This program is tentative and subject to change.
Mon 17 Nov 2025 15:00 - 18:00 at Walker Hall - Tools - Testing & Analysis
Architectural threat modeling is a crucial technique for identifying and mitigating security threats in software systems, helping to prevent costly design flaws. While existing tools aim to reduce its resource-intensive nature through automation, they often lack key features—such as scriptability and integration capabilities—needed for practical use in development workflows.
In this paper, we present FlowStrider, a tool that addresses these shortcomings by implementing a new, practice-oriented workflow and enabling CI/CD integration through scriptability. FlowStrider reduces the required manual effort, enhances the quality of analysis results, and eases integration into software development workflows, thereby lowering the adoption barrier for continuous threat modeling.
This program is tentative and subject to change.
Mon 17 NovDisplayed time zone: Seoul change
Mon 17 Nov
Displayed time zone: Seoul change
15:00 - 18:00 | |||
15:00 3hDemonstration | Towards Context-aware Mobile Privacy Notice: Implementation of A Deployable Contextual Privacy Policies Generator Tool Demonstration Track Haochen Gong Australian National University, Zhen Tao Technical University of Munich, Shidong Pan Columbia University & New York University, Zhenchang Xing CSIRO's Data61, Xiaoyu Sun Australian National University, Australia | ||
15:00 3hDemonstration | Metamorphic Testing of Deep Reinforcement Learning Agents with MDPMORPH Tool Demonstration Track Jiapeng Li Beihang University, Zheng Zheng Beihang University, Yuning Xing University of Auckland, Daixu Ren Beihang University, Steven Cho The University of Auckland, New Zealand, Valerio Terragni University of Auckland | ||
15:00 3hDemonstration | FlowStrider: Low-friction Continuous Threat Modeling Tool Demonstration Track Bernd Gruner German Aerospace Center (DLR), Institute of Data Science, Noah Erthel German Aerospace Center (DLR), Clemens-Alexander Brust German Aerospace Center (DLR) | ||
15:00 3hDemonstration | ReFuzzer: Feedback-Driven Approach to Enhance Validity of LLM-Generated Test Programs Tool Demonstration Track Iti Shree King's College London, Karine Even-Mendoza King’s College London, Tomasz Radzik King's College London | ||
15:00 3hDemonstration | DESIGNATOR: a Toolset for Automated GAN-enhanced Search-based Testing and Retraining of DNNs in Martian Environments Tool Demonstration Track Pre-print | ||
15:00 3hDemonstration | Chrysalis: A Lightweight Framework for Metamorphic Testing in Python Tool Demonstration Track Jai Parera University of California, Los Angeles, Nathan Huey University of California, Los Angeles, Ben Limpanukorn University of California, Los Angeles, Miryung Kim UCLA and Amazon Web Services | ||
15:00 3hDemonstration | AndroFL: Evolutionary-Driven Fault Localization for Android Apps Tool Demonstration Track Vishal Singh Indian Institute of Technology Kanpur, Ravi Shankar Das Indian Institute of Technology Kanpur, Prajwal H G InMobi, Subhajit Roy IIT Kanpur DOI | ||
15:00 3hDemonstration | XRintTest: An Automated Framework for User Interaction Testing in Extended Reality Applications Tool Demonstration Track Ruizhen Gu University of Sheffield, José Miguel Rojas University of Sheffield, Donghwan Shin University of Sheffield Pre-print | ||
15:00 3hDemonstration | Training-Control-as-Code: Towards a declarative solution to control training Tool Demonstration Track Padmanabha V. Seshadri IBM India Research Lab, Harikrishnan Balagopal IBM India Research Lab, Mehant Kammakomati IBM India Research Lab, Ashok Pon Kumar IBM Research - India, Dushyant Behl IBM Research Media Attached | ||
15:00 3hDemonstration | VUSC: An Extensible Research Platform for Java-Based Static Analysis Tool Demonstration Track | ||
15:00 3hDemonstration | BASHIRI: Learning Failure Oracles from Execution Features Tool Demonstration Track Marius Smytzek CISPA Helmholtz Center for Information Security, Martin Eberlein Humboldt-Universtität zu Berlin, Tural Mammadov CISPA Helmholtz Center for Information Security, Lars Grunske Humboldt-Universität zu Berlin, Andreas Zeller CISPA Helmholtz Center for Information Security | ||
15:00 3hDemonstration | FETT: Fault Injection as an Educational and Training Tool in Cybersecurity Tool Demonstration Track Anaé De Baets University of Namur, Guillaume Nguyen University of Namur, Xavier Devroey University of Namur, Fabian Gilson University of Canterbury Pre-print | ||