A Plugin for Cross-Language Static Analysis for Vulnerability Detection in Android Applications
Many applications are being written in more than one language to take advantage of the features that different languages provide such as native code support, improved performance, and language-specific libraries. However, there are few static analysis tools currently available to analyze the source code of such multilingual applications. Existing work on cross-language (Java and C/C++) analysis fails to detect cross-language buffer overflow vulnerabilities. In this work, we are addressing how to do cross-language analysis between Java and C/C++. Specifically, we propose an approach to do data flow analysis between Java and C/C++ to detect buffer overflow. We have developed PilaiPidi, a tool that can automatically analyze the data flow in projects written in Java and C/C++. Using our approach, we were able to detect real-world buffer overflow vulnerabilities, which are of cross-language nature, in six different well-known Android applications, and out of these, developers have confirmed 11 vulnerabilities in three applications. This tool is also integrated as a plugin for JetBrains, specifically for IntelliJ IDEA and AndroidStudio, due to its practical usefulness of source code analysis for improving Android application security.
Sat 3 MayDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | Session 3: Refactoring & AI, & Session 4: Plugins and applicationsIDE at 205 Chair(s): Danny Dig University of Colorado Boulder, JetBrains Research, Darya Rovdo JetBrains 14:00–14:45 — Session 3. Refactoring and AI. 14:45–15:30 — Session 4. Plugins and applications. | ||
14:00 15mTalk | LLM-Driven Code Refactoring: Opportunities and Limitations IDE Pre-print | ||
14:15 15mTalk | Trust Calibration in IDEs: Paving the Way for Widespread Adoption of AI Refactoring IDE Markus Borg CodeScene Pre-print | ||
14:30 15mTalk | IDE Native, Foundation Model Based Agents for Software Refactoring IDE Pre-print | ||
14:45 15mTalk | Using CognitIDE to Capture Developers’ Cognitive Load via Physiological Activity During Everyday Software Development Tasks IDE Fabian Stolp Hasso Plattner Institute, University of Potsdam, Charlotte Brandebusemeyer Hasso Plattner Institute, University of Potsdam, Franziska Hradilak Hasso Plattner Institute, University of Potsdam, Lara Kursawe Hasso Plattner Institute, University of Potsdam, Magnus Menger Hasso Plattner Institute, University of Potsdam, Franz Sauerwald Hasso Plattner Institute, University of Potsdam, Bert Arnrich Hasso Plattner Institute, University of Potsdam Pre-print | ||
15:00 15mTalk | A Prototype VS Code Extension to Improve Web Accessible Development IDE Elisa Calì Politecnico di Torino, Tommaso Fulcini Politecnico di Torino, Riccardo Coppola Politecnico di Torino, Lorenzo Laudadio Politecnico di Torino, Marco Torchiano Politecnico di Torino Pre-print | ||
15:15 15mTalk | A Plugin for Cross-Language Static Analysis for Vulnerability Detection in Android Applications IDE Kishanthan Thangarajah Centre for Software Excellence, Huawei Canada, Noble Saji Mathews University of Waterloo, Canada, Mei Nagappan University of Waterloo Pre-print |