Goran Piskachev
YOU?
Author Swipe
View article: Detecting Security-Relevant Methods using Multi-label Machine Learning
Detecting Security-Relevant Methods using Multi-label Machine Learning Open
To detect security vulnerabilities, static analysis tools need to be\nconfigured with security-relevant methods. Current approaches can automatically\nidentify such methods using binary relevance machine learning approaches.\nHowever, they…
View article: Compositional Taint Analysis for Enforcing Security Policies at Scale
Compositional Taint Analysis for Enforcing Security Policies at Scale Open
Automated static dataflow analysis is an effective technique for detecting security critical issues like sensitive data leak, and vulnerability to injection attacks. Ensuring high precision and recall requires an analysis that is context, …
View article: Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study
Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study Open
The use of static analysis security testing (SAST) tools has been increasing in recent years. However, previous studies have shown that, when shipped to end users such as development or security teams, the findings of these tools are often…
View article: How far are German companies in improving security through static program analysis tools?
How far are German companies in improving security through static program analysis tools? Open
As security becomes more relevant for many companies, the popularity of static program analysis (SPA) tools is increasing. In this paper, we target the use of SPA tools among companies in Germany with a focus on security. We give insights …
View article: To what extent can we analyze Kotlin programs using existing Java taint analysis tools? (Extended Version)
To what extent can we analyze Kotlin programs using existing Java taint analysis tools? (Extended Version) Open
As an alternative to Java, Kotlin has gained rapid popularity since its introduction and has become the default choice for developing Android apps. However, due to its interoperability with Java, Kotlin programs may contain almost the same…
View article: Fluently specifying taint-flow queries with fluentTQL
Fluently specifying taint-flow queries with fluentTQL Open
Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definition of deny-listing data-flow …
View article: Fluently specifying taint-flow queries with fluentTQL
Fluently specifying taint-flow queries with fluentTQL Open
Previous work has shown that taint analyses are only useful if correctly customized to the context in which they are used. Existing domain-specific languages (DSLs) allow such customization through the definition of deny-listing data-flow …
View article: TaintBench: Automatic real-world malware benchmarking of Android taint analyses
TaintBench: Automatic real-world malware benchmarking of Android taint analyses Open
Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details …
View article: SecuCheck-SCAM-21-Artifact
SecuCheck-SCAM-21-Artifact Open
Artifact of the paper "SecuCheck: Engineering configurable taint analysis for software developers" published at SCAM 2021
View article: Language-agnostic Injection Detection
Language-agnostic Injection Detection Open
Formal languages are ubiquitous wherever software systems need to exchange or store data. Unparsing into and parsing from such languages is an error-prone process that has spawned an entire class of security vulnerabilities. There has been…
View article: Integration of the Static Analysis Results Interchange Format in CogniCrypt
Integration of the Static Analysis Results Interchange Format in CogniCrypt Open
Background - Software companies increasingly rely on static analysis tools to detect potential bugs and security vulnerabilities in their software products. In the past decade, more and more commercial and open-source static analysis tools…