SecLan Security DSL and Check Repository

Developing secure software systems is challenging. Considering security not only at the end, but already early on in the development process has become a widely accepted best practice. Still, vulnerabilities are commonly introduced by developers in code and need to be discovered by manual code reviews or automated static code analyzers. In fact, the automated detection of vulnerabilities is a major area of research. However, estimating the impact of a detected vulnerability requires reasoning about the design of the system. Specifically, due to the gap in abstraction, tracing the results of a static analyzer to the design is a challenging and error-prone task that relies mostly on the developer. We present the SecLan to address this challange by relating security DSLs to static code analyzers that perform security checks by mapping each others' concepts. SecLan uses several conceptual models for this endeavor.

Below is an overview of the Security DSLs and Checks currently described according to the SecLan conceptual models. By clicking on the 'Security DSLs' or 'Security Checks' tabs, you can switch between security DSLs and security checks provided by security analyzers.

Security DSLsSecurity Checks

No.Reviewed

Name

Authors

External References

1

Abramov et al. - PbSD

Jenny Abramov, Arnon Sturm, Peretz Shoval

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment, Information and Software Technology, 2012

2

Ahn et al. - RBAC

Gail-Joon Ahn, Seung-Phil Hong, Michael E Shin

Reconstructing a formal security model, Information and Software Technology, 2002

3

Ahn et al. - Assurance Management Framework (AMF)

Gail-Joon Ahn, Hongxin Hu

Towards realizing a formal RBAC model in real systems, Symposium on Access Control Models and Technologies, 2007

4

Alam et al. - SECTET

Masoom Alam, Ruth Breu, Michael Hafner

Model-Driven Security Engineering for Trust Management in SECTET, Journal of Software, 2007

5

Almorsy et al. - SecDSVL

Mohamed Almorsy, John Grundy

SecDSVL: A Domain-Specific Visual Language to Support Enterprise Security Modelling, Australian Software Engineering Conference, 2014

6

Apvrille et al. - SysML-Sec

Ludovic Apvrille, Yves Roudier

SysML-Sec: A SysML Environment for the Design and Development of Secure Embedded Systems, Asia-Pacific Council on Systems Engineering, 2013

7

Baudry et al. - Mouelhi et al.

Benoit Baudry, Franck Fleurey, Tejeddine Mouelhi, Yves Le Traon

A Model-Based Framework for Security Policy Specification, Deployment and Testing, Springer, Berlin, Heidelberg, 2008

8

Brunel et al.

Julien Brunel, Laurent Rioux, Stephane Paul, Anthony Faucogney, Frederique Vallee, David Chemouil, Mohamed Bakkali

Formal Safety and Security Assessment of an Avionic Architecture with Alloy, Workshop on Engineering Safety and Security Systems (ESSS), 2014, A Viewpoint-Based Approach for Formal Safety & Security Assessment of System Architectures, Workshop on Model-Driven Engineering, Verification and Validation, 2014

9

Burt et al. - UniFrame

Carol C. Burt, Barrett R. Bryant, Rajeev R. Raje, Andrew Olson, Mikhail Auguston

Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control, International Enterprise Distributed Object Computing, 2003

10

Busch et al. - UML-based Web Engineering (UWE)

Marianne Busch, Nora Koch, Santiago Suppan

Modeling Security Features of Web Applications, Engineering Secure Future Internet Services and Systems, 2014

11

Dai et al. - Formal Design Analysis Framework FDAF

Lirong Dai, Kendra Cooper

Modeling and performance analysis for security aspects, Science of Computer Programming, 2006

12

Diaz et al. - ADM-RBAC

Paloma Diaz, Ignacio Aedo, Daniel Sanz, Alessio Malizia

A model-driven approach for the visual specification of Role-Based Access Control policies in web systems, Symposium on Visual Languages and Human-Centric Computing, 2008

13

Eby et al. - SAL for SMOLES

Matthew Eby, Jan Werner, Gabor Karsai, Akos Ledeczi

Integrating Security Modeling into Embedded System Design, International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS), 2007

14

Elrakaiby et al. - Security@Runtime

Yehia Elrakaiby, Moussa Amrani, Yves Le Traon

Security@Runtime: A Flexible MDE Approach to Enforce Fine-grained Security Policies, International Symposium on Engineering Secure Software and Systems (ESSoS), 2014

15

Fernandez-Medina et al. - Secure Data Warehouses

Eduardo Fernandez-Medina, Juan Trujillo, Rodolfo Villarroel, Mario Piattini

Developing secure data warehouses with a UML extension, Information Systems, 2007

