Improving real-world applicability of static taint analysis / Linghui Luo ; Advisor: Prof. Dr. Eric Bodden. Paderborn, 2021
Content
- Introduction
- Problem Statement
- Common Benchmarks Are Small and Incomplete
- Real-World Issues Often of Limited Interest
- Little Adoption by Developers
- Outline and Publication Details
- Real-World Malware Benchmarking of Android Taint Analyses
- Terminology
- Related Work
- Benchmark Construction Criteria
- The TaintBench Framework
- Real-World Benchmarking
- Part 1—Construction of the TaintBench Suite
- Part 2—Evaluation with the TaintBench Suite
- Part 3—Inspection of the Analysis Results
- Threats to Validity
- Conclusion
- GenCG: A General Approach to Modeling Java Framework Behaviors
- A Motivating Example
- Background
- Entry Points and Lifecycle Modeling
- Inter-Component Communication
- Analysis of Library Methods
- Construction of Application-only Call Graphs with Averroes
- Existing Problems with Averroes's Model
- The GenCG Approach
- Evaluation of GenCG
- Application of GenCG on the Spring Framework
- Handling Annotated Entry Points
- Handling Bean Autowiring
- Implementation Details
- Evaluation with CGBench
- Related Work
- Limitations and Threats to Validity
- Conclusion
- Towards Path-Sensitive Analysis with COVA
- A Motivating Example
- Non-Distributivity
- The Inter-procedural Constraint Analysis in COVA
- The VASCO Framework
- Analysis Domain
- Flow Functions of the Taint Domain
- Flow Functions of the Constraint Domain
- Termination
- Implementation
- Evaluation of COVA
- COVA-assisted Qualitative Analysis of Android Taint-Analysis Results
- Usage of COVA for Targeted Testing Input Generation
- Threats to Validity
- Related Work
- Conclusion
- Integrating Static Analyses into IDEs with MagpieBridge
- IDE Support for Cloud-based SAST Tools
- Background
- User Interviews
- Prototyping
- Second-round Interviews
- Usability Testing
- Threats To Validity
- Related Work
- Conclusion
- Conclusion and Future Work
- Bibliography
- Supplementary Material of Chapter 2
- Supplementary Material of Chapter 3
- Supplementary Material of Chapter 5
- Supplementary Material of Chapter 6