Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States

Developers today use significant amounts of open source code, surfacing the need for ways to automatically audit and upgrade library dependencies and leading to the emergence of Software Composition Analysis (SCA). SCA products are concerned with three tasks: discovering dependencies, checking the reachability of vulnerable code for false positive elimination, and automated remediation. The latter two tasks rely on call graphs of library and application code to check whether vulnerable methods found in the open source components are called by applications. However, statically-constructed call graphs introduce both false positives and false negatives on real-world projects. In this paper, we develop a novel, modular means of combining statically- and dynamically-constructed call graphs via instrumentation to improve the performance of false positive elimination. Our experiments indicate significant performance improvements, but that instrumentation-based call graphs are less readily applicable in practice.

Wed 13 Nov

ase-2019-Late-Breaking-Results
15:20 - 16:00: Late Breaking Results - Poster Session: Late Breaking Results at Kensington Ballroom
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Ming Wu, Pengcheng WangUniversity of Science and Technology of China, Kangqi Yin, Haoyu Cheng, Yun XuUniversity of Science and Technology of China, Chanchal K. RoyUniversity of Saskatchewan
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Yi LiNanyang Technological University, Shaohua WangNew Jersey Institute of Technology, USA, Tien N. NguyenUniversity of Texas at Dallas, Son NguyenThe University of Texas at Dallas, Xinyue Ye, Yan Wang
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Md Rafiqul Islam RabinUniversity of Houston, Ke WangVisa Research, Mohammad Amin Alipour
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Haochuan LuFudan University, Huanlin Xu, Nana Liu, Yangfan ZhouFudan University, Xin Wang
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Joymallya ChakrabortyNorth Carolina State University, Tianpei Xia, Fahmid M. Fahid, Tim MenziesNorth Carolina State University
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Mounifah Alenazi, Nan NiuUniversity of Cincinnati, Juha SavolainenDanfoss
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
panuchart bunyakiatikasetsart university, Usa Sammapunkasetsart university
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Jiazhen Gu, Huanlin Xu, Yangfan ZhouFudan University, Xin Wang, Hui Xu, Michael LyuThe Chinese University of Hong Kong
Pre-print
ase-2019-Late-Breaking-Results15:20 - 16:00
Poster
Pre-print