Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

William Snavely
July 2017 - Technical Report DidFail: Coverage and Precision Enhancement

Topics: Secure Coding

Authors: Karan Dwivedi (No Affiliation), Hongli Yin (No Affiliation), Pranav Bagree (No Affiliation), Xiaoxiao Tang (No Affiliation), Lori Flynn, William Klieber, William Snavely

This report describes recent enhancements to Droid Intent Data Flow Analysis for Information Leakage (DidFail), the CERT static taint analyzer for sets of Android apps.

November 2016 - Conference Paper Automated Code Repair Based on Inferred Specifications

Topics: Secure Coding

Authors: William Klieber, William Snavely

In this paper, the authors describe automated repairs for three types of bugs: integer overflows, missing array bounds checks, and missing authorization checks.

November 2016 - Conference Paper Static Analysis Alert Audits: Lexicon & Rules

Topics: Secure Coding

Authors: David Svoboda, Lori Flynn, William Snavely

In this paper, the authors provide a suggested set of auditing rules and a lexicon for auditing static analysis alerts.

March 2015 - Technical Report Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets

Topics: Secure Coding

Authors: Jonathan Burket, Lori Flynn, Will Klieber, Jonathan Lim, Wei Shen, William Snavely

In this report, the authors describe how the DidFail tool was enhanced to improve its effectiveness.