Write a Blog >>
ICSE 2022
Sun 8 - Fri 27 May 2022
Wed 11 May 2022 03:15 - 03:20 at ICSE room 3-odd hours - Software Security 2 Chair(s): Liliana Pasquale
Wed 11 May 2022 22:20 - 22:25 at ICSE room 2-even hours - Software Security 6 Chair(s): Travis Breaux

Memory-related vulnerabilities constitute severe threats to the security of modern software. Despite the successes of deep learningbased approaches to generic vulnerability detection, they are still limited by the underutilization of flow information and coarse granularity when applied for detecting high-level memory-related vulnerabilities, resulting in high false positive rate. In this paper, we propose MVD, a statement-level memory-related vulnerability detection approach based on flow-sensitive graph neural networks (FS-GNN). FS-GNN is employed to jointly embed both unstructured information (i.e., source code) and structured information (i.e., control- and data-flow) to capture implicit memory-related vulnerability patterns. We evaluate MVD on the dataset which contains 4,353 real-world memory-related vulnerabilities, and compare our approach with three state-of-the-art deep learning-based approaches as well as five popular static analysis-based memory detectors. The experiment results show that MVD achieves better detection accuracy, outperforming state-of-the-art approaches. Furthermore, MVD makes a great trade-off between accuracy and efficiency over baselines.

Wed 11 May

Displayed time zone: Eastern Time (US & Canada) change

03:00 - 04:00
Software Security 2Journal-First Papers / Technical Track at ICSE room 3-odd hours
Chair(s): Liliana Pasquale University College Dublin & Lero
03:00
5m
Talk
Lags in the release, adoption, and propagation of npm vulnerability fixes
Journal-First Papers
Bodin Chinthanet Nara Institute of Science and Technology, Raula Gaikovina Kula Nara Institute of Science and Technology, Shane McIntosh University of Waterloo, Takashi Ishio Nara Institute of Science and Technology, Akinori Ihara Wakayama University, Kenichi Matsumoto Nara Institute of Science and Technology
Link to publication DOI Pre-print Media Attached
03:05
5m
Talk
The Case for Adaptive Security Interventions
Journal-First Papers
Irum Rauf The Open University, UK, Marian Petre The Open University, Thein Tun , Tamara Lopez The Open University, Paul Lunn The University of Manchester, UK, Dirk van der Linden Northumbria University, John Towse Department of Psychology, University of Lancaster, UK, Helen Sharp The Open University, Mark Levine Lancaster University, Awais Rashid University of Bristol, UK, Bashar Nuseibeh The Open University (UK) & Lero (Ireland)
Link to publication DOI Pre-print Media Attached
03:10
5m
Talk
Out of Sight, Out of Mind? How Vulnerable Dependencies Affect Open-Source Projects
Journal-First Papers
Gede Artha Azriadi Prana Singapore Management University, Abhishek Sharma Veracode, Inc., Lwin Khin Shar Singapore Management University, Darius Foo National University of Singapore, Andrew Santosa Veracode, Inc., Asankhaya Sharma Veracode, Inc., David Lo Singapore Management University
Pre-print Media Attached
03:15
5m
Talk
MVD: Memory-related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks
Technical Track
Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Lili Bo Yangzhou University, Rongxin Wu Xiamen University, Bin Li Yangzhou University, Chuanqi Tao Nanjing University of Aeronautics and Astronautics
DOI Pre-print Media Attached
03:20
5m
Talk
VulCNN: An Image-inspired Scalable Vulnerability Detection System
Technical Track
Yueming Wu Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Shihan Dou Huazhong University of Science and Technology, Wei Yang University of Texas at Dallas, Duo Xu Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology
DOI Pre-print Media Attached
03:25
5m
Talk
DeFault: Mutual Information-based Crash Triage for Massive Crashes
Technical Track
Xing Zhang National University of Defense Technology, Jiongyi Chen National University of Defense Technology, Chao Feng National University of Defense Technology, Ruilin Li National University of Defense Technolog, Wenrui Diao Shandong University, Kehuan Zhang The Chinese University of Hong Kong
Pre-print Media Attached
22:00 - 23:00
Software Security 6Technical Track / Journal-First Papers at ICSE room 2-even hours
Chair(s): Travis Breaux Carnegie Mellon University
22:00
5m
Talk
Lags in the release, adoption, and propagation of npm vulnerability fixes
Journal-First Papers
Bodin Chinthanet Nara Institute of Science and Technology, Raula Gaikovina Kula Nara Institute of Science and Technology, Shane McIntosh University of Waterloo, Takashi Ishio Nara Institute of Science and Technology, Akinori Ihara Wakayama University, Kenichi Matsumoto Nara Institute of Science and Technology
Link to publication DOI Pre-print Media Attached
22:05
5m
Talk
Aper: Evolution-Aware Runtime Permission Misuse Detection for Android Apps
Technical Track
Sinan Wang Southern University of Science and Technology, Yibo Wang Northeastern University, Xian Zhan The Hong Kong Polytechnic University, Ying Wang Northeastern University, China, Yepang Liu Southern University of Science and Technology, Xiapu Luo Hong Kong Polytechnic University, Shing-Chi Cheung Hong Kong University of Science and Technology
DOI Pre-print Media Attached
22:10
5m
Talk
A Grounded Theory Based Approach to Characterize Software Attack Surfaces
Technical Track
sara moshtari Rochester Institute of Technology, Ahmet Okutan Rochester Institute of Technology, Mehdi Mirakhorli Rochester Institute of Technology
Pre-print Media Attached
22:15
5m
Talk
The Extent of Orphan Vulnerabilities from Code Reuse in Open Source SoftwareNominated for Distinguished Paper
Technical Track
David Reid University of Tennessee, Mahmoud Jahanshahi Research Assistant, University of Tennessee Knoxville, Audris Mockus The University of Tennessee
DOI Pre-print Media Attached
22:20
5m
Talk
MVD: Memory-related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks
Technical Track
Sicong Cao Yangzhou University, Xiaobing Sun Yangzhou University, Lili Bo Yangzhou University, Rongxin Wu Xiamen University, Bin Li Yangzhou University, Chuanqi Tao Nanjing University of Aeronautics and Astronautics
DOI Pre-print Media Attached
22:25
5m
Talk
VulCNN: An Image-inspired Scalable Vulnerability Detection System
Technical Track
Yueming Wu Huazhong University of Science and Technology, Deqing Zou Huazhong University of Science and Technology, Shihan Dou Huazhong University of Science and Technology, Wei Yang University of Texas at Dallas, Duo Xu Huazhong University of Science and Technology, Hai Jin Huazhong University of Science and Technology
DOI Pre-print Media Attached

Information for Participants
Wed 11 May 2022 03:00 - 04:00 at ICSE room 3-odd hours - Software Security 2 Chair(s): Liliana Pasquale
Info for room ICSE room 3-odd hours:

Click here to go to the room on Midspace

Wed 11 May 2022 22:00 - 23:00 at ICSE room 2-even hours - Software Security 6 Chair(s): Travis Breaux
Info for room ICSE room 2-even hours:

Click here to go to the room on Midspace