3,010 research outputs found
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
Do Android Taint Analysis Tools Keep Their Promises?
In recent years, researchers have developed a number of tools to conduct
taint analysis of Android applications. While all the respective papers aim at
providing a thorough empirical evaluation, comparability is hindered by varying
or unclear evaluation targets. Sometimes, the apps used for evaluation are not
precisely described. In other cases, authors use an established benchmark but
cover it only partially. In yet other cases, the evaluations differ in terms of
the data leaks searched for, or lack a ground truth to compare against. All
those limitations make it impossible to truly compare the tools based on those
published evaluations.
We thus present ReproDroid, a framework allowing the accurate comparison of
Android taint analysis tools. ReproDroid supports researchers in inferring the
ground truth for data leaks in apps, in automatically applying tools to
benchmarks, and in evaluating the obtained results. We use ReproDroid to
comparatively evaluate on equal grounds the six prominent taint analysis tools
Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are
largely positive although four tools violate some promises concerning features
and accuracy. Finally, we contribute to the area of unbiased benchmarking with
a new and improved version of the open test suite DroidBench
PABAU: Privacy Analysis of Biometric API Usage
Biometric data privacy is becoming a major concern for many organizations in
the age of big data, particularly in the ICT sector, because it may be easily
exploited in apps. Most apps utilize biometrics by accessing common application
programming interfaces (APIs); hence, we aim to categorize their usage. The
categorization based on behavior may be closely correlated with the sensitive
processing of a user's biometric data, hence highlighting crucial biometric
data privacy assessment concerns. We propose PABAU, Privacy Analysis of
Biometric API Usage. PABAU learns semantic features of methods in biometric
APIs and uses them to detect and categorize the usage of biometric API
implementation in the software according to their privacy-related behaviors.
This technique bridges the communication and background knowledge gap between
technical and non-technical individuals in organizations by providing an
automated method for both parties to acquire a rapid understanding of the
essential behaviors of biometric API in apps, as well as future support to data
protection officers (DPO) with legal documentation, such as conducting a Data
Protection Impact Assessment (DPIA).Comment: Accepted by The 8th IEEE International Conference on Privacy
Computing (PriComp 2022
- …