ASE 2019 (series) / Demonstrations /
Sip4J: Statically Inferring Access Permission Contracts for Parallelising Sequential Java Programs
Tue 12 Nov 2019 17:30 - 17:40 at Hillcrest - Security Chair(s): Julia Rubin
Thu 14 Nov 2019 10:00 - 10:40 at Kensington Ballroom - Poster Session: Tool Demonstrations 3
Thu 14 Nov 2019 10:00 - 10:40 at Kensington Ballroom - Poster Session: Tool Demonstrations 3
This paper presents Sip4J, a fully automated, scalable and effective tool to automatically generate access permission contracts for a sequential Java program. The access permission contracts, which represent the dependency of code blocks, have been frequently used to enable concurrent execution of sequential programs. Those permission contracts, unfortunately, need to be manually created by programmers, which is known to be time- consuming, laborious and error-prone. To mitigate those manual efforts, Sip4J performs inter-procedural static analysis of Java source code to automatically extract the implicit dependencies in the program and subsequently leverages them to automatically generate access permission contracts, following the Design by Contract principle. The inferred specifications are then used to identify the concurrent (immutable) methods in the program. Experimental results further show that Sip4J is useful and effective towards generating access permission contracts for sequential Java programs.
Tue 12 NovDisplayed time zone: Tijuana, Baja California change
Tue 12 Nov
Displayed time zone: Tijuana, Baja California change
16:00 - 17:40 | SecurityDemonstrations / Research Papers / Journal First Presentations at Hillcrest Chair(s): Julia Rubin University of British Columbia | ||
16:00 20mTalk | Performance-Boosting Sparsification of the IFDS Algorithm with Applications to Taint AnalysisACM SIGSOFT Distinguished Paper Award Research Papers Dongjie He University of New South Wales; Institute of Computing Technology, CAS; University of Chinese Academy of Sciences, Haofeng Li Institute of Computing Technology, CAS; University of Chinese Academy of Sciences, Lei Wang Institute of Computing Technology, Chinese Academy of Science, Haining Meng Institute of Computing Technology, CAS; University of Chinese Academy of Sciences, Hengjie Zheng Institute of Computing Technology, CAS; University of Chinese Academy of Sciences, Jie Liu University of New South Wales, Shuangwei Hu vivo AI Lab, Lian Li Institute of Computing Technology at Chinese Academy of Sciences, China, Jingling Xue UNSW Sydney | ||
16:20 20mTalk | Characterizing Android App Signing Issues Research Papers Haoyu Wang Beijing University of Posts and Telecommunications, China, Hongxuan Liu Peking University, Xusheng Xiao Case Western Reserve University, Guozhu Meng Institute of Information Engineering, Chinese Academy of Sciences, Yao Guo Peking University | ||
16:40 20mTalk | OAuthLint: An Empirical Study on OAuth Bugs in Android Applications Research Papers Tamjid Al Rahat University of Virginia, Yu Feng University of California, Santa Barbara, Yuan Tian University of Virginia Pre-print | ||
17:00 20mTalk | Are Free Android App Security Analysis Tools Effective in Detecting Known Vulnerabilities? Journal First Presentations Link to publication DOI Pre-print Media Attached | ||
17:20 10mDemonstration | SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods Demonstrations Goran Piskachev Fraunhofer IEM, Lisa Nguyen Quang Do Google, Oshando Johnson Fraunhofer IEM, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM Pre-print Media Attached File Attached | ||
17:30 10mDemonstration | Sip4J: Statically Inferring Access Permission Contracts for Parallelising Sequential Java Programs Demonstrations Ayesha Sadiq Monash University, Li Li Monash University, Australia, Yuan-Fang Li Monash University, Ijaz Ahmed University of Lahore, Sea Ling Monash University | ||
Thu 14 NovDisplayed time zone: Tijuana, Baja California change
Thu 14 Nov
Displayed time zone: Tijuana, Baja California change
10:00 - 10:40 | |||
10:00 40mDemonstration | PraPR: Practical Program Repair via Bytecode Mutation Demonstrations | ||
10:00 40mDemonstration | Kotless: a Serverless Framework for Kotlin Demonstrations Vladislav Tankov JetBrains, ITMO University, Yaroslav Golubev JetBrains Research, Timofey Bryksin JetBrains Research, Saint-Petersburg State University | ||
10:00 40mDemonstration | PeASS: A Tool for Identifying Performance Changes at Code Level Demonstrations David Georg Reichelt Universität Leipzig, Stefan Kühne Universität Leipzig, Wilhelm Hasselbring Kiel University Pre-print Media Attached File Attached | ||
10:00 40mDemonstration | MutAPK: Source-Codeless Mutant Generation for Android Apps Demonstrations Camilo Escobar-Velásquez Universidad de los Andes, Michael Osorio-Riaño Universidad de los Andes, Mario Linares-Vásquez Systems and Computing Engineering Department , Universidad de los Andes , Bogotá, Colombia | ||
10:00 40mDemonstration | CocoQa: Question Answering for Coding Conventions over Knowledge Graphs Demonstrations Tianjiao Du Shanghai JiaoTong University, Junming Cao Shanghai JiaoTong University, Qinyue Wu Shanghai JiaoTong University, Wei Li Shanghai JiaoTong University, Beijun Shen School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Yuting Chen Shanghai Jiao Tong University | ||
10:00 3mDemonstration | Humanoid: A Deep Learning-based Approach to Automated Black-box Android App Testing Demonstrations Yuanchun Li Peking University, Ziyue Yang Peking University, Yao Guo Peking University, Xiangqun Chen Peking University | ||
10:00 40mDemonstration | Developer Reputation Estimator (DRE) Demonstrations Sadika Amreen University of Tennessee Knoxville, Andrey Karnauch University of Tennessee Knoxville, Audris Mockus University of Tennessee - Knoxville | ||
10:00 40mDemonstration | NeuralVis: Visualizing and Interpreting Deep Learning Models Demonstrations Xufan Zhang State Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Ziyue Yin State Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Yang Feng University of California, Irvine, Qingkai Shi Hong Kong University of Science and Technology, Jia Liu State Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Zhenyu Chen Nanjing University | ||
10:00 40mDemonstration | Visual Analytics for Concurrent Java Executions Demonstrations Cyrille Artho KTH Royal Institute of Technology, Sweden, Monali Pande KTH Royal Institute of Technology, Qiyi Tang University of Oxford | ||
10:00 40mDemonstration | Sip4J: Statically Inferring Access Permission Contracts for Parallelising Sequential Java Programs Demonstrations Ayesha Sadiq Monash University, Li Li Monash University, Australia, Yuan-Fang Li Monash University, Ijaz Ahmed University of Lahore, Sea Ling Monash University | ||
10:00 40mDemonstration | SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods Demonstrations Goran Piskachev Fraunhofer IEM, Lisa Nguyen Quang Do Google, Oshando Johnson Fraunhofer IEM, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM Pre-print Media Attached File Attached | ||
10:00 40mDemonstration | VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization Demonstrations Chijin Zhou Tsinghua University, Mingzhe Wang Tsinghua University, Jie Liang Tsinghua University, Zhe Liu Nanjing University of Aeronautics and Astronautics, Chengnian Sun Waterloo University, Yu Jiang Tsinghua University | ||