Write a Blog >>
ICPC 2021
Tue 18 - Thu 20 May 2021
co-located with ICSE 2021
Thu 20 May 2021 16:15 - 16:20 at ICPC Main Room - Verification & Validation Chair(s): Iftekhar Ahmed

Modern software applications, including commercial ones, extensively use Open-Source Software (OSS) components, accounting for 90% of software products on the market. This has serious security implications, mainly because developers rely on non-updated versions of libraries affected by software vulnerabilities. Several tools have been developed to help developers detect these vulnerable libraries and assess and mitigate their impact. The most advanced tools apply sophisticated reachability analyses to achieve high accuracy; however, they need additional data (in particular, concrete execution traces, such as those obtained by running a test suite) that is not always readily available. In this work, we propose SIEGE, a novel automatic exploit generation approach based on genetic algorithms, which generates test cases that execute the methods in a library known to contain a vulnerability. These test cases represent precious, concrete evidence that the vulnerable code can indeed be reached; they are also useful for security researchers to better understand how the vulnerability could be exploited in practice. This technique has been implemented as an extension of EvoSuite and applied on set of 11 vulnerabilities exhibited by widely used OSS Java libraries. Our initial findings show promising results that deserve to be assessed further in larger-scale empirical studies.

Thu 20 May
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

16:00 - 16:40
Verification & ValidationResearch / Replications and Negative Results (RENE) / Early Research Achievement (ERA) at ICPC Main Room
Chair(s): Iftekhar AhmedUniversity of California, Irvine
16:00
5m
Paper
Understanding Execution Environment of File-Manipulation Scripts by Extracting Pre-Conditions
Early Research Achievement (ERA)
Rodney RodriguezUniversity of Texas at San Antonio, USA, Xiaoyin WangUniversity of Texas at San Antonio
16:05
10m
Paper
RAID: Tool Support for Refactoring-Aware Code Reviews
Research
Rodrigo BritoFederal University of Minas Gerais, Brazil, Marco Tulio ValenteFederal University of Minas Gerais, Brazil
Pre-print
16:15
5m
Paper
Toward Automated Exploit Generation for Known Vulnerabilities in Open-Source Libraries
Early Research Achievement (ERA)
Emanuele IannoneUniversity of Salerno, Dario Di NucciTilburg University, Antonino SabettaSAP Security Research, Andrea De LuciaUniversity of Salerno
Pre-print
16:20
10m
Paper
What is the Vocabulary of Flaky Tests? An Extended Replication
Replications and Negative Results (RENE)
Bruno Henrique Pachulski CamaraFederal University of Paraná, Marco Aurélio Graciotto SilvaFederal University of Technology - Paraná (UTFPR), André T. EndoFederal University of Technology - Paraná (UTFPR), Silvia Regina VergilioFederal University of Paraná
Pre-print
16:30
10m
Paper
Shallow or Deep? An Empirical Study on Detecting Vulnerabilities using Deep Learning
Research
Alejandro Mazuera-RozoUniversità della Svizzera italiana & Universidad de los Andes, Anamaria Mojica-HankeUniversidad de los Andes, Mario Linares-VásquezUniversidad de los Andes, Gabriele BavotaSoftware Institute, USI Università della Svizzera italiana
Pre-print
Hide past events

Information for Participants
Info for ICPC Main Room: