PPGI
PROGRAMA DE PÓS-GRADUAÇÃO EM INFORMÁTICA
DEPTO CIÊNCIAS DA COMPUTAÇÃO
Phone: Not available
E-mail: Not available
https://www.unb.br/pos-graduacao
Banca de QUALIFICAÇÃO: José Vicente Clavo Tafur
Uma banca de QUALIFICAÇÃO de MESTRADO foi cadastrada pelo programa.STUDENT : José Vicente Clavo Tafur
DATE: 09/08/2024
TIME: 09:00
LOCAL: Remota
TITLE:
Sparse Value Flow Analysis for Java Byte Code An Empirical Assessment
KEY WORDS:
- Static Analysis,
- Sparse Value Flow Analysis,
- Data Leakage,
- Taint Analysis,
- Java Byte Code
PAGES: 57
BIG AREA: Ciências Exatas e da Terra
AREA: Ciência da Computação
SUBÁREA: Metodologia e Técnicas da Computação
SPECIALTY: Engenharia de Software
SUMMARY:
Sensitive data leakage has become a major security concern, particularly in today’s world, where mobile applications (apps for short) are indispensable daily. Development teams can benefit from using static and dynamic analysis techniques to identify potential leaks of sensitive data. One such technique is the Sparse Value Flow (SVFA) static analysis algorithm, which has proven effective in detecting data leaks in C and C++ programs. However, the potential benefits of using SVFA to analyze Java byte code programs remain unexplored. A collaborative effort between the University of Brasilia and the University of Paderborn resulted in the initial implementation of an SVFA framework for Java bytecode. This implementation has been adapted to identify semantic merge conflicts and integrated into other research projects. Despite its utility, it is noted for its relatively low accuracy (61.53%) when evaluated against a suite of tests from the DroidBench benchmark, one of the benchmarks available in the FlowDroid taint analysis tool. The goal of this thesis is to enhance the current SVFA implementation using the
Design Science Research (DSR) approach, taking the failing tests in the DroidBench benchmark as input to problem characterization. To validate the enhancements, we will compare the accuracy of our final implementation against two established benchmarks (DroidBench and TaintBench). We have completed five DSR cycles and achieved an accuracy of 70.19% (tested using the DroidBench benchmark). We still have additional DSR cycles to enhance the SVFA implementation further and integrate it with our second benchmark (TaintBench). These remaining tasks will be completed and documented in the final version of this document.
Design Science Research (DSR) approach, taking the failing tests in the DroidBench benchmark as input to problem characterization. To validate the enhancements, we will compare the accuracy of our final implementation against two established benchmarks (DroidBench and TaintBench). We have completed five DSR cycles and achieved an accuracy of 70.19% (tested using the DroidBench benchmark). We still have additional DSR cycles to enhance the SVFA implementation further and integrate it with our second benchmark (TaintBench). These remaining tasks will be completed and documented in the final version of this document.
COMMITTEE MEMBERS:
Externo à Instituição - RODRIGO CARDOSO AMARAL DE ANDRADE
Presidente - 1848788 - RODRIGO BONIFACIO DE ALMEIDA
Interno - 1702036 - VANDER RAMOS ALVES
Notícia cadastrada em: 24/07/2024 21:18
SIGAA | Secretaria de Tecnologia da Informação - STI - (61) 3107-0102 | Copyright © 2006-2025 - UFRN - app29.sigaa29