PhD Seminar • Software Engineering — Cross-language Static Analysis Security Testing Methodology to Detect Buffer Errors in Android AppsExport this event to calendar

Friday, November 29, 2019 — 11:00 AM EST

Bushra Aloraini, PhD candidate
David R. Cheriton School of Computer Science

Modern software such as Android apps incorporates rich and complex features leading to different security concerns, hence, enhancing software security is a significant area of research. One of the most important security concerns is software vulnerabilities that are caused unintentionally by developers. Static Application Security Testing (SAST) tools have been one way to detect such vulnerabilities earlier to reduce the associated cost. 

Our research indicates that buffer errors are the most frequent type of vulnerabilities that threaten Android apps; however, according to current literature and our work, state-of-the-art SAST tools do not efficiently discover buffer error vulnerabilities in such apps. The main reason for such undetected vulnerabilities is a lack of static analysis capabilities for cross-language analysis, among other reasons. This happens since most of the modern apps, such as Android apps, may involve multiple programming languages in one app. In this study, we introduce a cross-language methodology to analyze Android apps to detect such vulnerabilities.

Location 
DC - William G. Davis Computer Research Centre
2564
200 University Avenue West

Waterloo, ON N2L 3G1
Canada

S M T W T F S
28
29
30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
  1. 2020 (129)
    1. August (1)
    2. July (8)
    3. June (19)
    4. May (17)
    5. April (20)
    6. March (17)
    7. February (25)
    8. January (22)
  2. 2019 (255)
    1. December (21)
    2. November (25)
    3. October (16)
    4. September (20)
    5. August (18)
    6. July (12)
    7. June (23)
    8. May (23)
    9. April (32)
    10. March (25)
    11. February (16)
    12. January (24)
  3. 2018 (220)
  4. 2017 (36)
  5. 2016 (21)
  6. 2015 (36)
  7. 2014 (33)
  8. 2013 (23)
  9. 2012 (4)
  10. 2011 (1)
  11. 2010 (1)
  12. 2009 (1)
  13. 2008 (1)