AUSERA: Automated Security Vulnerability Detection for Android Apps (ASE 2022 - Tool Demonstrations)

Who

Sen Chen, Yuxin Zhang, Lingling Fan, Jiaming Li, Yang Liu

Track

ASE 2022 Tool Demonstrations

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 11 Oct 2022 10:00 - 10:30 at Ballroom A - Tool Poster Session 1
Tue 11 Oct 2022 12:00 - 12:10 at Gold A - Technical Session 4 - Mobile Apps I Chair(s): Jacques Klein

Abstract

To reduce the attack surface from app source code, massive tools focus on detecting vulnerabilities in Android apps. However, some obvious weaknesses have been highlighted in the previous studies. For example, (1) most of the available tools such as AndroBugs, MobSF, Qark, and Super use pattern-based methods to detect vulnerabilities. Although they are effective in detecting some types, a large number of false positives would be introduced, which inevitably increases the patching overhead for app developers. (2) Similarly, the static taint analysis tools such as FlowDroid and IccTA present hundreds of vulnerability candidates of data leakage instead of confirmed vulnerabilities. (3) Last but not least, a relatively complete vulnerability taxonomy is missing, which would introduce a lot of false negatives. In this paper, based on our prior knowledge in this research domain, we empirically propose a vulnerability taxonomy as the baseline and then extend AUSERA by augmenting the detection capability to 50 vulnerability types. Meanwhile, a new benchmark dataset including all these 50 vulnerabilities is constructed to demonstrate the effectiveness of AUSERA. The tool and datasets are available at: https://github.com/tjusenchen/AUSERA and the demonstration video can be found at: https://youtu.be/UCiGwVaFPpY.

Sen Chen

Tianjin University

China

Yuxin Zhang

Tianjin University

Lingling Fan

Nankai University

Jiaming Li

Tianjin University

Yang Liu

Nanyang Technological University

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Tue 11 Oct
Displayed time zone: Eastern Time (US & Canada) change

10:00 - 10:30	Tool Poster Session 1Tool Demonstrations at Ballroom A

10:00 30m Demonstration		WebMonitor: https://youtu.be/hqVw0JU3k9c Tool Demonstrations Ennio Visconti TU Wien, Christos Tsigkanos University of Bern, Switzerland, Laura Nenzi University of Trieste
10:00 30m Demonstration		Quacky: Quantitative Access Control Permissiveness Analyzer Tool Demonstrations William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara
10:00 30m Demonstration		Snapshot Metrics Are Not Enough: Analyzing Software Repositories with Longitudinal Metrics Tool Demonstrations Nicholas Synovic Loyola University Chicago, Matt Hyatt Loyola University Chicago, Rohan Sethi Loyola University Chicago, Sohini Thota Loyola University Chicago, Shilpika University of California at Davis, Allan J. Miller Loyola University Chicago, Wenxin Jiang Purdue University, Emmanuel S. Amobi Loyola University Chicago, Austin Pinderski Duke University, Loyola University Chicago, Konstantin Läufer Loyola University Chicago, Nicholas J. Hayward Loyola University Chicago, Neil Klingensmith Loyola University Chicago, James C. Davis Purdue University, USA, George K. Thiruvathukal Loyola University Chicago and Argonne National Laboratory
10:00 30m Demonstration		AUSERA: Automated Security Vulnerability Detection for Android AppsVirtual Tool Demonstrations Sen Chen Tianjin University, Yuxin Zhang Tianjin University, Lingling Fan Nankai University, Jiaming Li Tianjin University, Yang Liu Nanyang Technological University
10:00 30m Demonstration		Trimmer: Context-Specific Code ReductionVirtual Tool Demonstrations Aatira Anum Ahmad Lahore University of Management Sciences, Mubashir Anwar University of Illinois Urbana-Champaign, Hashim Sharif University of Illinois at Urbana-Champaign, Ashish Gehani SRI, Fareed Zaffar Lahore University of Management Sciences
10:00 30m Demonstration		Maktub: Lightweight Robot System Test Creation and Automation Tool Demonstrations Amr Moussa North Carolina State University, John-Paul Ore North Carolina State University
10:00 30m Demonstration		V-Achilles: An Interactive Visualization of Transitive Security Vulnerabilities Tool Demonstrations Vipawan Jarukitpipat Mahidol University, Xiao Peng China EverBright Bank, Xiao Peng China EverBright Bank, Chaiyong Ragkhitwetsagul Mahidol University, Thailand, Morakot Choetkiertikul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University, Raula Gaikovina Kula Nara Institute of Science and Technology, Bodin Chinthanet Nara Institute of Science and Technology, Takashi Ishio Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology
10:00 30m Demonstration		RobSimVer: A Tool for RoboSim Modeling and AnalysisVirtual Tool Demonstrations Dehui Du East China Normal University, Ana Cavalcanti University of York, JihuiNie East China Normal University
10:00 30m Demonstration		Xscope: Hunting for Cross-Chain Bridge AttacksVirtual Tool Demonstrations Jiashuo Zhang Peking University, China, Jianbo Gao Peking University, Yue Li Peking University, Ziming Chen Peking University, Zhi Guan Peking University, Zhong Chen
10:00 30m Demonstration		SAFA: A Tool for Supporting Safety Analysis in Evolving Software Systems Tool Demonstrations Alberto D. Rodriguez University of Notre Dame, Timothy Newman University of Notre Dame, Katherine R. Dearstyne University of Notre Dame, Jane Cleland-Huang University of Notre Dame
10:00 30m Demonstration		Building recommender systems for modelling languages with DroidVirtual Tool Demonstrations Lissette Almonte Universidad Autónoma de Madrid, Esther Guerra Universidad Autónoma de Madrid, Iván Cantador Universidad Autónoma de Madrid, Juan de Lara Autonomous University of Madrid Pre-print Media Attached
10:00 30m Demonstration		Shibboleth: Hybrid Patch Correctness Assessment in Automated Program Repair Tool Demonstrations Ali Ghanbari Iowa State University, Andrian Marcus University of Texas at Dallas

