Static detection of cross-site scripting vulnerabilities Wassermann, Gary; Su, Zhendong
2008 ACM/IEEE 30th International Conference on Software Engineering,
01/2008, Letnik:
2008, Številka:
24
Conference Proceeding, Journal Article
Web applications support many of our daily activities, but they often have security problems, and their accessibility makes them easy to exploit. In cross-site scripting (XSS), an attacker exploits ...the trust a web client (browser) has for a trusted server and executes injected script on the browser with the server's privileges. In 2006, XSS constituted the largest class of newly reported vulnerabilities making it the most prevalent class of attacks today. Web applications have XSS vulnerabilities because the validation they perform on untrusted input does not suffice to prevent that input from invoking a browser's JavaScript interpreter, and this validation is particularly difficult to get right if it must admit some HTML mark-up. Most existing approaches to finding XSS vulnerabilities are taint-based and assume input validation functions to be adequate, so they either miss real vulnerabilities or report many false positives.
This paper presents a static analysis for finding XSS vulnerabilities that directly addresses weak or absent input validation. Our approach combines work on tainted information flow with string analysis. Proper input validation is difficult largely because of the many ways to invoke the JavaScript interpreter; we face the same obstacle checking for vulnerabilities statically, and we address it by formalizing a policy based on the W3C recommendation, the Firefox source code, and online tutorials about closed-source browsers. We provide effective checking algorithms based on our policy. We implement our approach and provide an extensive evaluation that finds both known and unknown vulnerabilities in real-world web applications.
Concolic execution and fuzzing are two complementary coverage-based testing techniques. How to achieve the best of both remains an open challenge. To address this research problem, we propose and ...evaluate Legion. Legion re-engineers the Monte Carlo tree search (MCTS) framework from the AI literature to treat automated test generation as a problem of sequential decision-making under uncertainty. Its best-first search strategy provides a principled way to learn the most promising program states to investigate at each search iteration, based on observed rewards from previous iterations. Legion incorporates a form of directed fuzzing that we call approximate path-preserving fuzzing (APPFuzzing) to investigate program states selected by MCTS. APPFuzzing serves as the Monte Carlo simulation technique and is implemented by extending prior work on constrained sampling. We evaluate Legion against competitors on 2531 benchmarks from the coverage category of Test-Comp 2020, as well as measuring its sensitivity to hyperparameters, demonstrating its effectiveness on a wide variety of input programs.
DroidStar Radhakrishna, Arjun; Lewchenko, Nicholas V.; Meier, Shawn ...
2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE),
05/2018
Conference Proceeding
Event-driven programming frameworks, such as Android, are based on components with asynchronous interfaces. The protocols for interacting with these components can often be described by finite-state ...machines we dub callback typestates. Callback typestates are akin to classical typestates, with the difference that their outputs (callbacks) are produced asynchronously. While useful, these specifications are not commonly available, because writing them is difficult and error-prone.
Our goal is to make the task of producing callback typestates significantly easier. We present a callback typestate assistant tool, DroidStar, that requires only limited user interaction to produce a callback typestate. Our approach is based on an active learning algorithm, L*. We improved the scalability of equivalence queries (a key component of L*), thus making active learning tractable on the Android system.
We use DroidStar to learn callback typestates for Android classes both for cases where one is already provided by the documentation, and for cases where the documentation is unclear. The results show that DROIDSTAR learns callback typestates accurately and efficiently. Moreover, in several cases, the synthesized callback typestates uncovered surprising and undocumented behaviors.
Replication Package for Input Algebras Gopinath, Rahul; Nemati, Hamed; Zeller, Andreas
2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)
Conference Proceeding
Grammar-based fuzzers are effective and efficient. They can produce an infinite number of syntactically valid test inputs, which can be used to explore the input space without bias. However, it is ...notoriously difficult to generate focused inputs to induce a specific behavior such as failure without affecting their effectiveness. This is the fuzzer taming problem. In our paper Input Algebras, we show how one can specialize the grammar towards inclusion or exclusion of specific patterns, and their arbitrary boolean combinations. The resulting specialized grammars can be used both for focused fuzzing and also as validators that can indicate the presence or absence of specific behavior-inducing input patterns. In our evaluation of real-world bugs, we show that specialized grammars are accurate both in producing and validating targeted inputs. We also provide a completely worked out Jupyter notebook that explains our algorithms in detail along with a sufficient number of examples. Further, we describe in detail how to replicate our evaluation.
Due to the popularization of Android and the full range of applications (apps) targeting this platform, many security issues have emerged, attracting researchers and practitioners' attention. As ...such, many techniques for addressing security Android issues appeared, including approaches for mining sandboxes. Previous research studies have compared Android test case generation tools for this specific goal. Our research aims to explore new techniques for mining sandboxes, especially we are interested in understanding the limits of both static and dynamic analysis in this process. Although the use of tests for mining sandboxes has been explored before, the potential to combine static analysis and dynamic analysis has not been sufficiently investigated yet. That is, in this thesis we will investigate the hypothesis that combining static and dynamic analysis techniques increases the process of mining Android sandboxes.
