The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …

Java (de) serialization is prone to causing security-critical vulnerabilities that attackers can
invoke existing methods (gadgets) on the application's classpath to construct a gadget chain …

Static application security testing (SAST) takes a significant role in the software development
life cycle (SDLC). However, it is challenging to comprehensively evaluate the effectiveness …

Static analysis is an important tool for detecting bugs in real-world software. The advent of
numerous analysis algorithms with their own tradeoffs has led to the proliferation of …

Previous work has shown that taint analyses are only useful if correctly customized to the
context in which they are used. Existing domain-specific languages (DSLs) allow such …

The template-based approach to invariant generation is a parametric and relatively
complete methodology for inferring loop invariants. The relative completeness ensures the …

The IFDS algorithm can be both memory-and compute-intensive for large programs as it
needs to store a huge amount of path edges in memory and process them until a fixed point …

To detect information leaks in Android programs, existing taint analysis approaches usually
specify and enforce (statically or dynamically) the two-level information flow policy …

Java decompilers are programs that perform the reverse process of Java compilers, ie, they
translate Java bytecode to Java source code. They are essential for reverse engineering …

Mobile devices are pervasively used for a variety of tasks, including the processing of
sensitive data in mobile apps. While in most cases access to this data is legitimate, malware …