Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
Thu 14 Nov 2019 10:00 - 10:40 at Kensington Ballroom - Poster Session: Tool Demonstrations 3
Tue 12 Nov 2019 17:20 - 17:30 at Hillcrest - Security Chair(s): Julia Rubin

To detect specific types of bugs and vulnerabilities, static analysis tools must be correctly configured with security-relevant methods (SRM), e.g., sources, sinks, sanitizers and authentication methods—usually a very labour-intensive and error-prone process. This work presents the semi-automated tool SWAN_ASSIST, which aids the configuration with an IntelliJ plugin based on active machine learning. It integrates our novel automated machine-learning approach SWAN, which identifies and classifies Java SRM. SWAN_ASSIST further integrates user feedback through iterative learning. SWAN_ASSIST aids developers by asking them to classify at each point in time exactly those methods whose classification best impact the classification result. Our experiments show that SWAN_ASSIST classifies SRM with a high precision, and requires a relatively low effort from the user. A video demo of SWAN_ASSIST can be found at https://youtu.be/fSyD3V6EQOY. The source code is available at https://github.com/secure-software-engineering/swan.

slides_ase_swan (20191112_ASE_swan_assist_online.pdf)710KiB

Tue 12 Nov
Times are displayed in time zone: Tijuana, Baja California change

16:00 - 17:40
SecurityDemonstrations / Research Papers / Journal First Presentations at Hillcrest
Chair(s): Julia RubinUniversity of British Columbia
16:00
20m
Talk
Performance-Boosting Sparsification of the IFDS Algorithm with Applications to Taint AnalysisACM SIGSOFT Distinguished Paper Award
Research Papers
Dongjie HeUniversity of New South Wales; Institute of Computing Technology, CAS; University of Chinese Academy of Sciences, Haofeng LiInstitute of Computing Technology, CAS; University of Chinese Academy of Sciences, Lei WangInstitute of Computing Technology, Chinese Academy of Science, Haining MengInstitute of Computing Technology, CAS; University of Chinese Academy of Sciences, Hengjie ZhengInstitute of Computing Technology, CAS; University of Chinese Academy of Sciences, Jie LiuUniversity of New South Wales, Shuangwei Huvivo AI Lab, Lian LiInstitute of Computing Technology at Chinese Academy of Sciences, China, Jingling XueUNSW Sydney
16:20
20m
Talk
Characterizing Android App Signing Issues
Research Papers
Haoyu WangBeijing University of Posts and Telecommunications, China, Hongxuan LiuPeking University, Xusheng XiaoCase Western Reserve University, Guozhu MengInstitute of Information Engineering, Chinese Academy of Sciences, Yao GuoPeking University
16:40
20m
Talk
OAuthLint: An Empirical Study on OAuth Bugs in Android Applications
Research Papers
Tamjid Al RahatUniversity of Virginia, Yu FengUniversity of California, Santa Barbara, Yuan TianUniversity of Virginia
Pre-print
17:00
20m
Talk
Are Free Android App Security Analysis Tools Effective in Detecting Known Vulnerabilities?
Journal First Presentations
Venkatesh-Prasad RanganathKansas State University, Joydeep MitraKansas State University
Link to publication DOI Pre-print Media Attached
17:20
10m
Demonstration
SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods
Demonstrations
Goran PiskachevFraunhofer IEM, Lisa Nguyen Quang DoGoogle, Oshando JohnsonFraunhofer IEM, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Pre-print Media Attached File Attached
17:30
10m
Demonstration
Sip4J: Statically Inferring Access Permission Contracts for Parallelising Sequential Java Programs
Demonstrations
Ayesha SadiqMonash University, Li LiMonash University, Australia, Yuan-Fang LiMonash University, Ijaz AhmedUniversity of Lahore, Sea LingMonash University

Thu 14 Nov
Times are displayed in time zone: Tijuana, Baja California change

10:00 - 10:40
Poster Session: Tool Demonstrations 3Demonstrations at Kensington Ballroom
10:00
40m
Demonstration
PraPR: Practical Program Repair via Bytecode Mutation
Demonstrations
Ali GhanbariThe University of Texas at Dallas, Lingming ZhangThe University of Texas at Dallas
10:00
40m
Demonstration
Kotless: a Serverless Framework for Kotlin
Demonstrations
Vladislav TankovJetBrains, ITMO University, Yaroslav GolubevJetBrains Research, ITMO University, Timofey BryksinJetBrains Research, Saint-Petersburg State University
10:00
40m
Demonstration
PeASS: A Tool for Identifying Performance Changes at Code Level
Demonstrations
David Georg ReicheltUniversität Leipzig, Stefan KühneUniversität Leipzig, Wilhelm HasselbringKiel University
Pre-print Media Attached File Attached
10:00
40m
Demonstration
MutAPK: Source-Codeless Mutant Generation for Android Apps
Demonstrations
Camilo Escobar-VelásquezUniversidad de los Andes, Michael Osorio-RiañoUniversidad de los Andes, Mario Linares-VásquezSystems and Computing Engineering Department , Universidad de los Andes , Bogotá, Colombia
10:00
40m
Demonstration
CocoQa: Question Answering for Coding Conventions over Knowledge Graphs
Demonstrations
Tianjiao DuShanghai JiaoTong University, Junming CaoShanghai JiaoTong University, Qinyue WuShanghai JiaoTong University, Wei LiShanghai JiaoTong University, Beijun ShenSchool of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Yuting ChenShanghai Jiao Tong University
10:00
3m
Demonstration
Humanoid: A Deep Learning-based Approach to Automated Black-box Android App Testing
Demonstrations
Yuanchun LiPeking University, Ziyue YangPeking University, Yao GuoPeking University, Xiangqun ChenPeking University
10:00
40m
Demonstration
Developer Reputation Estimator (DRE)
Demonstrations
Sadika AmreenUniversity of Tennessee Knoxville, Andrey KarnauchUniversity of Tennessee Knoxville, Audris MockusUniversity of Tennessee - Knoxville
10:00
40m
Demonstration
NeuralVis: Visualizing and Interpreting Deep Learning Models
Demonstrations
Xufan ZhangState Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Ziyue YinState Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Yang FengUniversity of California, Irvine, Qingkai ShiHong Kong University of Science and Technology, Jia LiuState Key Laboratory for Novel Software Technology Nanjing University, Nanjing, China, Zhenyu ChenNanjing University
10:00
40m
Demonstration
Visual Analytics for Concurrent Java Executions
Demonstrations
Cyrille ArthoKTH Royal Institute of Technology, Sweden, Monali PandeKTH Royal Institute of Technology, Qiyi TangUniversity of Oxford
10:00
40m
Demonstration
Sip4J: Statically Inferring Access Permission Contracts for Parallelising Sequential Java Programs
Demonstrations
Ayesha SadiqMonash University, Li LiMonash University, Australia, Yuan-Fang LiMonash University, Ijaz AhmedUniversity of Lahore, Sea LingMonash University
10:00
40m
Demonstration
SWAN_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods
Demonstrations
Goran PiskachevFraunhofer IEM, Lisa Nguyen Quang DoGoogle, Oshando JohnsonFraunhofer IEM, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
Pre-print Media Attached File Attached
10:00
40m
Demonstration
VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization
Demonstrations
Chijin ZhouTsinghua University, Mingzhe WangTsinghua University, Jie LiangTsinghua University, Zhe LiuNanjing University of Aeronautics and Astronautics, Chengnian SunWaterloo University, Yu JiangTsinghua University