Evaluation of Static Vulnerability Detection Tools With Java Cryptographic API Benchmarks

Detecting Java Theft Based on Static API Trace Birthmark

Software birthmark is the inherent program characteristics that can identify a program. In this paper, we propose a static API trace birthmark to detect Java theft. Because the API traces can reflect the behavior of a program, our birthmark is more resilient than the existing static birthmarks. Because the API traces are extracted by static analysis, they can be applied to library programs whic...

Static Techniques for Vulnerability Detection

Software vulnerabilities provide a way to an attacker as vulnerabilities are the well-known and well understood flaws by the carelessness of developer of the software. For example buffer overflow and format string vulnerabilities are most common and well known class of vulnerabilities. In order to identify these vulnerabilities a comprehensive analysis is required to develop some standard solut...

Notio - A Java API for Developing CG Tools

Notio [1] is a Java API for constructing conceptual graph tools and systems. Rather than attempting to provide a comprehensive toolset, Notio attempts to address the widely varying needs of the CG community by providing a platform for the development of tools and applications. It is, first and foremost, an API specification for which different underlying implementations may be constructed. A pu...

BugBench: Benchmarks for Evaluating Bug Detection Tools

Benchmarking provides an effective way to evaluate different tools. Unfortunately, so far there is no good benchmark suite to systematically evaluate software bug detection tools. As a result, it is difficult to quantitatively compare the strengths and limitations of existing or newly proposed bug detection tools. In this paper, we share our experience of building a bug benchmark suite called B...

Performance Evaluation : Techniques , Tools and Benchmarks