16

Fink et al. - VBAC-MDA

Torsten Fink, Manuel Koch, Karl Pauls

An MDA approach to Access Control Specifications Using MOF and UML Profiles, Electronic Notes in Theoretical Computer Science, 2006

17

Geismann et al. - CARDS

Johannes Geismann, Bastian Haverkamp, Eric Bodden

Ensuring threat-model assumptions by using static code analyses, International Workshop on Model-Driven Engineering for Software Architecture, 2021

18

Georg et al. - AORDD framework

Geri Georg, Kyriakos Anastasakis, Behzad Bordbar, Siv Hilde Houmb, Indrakshi Ray, Manachai Toahchoodee

Verification and Trade-Off Analysis of Security Properties in UML System Models, Transactions on Software Engineering (TSE), 2010

19

Gerking et al.

Christopher Gerking, David Schubert, Eric Bodden

Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures, International Conference on Software Architecture (ICSA), 2019, Model Checking the Information Flow Security of Real-Time Systems, Engineering Secure Software and Systems (ESSoS), 2018

20

Giordano et al. - VisualRABAC

Massimiliano Giordano, Giuseppe Polese, Giuseppe Scanniello, Genoveffa Tortora

A system for visual role-based policy modelling, Journal of Visual Languages & Computing, 2010

21

Gomaa et al.

Hassan Gomaa, Michael Eonsuk Shin

Modelling Complex Systems by Separating Application and Security Concerns, International Conference on Engineering of Complex Computer Systems, 2004

22

Gomaa et al. - Shin et al.

Hassan Gomaa, Michael Eonsuk Shin

Software Requirements and Architecture Modeling for Evolving Non-secure Applications into Secure Applications, Science of Computer Programming, 2006

23

Gunawan et al. - Security-enhanced SPACE

Linda Ariani Gunawan, Peter Herrmann, Frank Alexander Kraemer

Towards the Integration of Security Aspects into System Development Using Collaboration-Oriented Models, International Conference on Security Technology, 2009, A Tool-Supported Method for the Design and Implementation of Secure Distributed Applications, International Symposium on Engineering Secure Software and Systems (ESSoS), 2011

24

H.Nguyen et al. - Nguyen et al.

Phu H.Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi, Yves Le Traon

Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management, Springer, Berlin, Heidelberg, 2014

25

Heldal et al. - UMLS

Rogardt Heldal, Fredrik Hultin

Bridging Model-Based and Language-Based Security, Chalmers University of Technology, 2003

26

Hoisl et al.

Bernhard Hoisl, Stefan Sobernig, Mark Strembeck

Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach, Software & Systems Modeling, 2012

27

Horcas et al.

Jose-Miguel Horcas, Mónica Pinto, Lidia Fuentes, Nadia Gámez, Mercedes Amor, Inmaculada Ayala

An Automatic Process for Weaving Functional Quality Attributes Using a Software Product Line Approach, Journal of Systems and Software 112, 2015, Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks, Sensors, 15, 2015

28

Horcas et al. - INTER-TRUST

Jose-Miguel Horcas, Mónica Pinto, Lidia Fuentes, Wissam Mallouli, Lidia Fuentes

An approach for deploying and monitoring dynamic security policies, Computers & Security, Volume 58, 2016

29

Jakob et al. - DiaAspect

Henner Jakob, Nicolas Loriant, Charles Consel

An aspect-oriented approach to securing distributed systems, International conference on Pervasive services (ICPS), 2009

30

Jürjens et al. - UMLsec

Jan Jürjens

Secure Systems Development with UML, Springer-Verlag Berlin Heidelberg 2005, 2005

31

Kaddani et al. - OrBAC EMF

Aziz Kaddani, Amine Baina, Loubna Echabbi

Towards a Model Driven Security for critical infrastructures using OrBAC, International Conference on Multimedia Computing and Systems (ICMCS), 2014

32

Kim et al.

Sangsig Kim, Dae-Kyoo Kim, Lunjin Lu, Suntae Kim, Sooyong Park

A feature-based approach for modeling role-based access control systems, Journal of Systems and Software, Volume 84, Issue 12, 2011

33

Kim et al. - Role-Based Metamodeling Language

Dae-Kyoo Kim, Priya Gokhale

A Pattern-Based Technique for Developing UML Models of Access Control Systems, Computer Software and Applications Conference (COMPSAC), 2006

34

Koch et al.

