MétaCan
Menu
Back to cohort
Record W2767357856 · doi:10.1109/icsme.2017.77

Evaluating State-of-the-Art Free and Open Source Static Analysis Tools Against Buffer Errors in Android Apps

2017· article· en· W2767357856 on OpenAlex
Bushra Aloraini, Meiyappan Nagappan

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

affAt least one author lists a Canadian institution in the pinned OpenAlex snapshot.

Bibliographic record

Venuenot available
Typearticle
Languageen
FieldComputer Science
TopicAdvanced Malware Detection Techniques
Canadian institutionsUniversity of Waterloo
Fundersnot available
KeywordsAndroid (operating system)Computer scienceStatic analysisMalwareMobile deviceComputer securityAndroid malwareMalware analysisStatic program analysisBuffer overflowOperating systemSoftware

Abstract

fetched live from OpenAlex

Modern mobile apps incorporate rich and complex features, opening the doors for different security concerns. Android is the dominant platform in mobile app markets, and enhancing its apps security is a considerable area of research. Android malware (introduced intentionally by developers) has been well studied and many tools are available to detect them. However, little attention has been directed to address vulnerabilities caused unintentionally by developers in Android apps. Static analysis has been one way to detect such vulnerabilities in traditional desktop and server side desktop. Therefore, our research aims at assessing static analysis tools that could be used by Android developers. Our preliminary analysis revealed that Buffer Errors are the most frequent type of vulnerabilities that threaten Android apps. Also, we found that Buffer Errors in Android apps have the highest risk on Android that affects data integrity, confidentiality, and availability. Our main study therefore tested whether state-of-the-art static analysis tools could detect Buffer Errors in Android apps. We investigated 6 static analysis tools that are designed to detect Buffer Errors. The study shows that the free and open source state-of-the-art static analysis tools do not efficiently discover Buffer Error vulnerabilities in Android apps. We analyzed the tools carefully to see why they could not discover Buffer Errors and found that the lack of semantic analysis capabilities, inapplicability to Android apps, and the gap between native code and other contexts were some of the reasons. Thus, we concluded that there is a need to build better free and open source static analysis tools for detecting Buffer Errors in Android apps.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.001
metaresearch head score (Gemma)0.001
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesnone
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Other design · Consensus signal: none
GenreCandidate signal: Empirical · Consensus signal: none
Teacher disagreement score0.961
Threshold uncertainty score0.497

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0010.001
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0010.001
Open science0.0030.003
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.058
GPT teacher head0.360
Teacher spread0.303 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it

Quick stats

Citations10
Published2017
Admission routes1
Has abstractyes

Explore more

Same topicAdvanced Malware Detection TechniquesFrench-language works237,207