Awareness and perception of Agile in saudi software industry Altuwaijri, Fahad S; Ferrario, Maria Angela
2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS),
05/2021
Conference Proceeding
Odprti dostop
Over the last two decades, Agile software development methodology has garnered significant interest in both software industry and research with several studies investigating the level of awareness, ...perception and use of Agile in software engineering practice. However, most of these studies have focused on Agile practice in developed countries, with only a handful having been conducted in developing countries, especially in the Middle East. This is problematic given the strategic and economic importance of software industry in countries such as Saudi Arabia. This paper aims to start addressing this research gap with an empirical investigation of the awareness and perceptions of Agile among software practitioners in Saudi Arabia and the extent to which they are adopting Agile methods. To this end, we conduct four semi-structured interviews with expert software practitioners and a survey with 31 respondents, all from the mobile development software industry. Our findings indicate that there it seems to be a low level of awareness and usage of Agile in the country. However, we also find that those who use Agile, are appreciative of its benefits which include project management flexibility, rapid response to change, and a positive effect on team morale and communication.
BeAFix Brida, Simon Gutierrez; Regis, German; Zheng, Guolong ...
2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE),
11/2021
Conference Proceeding
This paper describes BeAFix, a tool for automated repair of faulty Alloy models. The tool builds upon the Alloy Analyzer, the analysis tool for Alloy. It generates repair candidates by mutating a ...faulty Alloy model, and employs a bounded-exhaustive approach to traverse the space of repair candidates. Since BeAFix's mutation operators make the space of repair candidates to quickly grow, the tool supports some sound pruning techniques, that allow it to fix Alloy models with more than one faulty line or expression. Additionally, BeAFix does not require tests as a patch acceptance criterion. Although BeAFix supports tests as oracles, our tool is also able to leverage property-based oracles, which are more commonly found in Alloy models in the form of predicate satisfiability and assertion validity checks.
A video demonstration of BeAFix can be found at https://youtu.be/5RG40SmlFXQ. The tool's binaries and further details about its usage, can all be found at https://sites.google.com/view/beafixevaluation/beafix. The tool is also available in a public archive at https://doi.org/10.5281/zenodo.5296466.
Autonomous Driving Systems (ADSs), which replace humans to drive vehicles, are complex software systems deployed in autonomous vehicles (AVs). Since the execution of ADSs highly relies on maps, it is ...essential to perform global map-based testing for ADSs to guarantee their correctness and AVs' safety in different situations. Existing methods focus more on specific scenarios rather than global testing throughout the map. Testing on a global map is challenging since the complex lane connections in a map can generate enormous scenarios. In this work, we propose Atlas, an approach to ADSs' collision avoidance testing using map topology-based scenario classification. The core insight of Atlas is to generate diverse testing scenarios by classifying junction lanes according to their topology-based interaction patterns. First, Atlas divides the junction lanes into different classes such that an ADS can execute similar collision avoidance maneuvers on the lanes in the same class. Second, for each class, Atlas selects one junction lane to construct the testing scenario and generate test cases using a genetic algorithm. Finally, we implement and evaluate Atlas on Baidu Apollo with the LGSVL simulator on the San Francisco map. Results show that Atlas exposes nine types of real issues in Apollo 6.0 and reduces the number of junction lanes for testing by 98%.
Property-based test for part-of-speech tagging tool Jin, Shuo; Chen, Songqiang; Xie, Xiaoyuan
2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE),
11/2021
Conference Proceeding
Part-of-Speech (POS) tagging for sentences is a basic and widely-used Natural Language Processing (NLP) technique. People rely heavily on it to predict POS tags that serve as the base for many ...advanced NLP tasks, such as sentiment analysis, word sense disambiguation, and information retrieval. However, POS tagging tools could make wrong predictions, which bring consequent error propagation to the advanced tasks and even cause serious threats in critical application domains. In this paper, we propose to test POS tagging tools with Metamorphic Testing against some properties that they should follow. The preliminary exploration with two groups of Metamorphic Relations shows that our method can effectively reveal defects of three common POS tagging tools (i.e., spaCy, NLTK, and Flair) on handling fairly simple intra- and inter-sentence transformation regarding adverbial clause and sentence appending. This demonstrates the great potential of our method to deliver a systematic test and reveal the unaware issues, which may benefit the validation, repair, and improvement, for POS tagging tools.
Search-based test generation for Android apps Moreno, Iván Arcuschin
2020 IEEE/ACM 42nd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion),
06/2020
Conference Proceeding
Despite their growing popularity, apps tend to contain defects which can ultimately manifest as failures (or crashes) to end-users. Different automated tools for testing Android apps have been ...proposed in order to improve software quality. Although Genetic Algorithms and Evolutionary Algorithms (EA) have been promising in recent years, in light of recent results, it seems they are not yet fully tailored to the problem of Android test generation. Thus, this thesis aims to design and evaluate algorithms for alleviating the burden of testing Android apps. In particular, I plan to investigate which is the best search-based algorithm for this particular problem. As the thesis advances, I expect to develop a fully open-source test case generator for Android applications that will serve as a framework for comparing different algorithms. These algorithms will be compared using statistical analysis on both open-source (i.e., from F-Droid) and commercial applications (i.e., from Google Play Store).