Write a Blog >>
Wed 12 Oct 2022 09:30 - 10:00 at Ballroom A - Tool Poster Session 2
Thu 13 Oct 2022 10:30 - 10:40 at Ballroom C East - Technical Session 23 - Security Chair(s): John-Paul Ore

Automatic vulnerability detection is of paramount importance to promote the security of an application and should be exercised at the earliest stages within the software development life cycle (SDLC) to reduce the risk of exposure. Despite the advancements with state-of-the-art deep learning techniques in software vulnerability detection, the development environments are not yet leveraging their performance. In this work, we integrate the Transformers architecture, one of the main highlights of advances in deep learning for Natural Language Processing, within a developer-friendly tool for code security. We introduce VDet for Java, a transformer-based VS Code extension that enables one to discover vulnerabilities in Java files. Our preliminary model evaluation presents an accuracy of 85.8% for multi-label classification and can detect up to 21 vulnerability types. The demonstration of our tool can be found at https://youtu.be/OjiUBQ6TdqE.

Wed 12 Oct

Displayed time zone: Eastern Time (US & Canada) change

09:30 - 10:00
Tool Poster Session 2Tool Demonstrations at Ballroom A
09:30
30m
Demonstration
ElecDaug: Electromagnetic Data Augmentation for Model Repair based on Metamorphic Relation
Tool Demonstrations
Jiawei He , Zhida Bao Harbin Engineering University, Quanjun Zhang Nanjing University, Weisong Sun State Key Laboratory for Novel Software Technology, Nanjing University, Jiawei Liu Nanjing University, Chunrong Fang Nanjing University, Yun Lin National University of Singapore
09:30
30m
Demonstration
CBMC-SSM: Bounded Model Checking of C Programs with Symbolic Shadow Memory
Tool Demonstrations
Bernd Fischer Stellenbosch University, South Africa, Salvatore La Torre Università degli Studi di Salerno, Gennaro Parlato University of Molise, Peter Schrammel University of Sussex and Diffblue Ltd
09:30
30m
Demonstration
ADEPT: A Testing Platform for Simulated Autonomous DrivingVirtual
Tool Demonstrations
Sen Wang Nanjing University, Zhuheng Sheng Nanjing University, Jingwei Xu , Taolue Chen University of Surrey, UK, Junjun Zhu Nanjing University, Shuhui Zhang Nanjing University, Yuan Yao Nanjing University, Xiaoxing Ma Nanjing University
09:30
30m
Demonstration
Augur: Dynamic Taint Analysis for Asynchronous JavaScript
Tool Demonstrations
Mark W. Aldrich Tufts University, Alexi Turcotte Northeastern University, Matthew Blanco Northeastern University, Frank Tip Northeastern University
09:30
30m
Demonstration
FlexType: A Plug-and-Play Framework for Type Inference Models
Tool Demonstrations
Sivani Voruganti UC Davis, Kevin Jesse University of California at Davis, USA, Prem Devanbu Department of Computer Science, University of California, Davis
Pre-print
09:30
30m
Demonstration
InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts
Tool Demonstrations
Ye Liu Nanyang Technological University, Yi Li Nanyang Technological University
Pre-print
09:30
30m
Demonstration
AntiCopyPaster: Extracting Code Duplicates As Soon As They Are Introduced in the IDE
Tool Demonstrations
Eman Abdullah AlOmar Stevens Institute of Technology, Anton Ivanov HSE University, Zarina Kurbatova JetBrains Research, Yaroslav Golubev JetBrains Research, Mohamed Wiem Mkaouer Rochester Institute of Technology, Ali Ouni ETS Montreal, University of Quebec, Timofey Bryksin JetBrains Research, Le Nguyen Rochester Institute of Technology, Amit Kini Rochester Institute of Technology, Aditya Thakur Rochester Institute of Technology
DOI Pre-print
09:30
30m
Demonstration
ecoCode: a SonarQube Plugin to Remove Energy Smells from Android Projects
Tool Demonstrations
Olivier Le Goaër LIUPPA, Université de Pau et des Pays de l'Adour, Julien Hertout Snapp'
DOI File Attached
09:30
30m
Demonstration
Answering Software Deployment Questions via Neural Machine Reading at ScaleVirtual
Tool Demonstrations
Guan Jie Qiu School of Software, Shanghai Jiao Tong University, Diwei Chen School of Software, Shanghai Jiao Tong University, Shuai Zhang School of Software, Shanghai Jiao Tong University, Yitian Chai School of Software, Shanghai Jiao Tong University, Xiaodong Gu Shanghai Jiao Tong University, China, Beijun Shen School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University
09:30
30m
Demonstration
LiveRef: a Tool for Live Refactoring Java Code
Tool Demonstrations
Sara Fernandes FEUP, Universidade do Porto, Ademar Aguiar FEUP, Universidade do Porto, André Restivo LIACC, Universidade do Porto, Porto, Portugal
09:30
30m
Demonstration
A transformer-based IDE plugin for vulnerability detectionVirtual
Tool Demonstrations
Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal

Thu 13 Oct

Displayed time zone: Eastern Time (US & Canada) change

10:00 - 12:00
Technical Session 23 - SecurityTool Demonstrations / Journal-first Papers / Late Breaking Results / Research Papers at Ballroom C East
Chair(s): John-Paul Ore North Carolina State University
10:00
10m
Demonstration
V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities
Tool Demonstrations
Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology
10:10
20m
Paper
Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?
Journal-first Papers
Ying Zhang Virginia Tech, USA, Md Mahir Asef Kabir Virginia Tech, Ya Xiao Virginia Tech, Daphne Yao Virginia Tech, Na Meng Virginia Tech
DOI Pre-print
10:30
10m
Demonstration
A transformer-based IDE plugin for vulnerability detectionVirtual
Tool Demonstrations
Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal
10:40
10m
Demonstration
Quacky: Quantitative Access Control Permissiveness Analyzer
Tool Demonstrations
William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara
10:50
10m
Paper
Towards Robust Models of Code via Energy-Based Learning on Auxiliary DatasetsVirtual
Late Breaking Results
Nghi D. Q. Bui Singapore Management University, Yijun Yu Huawei Ireland Research Center
11:00
10m
Demonstration
Xscope: Hunting for Cross-Chain Bridge AttacksVirtual
Tool Demonstrations
Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen
11:10
20m
Research paper
Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase ApproachVirtual
Research Papers
Zhuo Zhang Chongqing University, Yan Lei Chongqing University, Meng Yan Chongqing University, Yue Yu College of Computer, National University of Defense Technology, Changsha 410073, China, Jiachi Chen Sun Yat-Sen University, Shangwen Wang National University of Defense Technology, Xiaoguang Mao National University of Defense Technology