Jonathan Fetter-Degges scite author profile

Jonathan Fetter-Degges

3Publications

34Citation Statements Received

45Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of Maryland, College Park

Publications

Order By: Most citations

Synthesizing framework models for symbolic execution

Jeon

Qiu

Fetter-Degges

et al. 2016

View full text Add to dashboard Cite

Symbolic execution is a powerful program analysis technique, but it is difficult to apply to programs built using frameworks such as Swing and Android, because the framework code itself is hard to symbolically execute. The standard solution is to manually create a framework model that can be symbolically executed, but developing and maintaining a model is difficult and error-prone. In this paper, we present Pasket, a new system that takes a first step toward automatically generating Java framework models to support symbolic execution. Pasket's focus is on creating models by instantiating design patterns. Pasket takes as input class, method, and type information from the framework API, together with tutorial programs that exercise the framework. From these artifacts and Pasket's internal knowledge of design patterns, Pasket synthesizes a framework model whose behavior on the tutorial programs matches that of the original framework. We evaluated Pasket by synthesizing models for subsets of Swing and Android. Our results show that the models derived by Pasket are sufficient to allow us to use off-the-shelf symbolic execution tools to analyze Java programs that rely on frameworks.

show abstract

Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution

Micinski

Fetter-Degges

Jeon

et al. 2015

View full text Add to dashboard Cite

Mobile apps can access a wide variety of secure information, such as contacts and location. However, current mobile platforms include only coarse access control mechanisms to protect such data. In this paper, we introduce interaction-based declassification policies, in which the user's interactions with the app constrain the release of sensitive information. Our policies are defined extensionally, so as to be independent of the app's implementation, based on sequences of security-relevant events that occur in app runs. Policies use LTL formulae to precisely specify which secret inputs, read at which times, may be released. We formalize a semantic security condition, interaction-based noninterference, to define our policies precisely. Finally, we describe a prototype tool that uses symbolic execution of Dalvik bytecode to check interaction-based declassification policies for Android, and we show that it enforces policies correctly on a set of apps. 1 public class BumpApp extends Activity { 2 protected void onCreate(. . .) { 3 Button sendBtn = (Button) findViewById(. . .); 4 CheckBox idBox = (CheckBox) findViewById(. . .); 5 CheckBox phBox = (CheckBox) findViewById(. . .); 6 TelephonyManager manager = TelephonyManager.getTelephonyManager(); 7 final int id = manager.getDeviceId(); 8 final int ph = manager.getPhoneNumber(); 9 idBox.setChecked(false ); phBox.setChecked(false); 10 sendBtn. setOnClickListener ( 11 new OnClickListener() { 12 public void onClick(View v) { 13 if (idBox.isChecked()) 14 Internet . sendInt( id ); //Internet.sendInt(ph); 15 if (phBox.isChecked()) 16Internet . sendInt(ph); //Internet.sendInt(id);

show abstract

Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution

Micinski¹,

Fetter-Degges²,

Jeon³

et al. 2015

Preprint

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.