de
en
Schliessen
Detailsuche
Bibliotheken
Projekt
Impressum
Datenschutz
Schliessen
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
zum Inhalt
Detailsuche
Schnellsuche:
OK
Ergebnisliste
Titel
Titel
Inhalt
Inhalt
Seite
Seite
Im Werk suchen
Adapting taint analyses for detecting security vulnerabilities / by Goran Piskachev ; Advisor: Prof. Dr. Eric Bodden. Paderborn, 2022
Inhalt
Introduction
Motivating Example
Problem Statement
Contributions
Overview
Background
Security Vulnerabilities
Ranking Lists
Automatic Detection of Security Vulnerabilities
Taint Analysis
Data-flow Analysis
Security-relevant Methods
Quality of Taint Analysis Results
Typestate Analysis
Machine-learning
AutoML
Active Machine-learning
Domain-specific languages
Using SAST Tools in Practice
Related Work
Usability of static analysis
Studies on adaption of security tools
Taint analysis results and comparison
Survey and Interviews
Study Design
Results
Ethical considerations
Threats to Validity
User Study
Study Design
Results
Threats to Validity
Detecting Security-Relevant Methods
Requirements
Related Work
Two-phase Classification Model
FRcode: Code Features
Classifiers
SWANframe: General Framework for Creating Machine-learning Pipelines for SRM Prediction
FRdoc_m: Implementing Features Based on Doc Comments
FRdoc_a: Automated Features Based on Doc Comments
Pipelines
Evaluation
Comparison (RQ7)
Real-world Applications (RQ8)
Utilizing doc comments (RQ9)
Automatic vs. manual features based on doc comments (RQ10)
Hybrid feature representations (RQ11)
Optimal classifier (RQ12)
Threats to Validity
Active Learning of Security Relevant Methods
Related Work
Approach
Tool
Suggesting Methods
Evaluation
Manual Training
Usability
fluentTQL
Requirements
Selection of Sensitive Methods
Selection of In- and Out-Values
Composition of Taint-Flows
Detailed Error Message
Integration into Developer's Workflow
Independence of Concrete Taint Analysis
Related Work
Graph-based approaches
Typestate approaches.
Other approaches.
Design
Concrete Syntax
Abstract Syntax
Semantics
Implementation
SecuCheck
Architecture
UI Features
Evaluation
Study Design
Usability (RQ15)
Comparison (RQ16)
Expressiveness (RQ17)
Analyzing Java/Android Applications (RQ18)
Threats to Validity
Conclusion
Bibliography
Supplementary matherial for Chapter 3
Survey Questions
Interview Questions
Die detaillierte Suchanfrage erfordert aktiviertes Javascript.