Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Wed 29 May 2019 17:00 - 17:20 at Laurier - Analysis and Verification Chair(s): Domenico Bianculli

The paper presents the Mockingbird framework that combines static and dynamic analyses to yield an efficient and scalable approach to analyze large Java software. The framework is an innovative integration of existing static and dynamic analysis tools and a newly developed component called the Object Mocker that enables the integration. The static analyzers are used to extract potentially vulnerable parts from large software. Targeted dynamic analysis is used to analyze just the potentially vulnerable parts to check whether the vulnerability can actually be exploited.

We present a case study to illustrate the use of the framework to analyze complex software vulnerabilities. The case study is based on a challenge application from the DARPA Space/Time Analysis for Cybersecurity (STAC) program. Interestingly, the challenge program had been hardened and was thought not to be vulnerable. Yet, using the framework we could discover an unintentional vulnerability that can be exploited for a denial of service attack. The accompanying demo video depicts the case study.

Video: https://youtu.be/m9OUWtocWPE

Wed 29 May

Displayed time zone: Eastern Time (US & Canada) change

16:00 - 18:00
Analysis and VerificationDemonstrations / Technical Track / Journal-First Papers / Papers at Laurier
Chair(s): Domenico Bianculli University of Luxembourg
16:00
20m
Talk
Easy Modelling and Verification of Unpredictable and Preemptive Interrupt-driven SystemsArtifacts Evaluated ReusableTechnical Track
Technical Track
Minxue Pan Nanjing University, Shouyu Chen Nanjing University, Yu Pei The Hong Kong Polytechnic University, Tian Zhang Nanjing University, Xuandong Li Nanjing University
16:20
20m
Talk
Towards Understanding and Reasoning about Android InteroperationsTechnical Track
Technical Track
Sora Bae Oracle Labs, Australia, Sungho Lee KAIST, South Korea, Sukyoung Ryu KAIST, South Korea
16:40
20m
Talk
ALPACA: A Large Portfolio-based Alternating Conditional AnalysisDemos
Demonstrations
Mitchell Gerrard University of Virginia, Matthew B Dwyer University of Virginia
17:00
20m
Talk
Mockingbird: A Framework for Enabling Targeted Dynamic Analysis of Java ProgramsDemos
Demonstrations
Derrick Lockwood Iowa State University, Benjamin Holland , Suresh Kothari Iowa State University, USA
17:20
20m
Talk
Zero-Overhead Path Prediction with Progressive Symbolic ExecutionArtifacts AvailableTechnical Track
Technical Track
Richard Rutledge Georgia Institute of Technology, Sunjae Park Georgia Institute of Technology, Haider Khan Georgia Institute of Technology, Alessandro Orso Georgia Tech, Milos Prvulovic Georgia Institute of Technology, Alenka Zajic Georgia Institute of Technology
17:40
10m
Talk
Platform-Independent Dynamic Taint Analysis for JavaScriptJournal-First
Journal-First Papers
Rezwana Karim Samsung Research America, Frank Tip Northeastern University, Alena Sochurkova Avast, Koushik Sen University of California, Berkeley
17:50
10m
Talk
Discussion Period
Papers