μSE: Mutation-based Evaluation of Security-focused Static Analysis Tools for Android

02/12/2021
by   Amit Seal Ami, et al.
0

This demo paper presents the technical details and usage scenarios of μSE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess the robustness of a given test-suite. However, we leverage this technique to systematically evaluate static analysis tools and uncover and document soundness issues. μSE's analysis has found 25 previously undocumented flaws in static data leak detection tools for Android. μSE offers four mutation schemes, namely Reachability, Complex-reachability, TaintSink, and ScopeSink, which determine the locations of seeded mutants. Furthermore, the user can extend μSE by customizing the API calls targeted by the mutation analysis. μSE is also practical, as it makes use of filtering techniques based on compilation and execution criteria that reduces the number of ineffective mutations.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/13/2021

Systematic Mutation-based Evaluation of the Soundness of Security-focused Android Static Analysis Techniques

Mobile application security has been a major area of focus for security ...
research
06/26/2018

Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation

Mobile application security has been one of the major areas of security ...
research
08/04/2023

MASC: A Tool for Mutation-Based Evaluation of Static Crypto-API Misuse Detectors

While software engineers are optimistically adopting crypto-API misuse d...
research
07/27/2017

Enabling Mutation Testing for Android Apps

Mutation testing has been widely used to assess the fault-detection effe...
research
07/15/2021

Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques

The correct use of cryptography is central to ensuring data security in ...
research
01/27/2022

Mutation Analysis: Answering the Fuzzing Challenge

Fuzzing is one of the fastest growing fields in software testing. The id...
research
09/07/2018

Dynamic Mutant Subsumption Analysis using LittleDarwin

Many academic studies in the field of software testing rely on mutation ...

Please sign up or login with your details

Forgot password? Click here to reset