Write a Blog >>
ICPC 2021
Tue 18 - Thu 20 May 2021
co-located with ICSE 2021
Thu 20 May 2021 16:15 - 16:20 at ICPC Main Room - Verification & Validation Chair(s): Iftekhar Ahmed

Modern software applications, including commercial ones, extensively use Open-Source Software (OSS) components, accounting for 90% of software products on the market. This has serious security implications, mainly because developers rely on non-updated versions of libraries affected by software vulnerabilities. Several tools have been developed to help developers detect these vulnerable libraries and assess and mitigate their impact. The most advanced tools apply sophisticated reachability analyses to achieve high accuracy; however, they need additional data (in particular, concrete execution traces, such as those obtained by running a test suite) that is not always readily available. In this work, we propose SIEGE, a novel automatic exploit generation approach based on genetic algorithms, which generates test cases that execute the methods in a library known to contain a vulnerability. These test cases represent precious, concrete evidence that the vulnerable code can indeed be reached; they are also useful for security researchers to better understand how the vulnerability could be exploited in practice. This technique has been implemented as an extension of EvoSuite and applied on set of 11 vulnerabilities exhibited by widely used OSS Java libraries. Our initial findings show promising results that deserve to be assessed further in larger-scale empirical studies.

Thu 20 May

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 16:40
Verification & ValidationResearch / Replications and Negative Results (RENE) / Early Research Achievement (ERA) at ICPC Main Room
Chair(s): Iftekhar Ahmed University of California, Irvine
16:00
5m
Paper
Understanding Execution Environment of File-Manipulation Scripts by Extracting Pre-Conditions
Early Research Achievement (ERA)
Rodney Rodriguez University of Texas at San Antonio, USA, Xiaoyin Wang University of Texas at San Antonio
Media Attached
16:05
10m
Paper
RAID: Tool Support for Refactoring-Aware Code Reviews
Research
Rodrigo Brito Federal University of Minas Gerais, Brazil, Marco Tulio Valente Federal University of Minas Gerais, Brazil
Pre-print Media Attached
16:15
5m
Paper
Toward Automated Exploit Generation for Known Vulnerabilities in Open-Source Libraries
Early Research Achievement (ERA)
Emanuele Iannone University of Salerno, Dario Di Nucci Tilburg University, Antonino Sabetta SAP Security Research, Andrea De Lucia University of Salerno
Pre-print Media Attached
16:20
10m
Paper
What is the Vocabulary of Flaky Tests? An Extended Replication
Replications and Negative Results (RENE)
Bruno Henrique Pachulski Camara Federal University of Paraná, Marco Aurélio Graciotto Silva Federal University of Technology - Paraná (UTFPR), André T. Endo Federal University of Technology - Paraná (UTFPR), Silvia Regina Vergilio Federal University of Paraná
Pre-print Media Attached
16:30
10m
Paper
Shallow or Deep? An Empirical Study on Detecting Vulnerabilities using Deep Learning
Research
Alejandro Mazuera-Rozo Università della Svizzera italiana & Universidad de los Andes, Anamaria Mojica-Hanke Universidad de los Andes, Mario Linares-Vásquez Universidad de los Andes, Gabriele Bavota Software Institute, USI Università della Svizzera italiana
Pre-print Media Attached

Information for Participants
Thu 20 May 2021 16:00 - 16:40 at ICPC Main Room - Verification & Validation Chair(s): Iftekhar Ahmed
Info for room ICPC Main Room:

Go directly to this room on Clowdr