Objectives
- Explore the comprehensive taxonomy of existing app vulnerabilities and build an app vulnerability analysis baseline
- Evaluate the capability of different existing techniques towards vulnerability detection in specialized domains
- Develop a domain-aware compositional vulnerability detection framework which is more scalable and more accurate
Existing Solutions and Their Limitations
- Use generic syntax-based scanning and pattern matching
- Output a lot of false positives
- Cannot detect most of the data leakage-related vulnerabilities
Outcomes/Deliverables
- Vulnerability knowledge base construction
- Design knowledge base schema and meta-model
- Large-scale apps collection and labelling (semi-automatic)
- Evaluation of the existing vulnerability detection techniques
- Design knowledge base schema and meta-model
- Compositional vulnerability detection guided by the knowledge base
- Implement domain-specific analysis (source/library/native)
- Aggregation of global analysis results
- Implement domain-specific analysis (source/library/native)
Practical Applications and Impact
- Integrated as a part of an app screening pipeline
- Detecting data leakage vulnerabilities in the real banking apps
SUBSCRIBE TO OUR NEWSLETTER
Keep up to date with what's happening at the Singapore Management University