Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps

F Wei, S Roy, X Ou, Robby - ACM Transactions on Privacy and Security …, 2018 - dl.acm.org
We present a new approach to static analysis for security vetting of Android apps and a
general framework called Amandroid. Amandroid determines points-to information for all …

Consortium blockchain-based malware detection in mobile devices

J Gu, B Sun, X Du, J Wang, Y Zhuang, Z Wang - IEEE Access, 2018 - ieeexplore.ieee.org
To address the problem of detecting malicious codes in malware and extracting the
corresponding evidences in mobile devices, we construct a consortium blockchain …

Towards measuring supply chain attacks on package managers for interpreted languages

R Duan, O Alrawi, RP Kasturi, R Elder… - arXiv preprint arXiv …, 2020 - arxiv.org
Package managers have become a vital part of the modern software development process.
They allow developers to reuse third-party code, share their own code, minimize their …

Oddfuzz: Discovering java deserialization vulnerabilities via structure-aware directed greybox fuzzing

S Cao, B He, X Sun, Y Ouyang, C Zhang… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Java deserialization vulnerability is a severe threat in practice. Researchers have proposed
static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate …

" False negative-that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing

AS Ami, K Moran, D Poshyvanyk… - 2024 IEEE Symposium …, 2024 - ieeexplore.ieee.org
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …

P/taint: Unified points-to and taint analysis

N Grech, Y Smaragdakis - Proceedings of the ACM on Programming …, 2017 - dl.acm.org
Static information-flow analysis (especially taint-analysis) is a key technique in software
security, computing where sensitive or untrusted data can propagate in a program. Points-to …

The role of program analysis in security vulnerability detection: Then and now

C Cifuentes, F Gauthier, B Hassanshahi, P Krishnan… - Computers & …, 2023 - Elsevier
Program analysis techniques play an important role in detecting security vulnerabilities. In
this paper we describe our experiences in developing a variety of tools that detect security …

A multi-model ensemble learning framework for imbalanced android malware detection

H Zhu, Y Li, L Wang, VS Sheng - Expert Systems with Applications, 2023 - Elsevier
The continuous malicious software (malware) attacks on smartphones pose a serious threat
to the security of users, especially the dominant platform Android. Data-driven methods …

Android malware detection using complex-flows

F Shen, J Del Vecchio, A Mohaisen… - IEEE Transactions on …, 2018 - ieeexplore.ieee.org
This paper proposes a new technique to detect mobile malware based on information flow
analysis. Our approach examines the structure of information flows to identify patterns of …

Extracting taint specifications for javascript libraries

CA Staicu, MT Torp, M Schäfer, A Møller… - Proceedings of the ACM …, 2020 - dl.acm.org
Modern JavaScript applications extensively depend on third-party libraries. Especially for
the Node. js platform, vulnerabilities can have severe consequences to the security of …