Manuel Koch, Luigi V. Mancini, Francesco Parisi-Presicce

A graph-based formalism for RBAC, Transactions on Information and System Security, Volume 5, Issue 3, 2002

35

Kramer et al. - Access Analysis

Max E. Kramer, Martin Hecker, Simon Greiner, Kaibin Bao, Kateryna Yurchenko

Model-Driven Specification and Analysis of Confidentiality in Component-Based Systems, , 2017

36

Kumar et al. - Attack-Fault Trees

Rajesh Kumar, Marielle Stoelinga

Quantitative Security and Safety Analysis with Attack-Fault Trees, International Symposium on High Assurance Systems Engineering (HASE), 2017, A Model-Based Safety-Security Risk Analysis Framework for Interconnected Critical Infrastructures, International Conference on Critical Infrastructure Protection, 2020

37

Lodderstedt et al. - SecureUML

Torsten Lodderstedt, David Basin, Jürgen Doser

SecureUML: A UML-Based Modeling Language for Model-Driven Security, ≪UML≫ 2002 — The Unified Modeling Language, 2002

38

Menzel et al. - SecureSOA

Michael Menzel, Robert Warschofsky, Christoph Meinel

A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures, International Conference on Web Services, 2010

39

Menzel et al.

Michael Menzel, Christoph Meinel

A Security Meta-model for Service-Oriented Architectures, International Conference on Services Computing, 2009

40

Moebius et al. - SecureMDD

Nina Moebius, Kurt Stenzel, Holger Grandy, Wolfgang Reif

SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications, International Conference on Availability, Reliability and Security, 2009

41

Moral-García et al.

Santiago Moral-García, Santiago Moral-Rubio, Eduardo B. Fernández, Eduardo Fernández-Medina

Enterprise security pattern: A model-driven architecture instance, Computer Standards & Interfaces, Volume 36, Issue 4, 2014

42

Morin et al.

Brice Morin, Tejeddine Mouelhi, Franck Fleurey, Yves Le Traon, Olivier Barais, Jean-Marc Jézéquel

Security-driven model-based dynamic adaptation, International Conference on Automated Software Engineering (ASE), 2010

43

Mouheb et al.

Djedjiga Mouheb, Chamseddine Talhi, Azzam Mourad, Vitor Lima, Mourad Debbabi, Lingyu Wang, Makan Pourzandi

An Aspect-Oriented Approach for Software Security Hardening: from Design to Implementation, Frontiers in Artificial Intelligence and Applications, Volume 199, 2009

44

Mouratidis et al. - Secure Tropos

Haralambos Mouratidis, Paolo Giorgini

Secure Tropos: A Security-Oriented Extension of the Tropos Methodology, Software Engineering and Knowledge Engineering, 2007

45

Nakamura et al.

Yuichi Nakamura, Michiaki Tatsubori, T. Imamura, Kohichi Ono

Model-driven security based on a Web services security architecture, International Conference on Services Computing (SCC), 2005

46

Neisse et al. - OSL-ISDL

Ricardo Neisse, Joerg Doer

Model-based specification and refinement of usage control policies, Eleventh Annual Conference on Privacy, Security and Trust, 2013

47

Oladimeji et al.

Ebenezer Oladimeji, Lawrence Chung, Sam Supakkul

A Model-driven Approach to Architecting Secure Software, 19th International Conference on Software Engineering & Knowledge Engineering, 2007

48

Pavlich-Mariscal et al.

Jaime A. Pavlich-Mariscal, Steven A. Demurjian, Laurent D. Michel

A framework of Composable Access Control Features: Preserving Separation of Access Control Concerns from Models to Code, Computers & Security, 2009

49

Ray et al. - SSD RBAC

Idrakshi Ray, Robert France, Na Li, Geri Georg

An aspect-based approach to modeling access control concerns, Information and Software Technology, Volume 46, Issue 9, 2003

50

Ren et al. - Secure xADL

Jie Ren, Richard N. Taylor

A Secure Software Architecture Description Language, Software Security Assurance Tools, Techniques, and Metrics, Co-located with the 20th IEEE/ACM International Conference on Automated Software Engineering (ASE 2005), 2005

51

Reznik et al. - CCMSec

Julia Reznik, Tom Ritter, Rudolf Schreiner, Ulrich Lang

Model Driven Development of Security Aspects, Electronic Notes in Theoretical Computer Science, 2007

52

Salnitri et al. - SecBPMN2

Mattia Salnitri, Fabiano Dalpiaz, Paolo Giorgini

Designing secure business processes with SecBPMN, Designing secure business processes with SecBPMN, 2015

53

Sanchez et al.

