Close
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
Close
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
jump to main content
Search Details
Quicksearch:
OK
Result-List
Title
Title
Content
Content
Page
Page
Search Book
Improving real-world applicability of static taint analysis / Linghui Luo ; Advisor: Prof. Dr. Eric Bodden. Paderborn, 2021
Content
Introduction
Problem Statement
Common Benchmarks Are Small and Incomplete
Real-World Issues Often of Limited Interest
Little Adoption by Developers
Outline and Publication Details
Real-World Malware Benchmarking of Android Taint Analyses
Terminology
Related Work
Android Taint Analysis Tools
Existing Benchmark Suites
Benchmark Construction Criteria
The TaintBench Framework
Part 1—Construction
Part 2—Evaluation
Part 3—Inspection
Real-World Benchmarking
Part 1—Construction of the TaintBench Suite
Part 2—Evaluation with the TaintBench Suite
Part 3—Inspection of the Analysis Results
Threats to Validity
Conclusion
GenCG: A General Approach to Modeling Java Framework Behaviors
A Motivating Example
Background
Entry Points and Lifecycle Modeling
Inter-Component Communication
Analysis of Library Methods
Construction of Application-only Call Graphs with Averroes
Existing Problems with Averroes's Model
The GenCG Approach
Main Improvements
Sound and Precise Call Graph
Supporting Detection of ICC Leaks
Evaluation of GenCG
Application of GenCG on the Spring Framework
Handling Annotated Entry Points
Handling Bean Autowiring
Implementation Details
Evaluation with CGBench
Related Work
Limitations and Threats to Validity
Conclusion
Towards Path-Sensitive Analysis with COVA
A Motivating Example
Non-Distributivity
The Inter-procedural Constraint Analysis in COVA
The VASCO Framework
Analysis Domain
Flow Functions of the Taint Domain
Flow Functions of the Constraint Domain
Termination
Implementation
Evaluation of COVA
COVA-assisted Qualitative Analysis of Android Taint-Analysis Results
Usage of COVA for Targeted Testing Input Generation
Android Testing Frameworks
Extended COVA
Threats to Validity
Related Work
Conclusion
Integrating Static Analyses into IDEs with MagpieBridge
Related Work
Approach
The MagpieBridge Workflow
The MagpieBridge System
Integration of Existing Static Tools
Diagnostics
Code Lenses
Hovers
Repairs
More Tool Integrations
Conclusion
IDE Support for Cloud-based SAST Tools
Background
User Interviews
Methodology
Result of the User Interviews
Prototyping
Second-round Interviews
Usability Testing
Methodology
Quantitative Analysis
Qualitative Analysis
Threats To Validity
Related Work
Conclusion
Conclusion and Future Work
Bibliography
Supplementary Material of Chapter 2
Usability Test
Participants
Study Design
Data Collection
Results
Figures
Supplementary Material of Chapter 3
Figures
Tables
Supplementary Material of Chapter 5
Comparison Between MagpieBridge-Based Approach and Plugin-Based Approach
Comparison Between MagpieBridge-Based CogniCrypt and CogniCrypt Eclipse Plugin
Comparison to Other Plugin-Based Approaches
Supplementary Material of Chapter 6
Script For User Interviews
Codes
Survey For Usability Tests
The search-operation requires javascript to be activated.