Wed 7 Nov 2018 14:15 - 14:37 at Horizons 5 - Software Analysis II Chair(s): Myra Cohen

We address the problem of discovering communication links between applications in the popular Android mobile operating system, an important problem for security and privacy in Android. Any scalable static analysis in this complex setting is bound to produce an excessive amount of false-positives, rendering it impractical. To improve precision, we propose to augment static analysis with a trained neural-network model that estimates the probability that a communication link truly exists. We describe a neural-network architecture that encodes abstractions of communicating objects in two applications and estimates the probability with which a link indeed exists. At the heart of our architecture are type-directed encoders (TDE), a general framework for elegantly constructing encoders of a compound data type by recursively composing encoders for its constituent types. We evaluate our approach on a large corpus of Android applications, and demonstrate that it achieves very high accuracy. Further, we conduct thorough interpretability studies to understand the internals of the learned neural networks.

Wed 7 Nov

Displayed time zone: Guadalajara, Mexico City, Monterrey change

13:30 - 15:00
Software Analysis IIResearch Papers / Journal-First at Horizons 5
Chair(s): Myra Cohen Iowa State University
13:30
22m
Talk
A Systematic Evaluation of Static API-Misuse Detectors
Journal-First
Sven Amann Technische Universität Darmstadt, Hoan Nguyen Iowa State University, Sarah Nadi University of Alberta, Tien N. Nguyen University of Texas at Dallas, Mira Mezini TU Darmstadt
DOI
13:52
22m
Talk
Do Android Taint Analysis Tools Keep Their Promises?
Research Papers
Felix Pauck Paderborn University, Germany, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Heike Wehrheim Paderborn University
14:15
22m
Talk
Neural-Augmented Static Analysis of Android Communication
Research Papers
Jinman Zhao University of Wisconsin-Madison, USA, Aws Albarghouthi University of Wisconsin-Madison, Vaibhav Rastogi University of Wisconsin-Madison, USA, Somesh Jha University of Wisconsin, Madison, Damien Octeau University of Wisconsin and Pennsylvania State University
14:37
22m
Talk
Oreo: Detection of Clones in the Twilight Zone
Research Papers
Vaibhav Saini University of California at Irvine, USA, Farima Farmahinifarahani University of California at Irvine, USA, Yadong Lu University of California at Irvine, USA, Pierre Baldi University of California at Irvine, USA, Crista Lopes