Pablo Sanchez, Ana Moreira, Lidia Fuentes, Joao Araujo, Jose Magno

Model-driven development for early aspects, Information and Software Technology, 2009

54

Satoh et al.

Fumiko Satoh, Yuichi Nakamura, Koichi Ono

Adding Authentication to Model Driven Security, International Conference on Web Services (ICWS), 2006

55

Schefer-Wenzel et al.

Sigrid Schefer-Wenzel, Mark Strembeck

Model-driven specification and enforcement of RBAC break-glass policies for process-aware information systems, Information and Software Technology, 2014

56

Seifermann et al. - InformationFlow Analysis

Stephan Seifermann, Robert Heinrich, Dominik Werle, Ralf Reussner

A Unified Model to Detect Information Flow and Access Control Violations in Software Architectures, International Conference on Security and Cryptography (SECRYPT), 2021

57

Sánchez et al. - ModelSec

Óscar Sánchez, Fernando Molina, Jesús García-Molina, Ambrosio Toval

ModelSec: A Generative Architecture for Model-Driven Security, Journal of Universal Computer Science (JUCS) 15(15): 2957-2980, 2009

58

Tuma et al. - SecDFD

Katja Tuma, Musard Balliu, Riccardo Scandariato

Flaws in Flows: Unveiling Design Flaws via Information Flow Analysis, International Conference on Software Architecture (ICSA), 2019

59

Wada et al.

Hiroshi Wada, Junichi Suzuki, Katsuya Oba

A Model-Driven Development Framework for Non-Functional Aspects in Service Oriented Grids, International Conference on Autonomic and Autonomous Systems (ICAS'06), 2006

60

Walter et al. - Attack Propagation

Maximilian Walter, Robert Heinrich, Ralf Reussner

Architectural Attack Propagation Analysis for Identifying Confidentiality Issues, International Conference on Software Architecture (ICSA), 2022

61

Wolter et al.

Christian Wolter, Michael Menzel, Andreas Schaad, Philip Miseldine, Christoph Meinel

Model-driven business process security requirement specification, Journal of Systems Architecture, 2008

62

Xiao-et-al

Liang Xiao

An adaptive security model using agent-oriented MDA, Information and Software Technology, 2008

63

Xu-et-al

Diangxiang Xu, Kendall Nygard

Threat-driven modeling and verification of secure software using aspect-oriented Petri nets, IEEE Transactions on Software Engineering ( Volume: 32, Issue: 4, April 2006), 2006

64

Yu et al. - AOD Framework

Huiqun Yu, Dongmei Liu, Xudong He, Li Yang, Shu Gao

Secure Software Architectures Design by Aspect Orientation, International Conference on Engineering of Complex Computer Systems (ICECCS), 2005

65

Yu et al. - RBAC

Lijun Yu, Robert B. France, Indrakshi Ray, Wuliang Sun

Systematic Scenario-Based Analysis of UML Design Class Models, International Conference on Engineering of Complex Computer Systems (ICECCS), 2012

66

Zhu et al.

Zhi Jian Zhu, Mohammad Zulkernine

A model-based aspect-oriented framework for building intrusion-aware software systems, Information and Software Technology, 2008

1

Alberti et al. - Frama-C

Michele Alberti, Thibaud Antignac, Gergö Barany, Patrick Baudin, Nicolas Bellec, Thibaut Benjamin, Allan Blanchard, Lionel Blatter, François Bobot, Richard Bonichon, Vincent Botbol, Quentin Bouillaguet, David Bühler, Zakaria Chihani, Loïc Correnson, Julien Crétin, Pascal Cuoq, Zaynah Dargaye, Basile Desloges, Jean-Christophe Filliâtre, Philippe Herrmann, Maxime Jacquemin, Florent Kirchner, Alexander Kogtenkov, Remi Lazarini, Tristan Le Gall, Jean-Christophe Léchenet, Matthieu Lemerre, Dara Ly, David Maison, Claude Marché, André Maroneze, Thibault Martin, Fonenantsoa Maurica, Melody Méaulle, Benjamin Monate, Yannick Moy, Pierre Nigron, Anne Pacalet, Valentin Perrelle, Guillaume Petiot, Dario Pinto, Virgile Prevosto, Armand Puccetti, Félix Ridoux, Virgile Robles, Jan Rochel, Muriel Roger, Julien Signoles, Nicolas Stouls, Kostyantyn Vorobyov, Boris Yakobowski

Guide to Software Verification with Frama-C: Core Components, Usages, and Applications, ,

