Transparent Static Analysis for the Detection of Security Vulnerabilities
Junior Submission
Static code analysis is a technology to automatically detect various security vulnerabilities at implementation time. Nevertheless, studies show that developers reject static analysis tools. The reason is that developers struggle to configure the static analysis such that it can operate efficiently in their application context. In this work, we improve the current situation by making the domain of static code analysis more transparent to developers when they use static analysis tools. In our approach, we propose a generator of configurations for static analyses for specific vulnerabilities selected by the developer. Moreover, the configurations are automatically customized to the code of interest that the developer works on.
Wed 18 Jul Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
14:00 - 14:25 Doctoral symposium paper | Optimization based on Facts and Fiction ECOOP and ISSTA Doc Symposium Olivier FlückigerNortheastern University, USA File Attached | ||
14:25 - 14:41 Doctoral symposium paper | Two-phase Analysis for Precision and Scalability ECOOP and ISSTA Doc Symposium Anastasios AntoniadisUniversity of Athens, Greece File Attached | ||
14:41 - 14:57 Doctoral symposium paper | Transparent Static Analysis for the Detection of Security Vulnerabilities ECOOP and ISSTA Doc Symposium Goran PiskachevFraunhofer IEM File Attached | ||
14:57 - 15:13 Doctoral symposium paper | Improving Symbolic Flat Memory Models with Pointer Alias Analysis ECOOP and ISSTA Doc Symposium Timotej KapusImperial College London File Attached | ||
15:13 - 15:29 Doctoral symposium paper | Auto-tuning Framework for Multi-core Interference Analysis ECOOP and ISSTA Doc Symposium Dan IorgaImperial College London, UK |