Several new papers written by members of the Secure Software Engineering Group have now been accepted at renowned international venues. The papers cover topics such as the reduction of false positives in static data flow analysis, the in-depth analysis of modern, sophisticated malware applications, and the challenges of developing secure software using agile techniques.
The paper “Using Targeted Symbolic Execution for Reducing False-Positives in Dataflow Analysis” describes a technique for pruning false alarms from the result list of static data flow analysis tools such as FlowDroid. It will appear at the 4th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (SOAP 2015), co-located with PLDI 2015 in Portland, Oregon.
The paper “An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack” describes in detail a new and sophisticated malware application for Android. This malware has infected about 20,000 Korean users and stole banking details from their smartphones. The paper has been accepted for publication at The 9th WISTP International Conference on Information Security Theory and Practice (WISTP’2015).
In a paper called “Analysis of the Challenges of Developing Secure Software Using the Agile Approach”, researchers from the Secure Software Engineering Group investigate the key challenges that arise when using modern agile software development processes for security-critical applications. The paper will be presented at The First International Workshop on Agile Secure Software Development (ASSD) at ARES 2015.