2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) 2019
DOI: 10.1109/ase.2019.00020
|View full text |Cite
|
Sign up to set email alerts
|

A Qualitative Analysis of Android Taint-Analysis Results

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

2
12
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
4
1

Relationship

1
9

Authors

Journals

citations
Cited by 26 publications
(14 citation statements)
references
References 39 publications
2
12
0
Order By: Relevance
“…As we show in Section VI-E, these issues lead to a profusion of false positives for any data flow tracker that relies on SUSI's source/sink lists. Several works in the literature [57], [24], [35] have come to similar conclusions. Luo et al show that SUSI's sources list leads to a false positive rate of almost 80% while trying to detect sensitive data leaks [35].…”
Section: Introductionsupporting
confidence: 63%
“…As we show in Section VI-E, these issues lead to a profusion of false positives for any data flow tracker that relies on SUSI's source/sink lists. Several works in the literature [57], [24], [35] have come to similar conclusions. Luo et al show that SUSI's sources list leads to a false positive rate of almost 80% while trying to detect sensitive data leaks [35].…”
Section: Introductionsupporting
confidence: 63%
“…Detecting the remaining 21 vulnerabilities by source code analysis is harder due to combinations of factors such as the semantics of general-purpose programming languages (e.g., Java), security-related specs provided by the developer (e.g., source/sink APIs), and the behavior of the underlying system (e.g., Android libraries and runtime). Hence, many existing tools based on source code analysis fail to detect vulnerabilities in real-world apps effectively [31,30,24].…”
Section: Discussionmentioning
confidence: 99%
“…Taint analysis has been particular useful for security, as it "establishes whether values from untrusted methods and parameters may flow into security-sensitive operations" [54]. In the literature, there have been many applications of taint analysis [53], and in particular in recent years on security evaluations of Android applications (e.g., References [38,44,49]).…”
Section: Taint Analysis and Seedingmentioning
confidence: 99%