ASE 2022 (series) / Tool Demonstrations / A transformer-based IDE plugin for vulnerability detection
A transformer-based IDE plugin for vulnerability detectionVirtual
Wed 12 Oct 2022 09:30 - 10:00 at Ballroom A - Tool Poster Session 2
Thu 13 Oct 2022 10:30 - 10:40 at Ballroom C East - Technical Session 23 - Security Chair(s): John-Paul Ore
Thu 13 Oct 2022 10:30 - 10:40 at Ballroom C East - Technical Session 23 - Security Chair(s): John-Paul Ore
Automatic vulnerability detection is of paramount importance to promote the security of an application and should be exercised at the earliest stages within the software development life cycle (SDLC) to reduce the risk of exposure. Despite the advancements with state-of-the-art deep learning techniques in software vulnerability detection, the development environments are not yet leveraging their performance. In this work, we integrate the Transformers architecture, one of the main highlights of advances in deep learning for Natural Language Processing, within a developer-friendly tool for code security. We introduce VDet for Java, a transformer-based VS Code extension that enables one to discover vulnerabilities in Java files. Our preliminary model evaluation presents an accuracy of 85.8% for multi-label classification and can detect up to 21 vulnerability types. The demonstration of our tool can be found at https://youtu.be/OjiUBQ6TdqE.
Wed 12 OctDisplayed time zone: Eastern Time (US & Canada) change
Wed 12 Oct
Displayed time zone: Eastern Time (US & Canada) change
09:30 - 10:00 | |||
09:30 30mDemonstration | ElecDaug: Electromagnetic Data Augmentation for Model Repair based on Metamorphic Relation Tool Demonstrations Jiawei He , Zhida Bao Harbin Engineering University, Quanjun Zhang Nanjing University, Weisong Sun State Key Laboratory for Novel Software Technology, Nanjing University, Jiawei Liu Nanjing University, Chunrong Fang Nanjing University, Yun Lin National University of Singapore | ||
09:30 30mDemonstration | CBMC-SSM: Bounded Model Checking of C Programs with Symbolic Shadow Memory Tool Demonstrations Bernd Fischer Stellenbosch University, South Africa, Salvatore La Torre Università degli Studi di Salerno, Gennaro Parlato University of Molise, Peter Schrammel University of Sussex and Diffblue Ltd | ||
09:30 30mDemonstration | ADEPT: A Testing Platform for Simulated Autonomous DrivingVirtual Tool Demonstrations Sen Wang Nanjing University, Zhuheng Sheng Nanjing University, Jingwei Xu , Taolue Chen University of Surrey, UK, Junjun Zhu Nanjing University, Shuhui Zhang Nanjing University, Yuan Yao Nanjing University, Xiaoxing Ma Nanjing University | ||
09:30 30mDemonstration | Augur: Dynamic Taint Analysis for Asynchronous JavaScript Tool Demonstrations Mark W. Aldrich Tufts University, Alexi Turcotte Northeastern University, Matthew Blanco Northeastern University, Frank Tip Northeastern University | ||
09:30 30mDemonstration | FlexType: A Plug-and-Play Framework for Type Inference Models Tool Demonstrations Sivani Voruganti UC Davis, Kevin Jesse University of California at Davis, USA, Prem Devanbu Department of Computer Science, University of California, Davis Pre-print | ||
09:30 30mDemonstration | InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts Tool Demonstrations Pre-print | ||
09:30 30mDemonstration | AntiCopyPaster: Extracting Code Duplicates As Soon As They Are Introduced in the IDE Tool Demonstrations Eman Abdullah AlOmar Stevens Institute of Technology, Anton Ivanov HSE University, Zarina Kurbatova JetBrains Research, Yaroslav Golubev JetBrains Research, Mohamed Wiem Mkaouer Rochester Institute of Technology, Ali Ouni ETS Montreal, University of Quebec, Timofey Bryksin JetBrains Research, Le Nguyen Rochester Institute of Technology, Amit Kini Rochester Institute of Technology, Aditya Thakur Rochester Institute of Technology DOI Pre-print | ||
09:30 30mDemonstration | ecoCode: a SonarQube Plugin to Remove Energy Smells from Android Projects Tool Demonstrations DOI File Attached | ||
09:30 30mDemonstration | Answering Software Deployment Questions via Neural Machine Reading at ScaleVirtual Tool Demonstrations Guan Jie Qiu School of Software, Shanghai Jiao Tong University, Diwei Chen School of Software, Shanghai Jiao Tong University, Shuai Zhang School of Software, Shanghai Jiao Tong University, Yitian Chai School of Software, Shanghai Jiao Tong University, Xiaodong Gu Shanghai Jiao Tong University, China, Beijun Shen School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University | ||
09:30 30mDemonstration | LiveRef: a Tool for Live Refactoring Java Code Tool Demonstrations Sara Fernandes FEUP, Universidade do Porto, Ademar Aguiar FEUP, Universidade do Porto, André Restivo LIACC, Universidade do Porto, Porto, Portugal | ||
09:30 30mDemonstration | A transformer-based IDE plugin for vulnerability detectionVirtual Tool Demonstrations Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal | ||
Thu 13 OctDisplayed time zone: Eastern Time (US & Canada) change
Thu 13 Oct
Displayed time zone: Eastern Time (US & Canada) change
10:00 - 12:00 | Technical Session 23 - SecurityTool Demonstrations / Journal-first Papers / Late Breaking Results / Research Papers at Ballroom C East Chair(s): John-Paul Ore North Carolina State University | ||
10:00 10mDemonstration | V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities Tool Demonstrations Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology | ||
10:10 20mPaper | Automatic Detection of Java Cryptographic API Misuses: Are We There Yet? Journal-first Papers Ying Zhang Virginia Tech, USA, Md Mahir Asef Kabir Virginia Tech, Ya Xiao Virginia Tech, Daphne Yao Virginia Tech, Na Meng Virginia Tech DOI Pre-print | ||
10:30 10mDemonstration | A transformer-based IDE plugin for vulnerability detectionVirtual Tool Demonstrations Cláudia Mamede FEUP, U.Porto, Eduard Pinconschi FEUP, U.Porto, Rui Abreu Faculty of Engineering, University of Porto, Portugal | ||
10:40 10mDemonstration | Quacky: Quantitative Access Control Permissiveness Analyzer Tool Demonstrations William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara | ||
10:50 10mPaper | Towards Robust Models of Code via Energy-Based Learning on Auxiliary DatasetsVirtual Late Breaking Results | ||
11:00 10mDemonstration | Xscope: Hunting for Cross-Chain Bridge AttacksVirtual Tool Demonstrations Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen | ||
11:10 20mResearch paper | Reentrancy Vulnerability Detection and Localization: A Deep Learning Based Two-phase ApproachVirtual Research Papers Zhuo Zhang Chongqing University, Yan Lei Chongqing University, Meng Yan Chongqing University, Yue Yu College of Computer, National University of Defense Technology, Changsha 410073, China, Jiachi Chen Sun Yat-Sen University, Shangwen Wang National University of Defense Technology, Xiaoguang Mao National University of Defense Technology | ||