Visible to the public SWAN\_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods

Submitted by aekwall on Mon, 09/28/2020 - 11:33am
TitleSWAN\_ASSIST: Semi-Automated Detection of Code-Specific, Security-Relevant Methods
Publication TypeConference Paper
Year of Publication2019
AuthorsPiskachev, Goran, Nguyen Quang Do, Lisa, Johnson, Oshando, Bodden, Eric
Conference Name2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)
Keywordsactive machine learning, authentication, authentication methods, Automated Secure Software Engineering, bug detection, code-specific methods, composability, graphical user interfaces, IntelliJ plugin, Java, learning (artificial intelligence), Libraries, machine learning, machine-learning, novel automated machine-learning approach SWAN, pattern classification, program analysis, program debugging, program diagnostics, pubcrawl, public domain software, Resiliency, security, security-relevant methods, semiautomated detection, software maintenance, software metrics, software quality, SRM, static analysis tools, SWAN\_ASSIST aids developers, SWAN\_ASSIST tool, time exactly those methods whose classification best impact, Training, vulnerability detection
AbstractTo detect specific types of bugs and vulnerabilities, static analysis tools must be correctly configured with security-relevant methods (SRM), e.g., sources, sinks, sanitizers and authentication methods-usually a very labour-intensive and error-prone process. This work presents the semi-automated tool SWAN\_ASSIST, which aids the configuration with an IntelliJ plugin based on active machine learning. It integrates our novel automated machine-learning approach SWAN, which identifies and classifies Java SRM. SWAN\_ASSIST further integrates user feedback through iterative learning. SWAN\_ASSIST aids developers by asking them to classify at each point in time exactly those methods whose classification best impact the classification result. Our experiments show that SWAN\_ASSIST classifies SRM with a high precision, and requires a relatively low effort from the user. A video demo of SWAN\_ASSIST can be found at https://youtu.be/fSyD3V6EQOY. The source code is available at https://github.com/secure-software-engineering/swan.
DOI10.1109/ASE.2019.00110
Citation Keypiskachev_swan_assist_2019
Groups: