The behavior of software that uses the Java Reflection API is fundamentally hard to predict
by analyzing code. Only recent static analysis approaches can resolve reflection under …

Ethereum is a major blockchain-based platform for smart contracts-Turing complete
programs that are executed in a decentralized network and usually manipulate digital units …

Cross-site scripting attack (abbreviated as XSS) is an unremitting problem for the Web
applications since the early 2000s. It is a code injection attack on the client-side where an …

Shake Them All is a popular" Wallpaper" application exceeding millions of downloads on
Google Play. At installation, this application is given permission to (1) access the Internet (for …

We present DroidSafe, a static information flow analysis tool that reports potential leaks of
sensitive information in Android applications. DroidSafe combines a comprehensive …

An enormous number of apps have been developed for Android in recent years, making it
one of the most popular mobile operating systems. However, the quality of the booming …

As mobile devices become more widespread and powerful, they store more sensitive data,
which includes not only users' personal information but also the data collected via sensors …

Deep learning (DL) models of code have recently reported great progress for vulnerability
detection. In some cases, DL-based models have outperformed static analysis tools …

Android phones often carry personal information, attracting malicious developers to embed
code in Android applications to steal sensitive data. With known techniques in the literature …

Ethereum smart contracts are automated decentralized applications on the blockchain that
describe the terms of the agreement between buyers and sellers, reducing the need for …