Transparent Static Analysis for the Detection of Security Vulnerabilities
Junior Submission
Static code analysis is a technology to automatically detect various security vulnerabilities at implementation time. Nevertheless, studies show that developers reject static analysis tools. The reason is that developers struggle to configure the static analysis such that it can operate efficiently in their application context. In this work, we improve the current situation by making the domain of static code analysis more transparent to developers when they use static analysis tools. In our approach, we propose a generator of configurations for static analyses for specific vulnerabilities selected by the developer. Moreover, the configurations are automatically customized to the code of interest that the developer works on.
Wed 18 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:24 | |||
14:00 25mDoctoral symposium paper | Optimization based on Facts and Fiction ECOOP and ISSTA Doc Symposium Olivier Flückiger Northeastern University, USA File Attached | ||
14:25 16mDoctoral symposium paper | Two-phase Analysis for Precision and Scalability ECOOP and ISSTA Doc Symposium Anastasios Antoniadis University of Athens, Greece File Attached | ||
14:41 16mDoctoral symposium paper | Transparent Static Analysis for the Detection of Security Vulnerabilities ECOOP and ISSTA Doc Symposium Goran Piskachev Fraunhofer IEM File Attached | ||
14:57 16mDoctoral symposium paper | Improving Symbolic Flat Memory Models with Pointer Alias Analysis ECOOP and ISSTA Doc Symposium Timotej Kapus Imperial College London File Attached | ||
15:13 16mDoctoral symposium paper | Auto-tuning Framework for Multi-core Interference Analysis ECOOP and ISSTA Doc Symposium Dan Iorga Imperial College London, UK |