ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Wed 17 Apr 2024 16:00 - 17:30 at Open Space - SRC Posters Chair(s): Mattia Fazzini, André Restivo

Integer Overflow to Buffer Overflow (IO2BO) vulnerability represents a common bug pattern in system software and is able to be detected by various program analysis methods. Mainstream static approaches apply taint analysis to find source-sink pairs and then submit those suspicious bug locations to dynamic instrumentation or static encoding.

However, works utilizing both methods either fail to handle sanitization code well nor lack the ability to generalize across codebases. In this work, we present IntTracer, which is enhanced with interval domain to model the effect of sanitization in the trace of IO2BO bug, and is able to find recurring vulnerabilities from different development scenarios. IntTracer can successfully prevent generating false positives under 5 scenarios.

Wed 17 Apr

Displayed time zone: Lisbon change

16:00 - 17:30
SRC PostersSRC - ACM Student Research Competition at Open Space
Chair(s): Mattia Fazzini University of Minnesota, André Restivo LIACC, Universidade do Porto, Porto, Portugal
16:00
90m
Poster
Program Decomposition and Translation with Static Analysis
SRC - ACM Student Research Competition
Ali Reza Ibrahimzada University of Illinois Urbana-Champaign
DOI Pre-print File Attached
16:00
90m
Poster
IntTracer: Sanitization-aware IO2BO Vulnerability Detection across Codebases
SRC - ACM Student Research Competition
Xiang Chen Shanghai Jiao Tong University
16:00
90m
Poster
Vulnerability Root Cause Function Locating For Java Vulnerabilities
SRC - ACM Student Research Competition
Lyuye Zhang Nanyang Technological University
16:00
90m
Poster
Flakiness Repair in the Era of Large Language Models
SRC - ACM Student Research Competition
Yang Chen University of Illinois at Urbana-Champaign
16:00
90m
Poster
Refining Abstract Specifications into Dangerous Traffic Scenarios
SRC - ACM Student Research Competition
Aren Babikian McGill University
16:00
90m
Poster
An Ensemble Method for Bug Triaging using Large Language Models
SRC - ACM Student Research Competition
Atish Kumar Dipongkor University of Central Florida
16:00
90m
Poster
Classifying Source Code: How Far Can Compressor-based Classifiers Go?
SRC - ACM Student Research Competition
Zhou Yang Singapore Management University