This demo paper presents the technical details and usage scenarios of $\mu$SE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess the robustness of a given test-suite. However, we leverage this technique to systematically evaluate static analysis tools and uncover and document soundness issues. $\mu$SE's analysis has found 25 previously undocumented flaws in static data leak detection tools for Android. $\mu$SE offers four mutation schemes, namely Reachability, Complex-reachability, TaintSink, and ScopeSink, which determine the locations of seeded mutants. Furthermore, the user can extend $\mu$SE by customizing the API calls targeted by the mutation analysis. $\mu$SE is also practical, as it makes use of filtering techniques based on compilation and execution criteria that reduces the number of ineffective mutations.
翻译:本演示文件介绍了美元/毛里求斯元/南非元的技术细节和使用设想:一种以突变为基础的工具,用于评价Android的以安全为重点的静态分析工具。软件从业人员通常使用静态测试来评估特定测试装置的稳健性。然而,我们利用这一技术系统评价静态分析工具并发现和记录稳健性问题。 美元/毛里求斯元/毛里求斯元的分析发现,Android的静态数据漏泄检测工具有25个先前未经证明的缺陷。 美元/毛里求斯元/毛里求斯元提供四种突变方案,即可达性、易达性、TaintSink和ServicSink,用以确定种子变异人的位置。此外,用户可以通过定制突变分析所针对的API电话来扩展美元/毛里求斯元/塞舌尔元。 $/毛里求斯元/毛里求斯元/西班牙元/西班牙元/荷兰元/荷兰元/荷兰元/荷兰元/荷兰元/荷兰元/荷兰元/荷兰元/荷兰元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/瑞士元/荷兰元/荷兰元/荷兰元/荷兰元/荷兰元/荷兰/瑞士/瑞士/瑞士)/瑞士/瑞士/瑞士元/荷兰元/荷兰元/荷兰元/瑞士/荷兰元/荷兰元/荷兰元/荷兰/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士)/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/瑞士/瑞士/瑞士/瑞士/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/瑞士/瑞士/瑞士/瑞士/瑞士/荷兰/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/荷兰/荷兰/瑞士)/荷兰/荷兰/荷兰/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士/瑞士)/瑞士)/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/瑞士/荷兰/荷兰/瑞士/瑞士/瑞士/瑞士/荷兰/荷兰/荷兰/荷兰/荷兰/荷兰/瑞士/瑞士/瑞士/荷兰/荷兰/瑞士
相关内容
微信扫码咨询专知VIP会员