| Title | µSE: Mutation-Based Evaluation of Security-Focused Static Analysis Tools for Android |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Ami, Amit Seal, Kafle, Kaushal, Nadkarni, Adwait, Poshyvanyk, Denys, Moran, Kevin |
| Conference Name | 2021 IEEE/ACM 43rd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion) |
| Keywords | composability, Human Behavior, Java, Open Source Software, privacy, pubcrawl, resilience, Resiliency, Robustness, security, Security and Privacy, Software, software engineering, static analysis, Testing, Testing strategies, Tools |
| Abstract | This demo paper presents the technical details and usage scenarios of mSE: a mutation-based tool for evaluating security-focused static analysis tools for Android. Mutation testing is generally used by software practitioners to assess the robustness of a given test-suite. However, we leverage this technique to systematically evaluate static analysis tools and uncover and document soundness issues.mSE's analysis has found 25 previously undocumented flaws in static data leak detection tools for Android.mSE offers four mutation schemes, namely Reachability, Complex-reachability, TaintSink, and ScopeSink, which determine the locations of seeded mutants. Furthermore, the user can extend mSE by customizing the API calls targeted by the mutation analysis.mSE is also practical, as it makes use of filtering techniques based on compilation and execution criteria that reduces the number of ineffective mutations. |
| DOI | 10.1109/ICSE-Companion52605.2021.00034 |
| Citation Key | ami_se_2021 |
µSE: Mutation-Based Evaluation of Security-Focused Static Analysis Tools for Android