10:30 - 12:30	Technical Session 4 - Mobile Apps IResearch Papers / NIER Track / Industry Showcase / Journal-first Papers / Tool Demonstrations at Gold A Chair(s): Jacques Klein University of Luxembourg

10:30 20m Research paper		Mining Android API Usage to Generate Unit Test Cases for Pinpointing Compatibility Issues Research Papers Xiaoyu Sun Monash University, Xiao Chen Monash University, Yanjie Zhao Monash University, Pei Liu Monash University, John Grundy Monash University, Li Li Monash University DOI Pre-print
10:50 20m Paper		Automated, Cost-effective, and Update-driven App TestingVirtual Journal-first Papers Chanh-Duc Ngo University of Luxembourg, Fabrizio Pastore University of Luxembourg, Lionel Briand University of Luxembourg; University of Ottawa Link to publication
11:10 20m Industry talk		Fastbot2: Reusable Automated Model-based GUI Testing for Android Enhanced by Reinforcement LearningVirtual Industry Showcase Zhengwei Lv ByteDance, Chao Peng ByteDance, China, Zhao Zhang Bytedance Network Technology, Ting Su East China Normal University, Kai Liu Bytedance, Ping Yang Bytedance Network Technology
11:30 10m Vision and Emerging Results		Right to Know, Right to Refuse: Towards UI Perception-Based Automated Fine-Grained Permission Controls for Android AppsVirtual NIER Track Vikas K. Malviya Singapore Management University, Chee Wei Leow Singapore Management University, Ashok Kasthuri Singapore Management University, Yan Naing Tun Singapore Management University, Lwin Khin Shar Singapore Management University, Lingxiao Jiang Singapore Management University Pre-print Media Attached
11:40 20m Research paper		MalWhiteout: Reducing Label Errors in Android Malware DetectionVirtual Research Papers Liu Wang Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, China, Xiapu Luo Hong Kong Polytechnic University, Yulei Sui University of Technology Sydney
12:00 10m Demonstration		AUSERA: Automated Security Vulnerability Detection for Android AppsVirtual Tool Demonstrations Sen Chen Tianjin University, Yuxin Zhang Tianjin University, Lingling Fan Nankai University, Jiaming Li Tianjin University, Yang Liu Nanyang Technological University
12:10 20m Research paper		A Comprehensive Evaluation of Android ICC Resolution TechniquesVirtual Research Papers Jiwei Yan Institute of Software at Chinese Academy of Sciences, China, Shixin Zhang Beijing Jiaotong University, China, Yepang Liu Southern University of Science and Technology, Xi Deng Institute of Software, Chinese Academy of Sciences, Jun Yan Institute of Software at Chinese Academy of Sciences, China, Jian Zhang Institute of Software at Chinese Academy of Sciences, China DOI Pre-print