Today's smartphones are a ubiquitous source of private and confidential data. At the same
time, smartphone users are plagued by carelessly programmed apps that leak important …

The behavior of software that uses the Java Reflection API is fundamentally hard to predict
by analyzing code. Only recent static analysis approaches can resolve reflection under …

We present DroidSafe, a static information flow analysis tool that reports potential leaks of
sensitive information in Android applications. DroidSafe combines a comprehensive …

In recent years, huge increase in attacks and data breaches is noticed. Most of the attacks
are performed and focused on the vulnerabilities related to web applications. Hence …

Security auditing of industry-scale software systems mandates automation. Static taint
analysis enables deep and exhaustive tracking of suspicious data flows for detection of …

Program analysis techniques play an important role in detecting security vulnerabilities. In
this paper we describe our experiences in develo** a variety of tools that detect security …

Smartphone users suffer from insufficient information on how commercial as well as
malicious apps handle sensitive data stored on their phones. Automated taint analyses …

We present SymJS, a comprehensive framework for automatic testing of client-side
JavaScript Web applications. The tool contains a symbolic execution engine for JavaScript …

We present a high-level survey of state-of-the-art alias analyses for object-oriented
programs, based on a years-long effort develo** industrial-strength static analyses for …

Dynamic taint analysis is a well-known information flow analysis problem with many
possible applications. Taint tracking allows for analysis of application data flow by assigning …