Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps
We present a new approach to static analysis for security vetting of Android apps and a
general framework called Amandroid. Amandroid determines points-to information for all …
general framework called Amandroid. Amandroid determines points-to information for all …
Consortium blockchain-based malware detection in mobile devices
To address the problem of detecting malicious codes in malware and extracting the
corresponding evidences in mobile devices, we construct a consortium blockchain …
corresponding evidences in mobile devices, we construct a consortium blockchain …
Towards measuring supply chain attacks on package managers for interpreted languages
R Duan, O Alrawi, RP Kasturi, R Elder… - arXiv preprint arXiv …, 2020 - arxiv.org
Package managers have become a vital part of the modern software development process.
They allow developers to reuse third-party code, share their own code, minimize their …
They allow developers to reuse third-party code, share their own code, minimize their …
Oddfuzz: Discovering java deserialization vulnerabilities via structure-aware directed greybox fuzzing
Java deserialization vulnerability is a severe threat in practice. Researchers have proposed
static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate …
static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate …
" False negative-that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
P/taint: Unified points-to and taint analysis
N Grech, Y Smaragdakis - Proceedings of the ACM on Programming …, 2017 - dl.acm.org
Static information-flow analysis (especially taint-analysis) is a key technique in software
security, computing where sensitive or untrusted data can propagate in a program. Points-to …
security, computing where sensitive or untrusted data can propagate in a program. Points-to …
The role of program analysis in security vulnerability detection: Then and now
Program analysis techniques play an important role in detecting security vulnerabilities. In
this paper we describe our experiences in developing a variety of tools that detect security …
this paper we describe our experiences in developing a variety of tools that detect security …
A multi-model ensemble learning framework for imbalanced android malware detection
H Zhu, Y Li, L Wang, VS Sheng - Expert Systems with Applications, 2023 - Elsevier
The continuous malicious software (malware) attacks on smartphones pose a serious threat
to the security of users, especially the dominant platform Android. Data-driven methods …
to the security of users, especially the dominant platform Android. Data-driven methods …
Android malware detection using complex-flows
F Shen, J Del Vecchio, A Mohaisen… - IEEE Transactions on …, 2018 - ieeexplore.ieee.org
This paper proposes a new technique to detect mobile malware based on information flow
analysis. Our approach examines the structure of information flows to identify patterns of …
analysis. Our approach examines the structure of information flows to identify patterns of …
Extracting taint specifications for javascript libraries
Modern JavaScript applications extensively depend on third-party libraries. Especially for
the Node. js platform, vulnerabilities can have severe consequences to the security of …
the Node. js platform, vulnerabilities can have severe consequences to the security of …