues greatly increase the attack surface of Python/Java projects …
vulnerable libraries. Such issues greatly increase the attack surface of Python/Java projects …