2

Arzt et al. - FlowDroid

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel

FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps, Conference on Programming Language Design and Implementation (PLDI), 2014

3

Brown et al. - Bandit

Eric Brown

Bandit Website, , , Bandit GitHub Repository, ,

4

Clang-Team et al. - Clang Static Analyzer Security Checks

Clang-Team

Clang Static Analyzer Security Checks, ,

5

Cowan et al. - StackGuard

Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, Heather Hinton

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, USENIX Security Symposium, 1998

6

Egele et al. - CryptoLint

Manuel Egele, David Brumley, Yanick Fratantonio, Christopher Kruegel

An empirical study of cryptographic misuse in android applications, Conference on Computer & Communications Security (CCS), 2013

7

Facebook et al. - Infer

Facebook

Infer Website, ,

8

Fahl et al. - MalloDroid

Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, Matthew Smith

Why eve and mallory love android: an analysis of android SSL (in)security, Conference on Computer and Communications Security (CCS), 2012

9

Gajrani et al. - Vulvet

Jyoti Gajrani, Meenakshi Tripathi, Vijay Laxmi, Gaurav Somani, Akka Zemmari, Manoj Singh Gaur

Vulvet: Vetting of Vulnerabilities in Android Apps to Thwart Exploitation, Digital Threats: Research and Practice, Vol. 1, Issue 2, 2020

10

GitHub et al. - CodeQL

GitHub

CodeQL Website, ,

11

Google et al. - ErrorProne

Google

ErrorProne Website, ,

12

Jin et al. - NPDHunter

Wenhui Jin, Sami Ullah, Dongmin Yoo, Heekuck Oh

NPDHunter: Efficient Null Pointer Dereference Vulnerability Detection in Binary, IEEE Access, Vol. 9, 2021

13

Krüger et al. - CogniCrypt

Stefan Krüger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Göpfert, Felix Günther, Christian Weinert, Daniel Demmler, Ram Kamath

CogniCrypt: Supporting Developers in Using Cryptography, International Conference on Automated Software Engineering (ASE), 2017, Eclipse CogniCrypt Website, ,

14

Long et al. - OWASP Dependency Check

Jeremy Long

OWASP Dependency Check Website, ,

15

Ma et al. - CDRep

Siqi Ma, David Lo, Teng Li, Robert H. Deng

CDRep: Automatic Repair of Cryptographic Misuses in Android Applications, Asia Conference on Computer and Communications Security, 2016

16

Machiry et al. - Dr. Checker

Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, Giovanni Vigna

DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers, USENIX Security Symposium, 2017

17

Marjamäki et al. - CppCheck

Daniel Marjamäki

CppCheck Feature Overview, ,

18

Meta-Platforms et al. - Pyre/Pysa

Meta-Platforms

Pyre Checks Website, ,

19

Muslukhov et al. - BinSight

Ildar Muslukhov, Yazan Boshmaf, Konstantin Beznosov

Source Attribution of Cryptographic API Misuse in Android Applications, Asia Conference on Computer and Communications Security, 2018

20

Newbury et al. - Hotfixer

Kristen L Newbury

Automated Hotfixes for Misuses of Crypto APIs, , 2020

21

PMD-Contributors et al. - PMD Security Rules

PMD-Contributors

Security Rules Overview, ,

22

Paletov et al. - CryptoChecker

Rumen Paletov, Petar Tsankov, Veselin Raychev, Martin Vechev

Inferring crypto API rules from code changes, ACM SIGPLAN Notices, Vol. 53, No. 4, 2018

23

Raffnsson et al. - ESLint Plugin Thunderhorse

Willard Raffnsson, Rosario Giustolisi, Mark Kragerup, Mathias Høyrup

Fixing Vulnerabilities Automatically with Linters, Network and System Security, 2020

24

Rahaman et al. - CryptoGuard

Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, Danfeng (Daphne) Yao

CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects, Conference on Computer and Communications Security (CCS), 2019

25

Shuai et al. - Crypto Misuse Analyser (CMA)

Shao Shuai, Dong Guowei, Guo Tao, Yang Tianchang, Shi Chenjie

Modelling Analysis and Auto-detection of Cryptographic Misuse in Android Applications, International Conference on Dependable, Autonomic and Secure Computing, 2014

26

Singleton et al. - CryptoTutor

Larry Singleton, Rui Zhao, Myoungkyu Song, Harvey Siy

CryptoTutor: Teaching Secure Coding Practices through Misuse Pattern Detection, Annual Conference on Information Technology Education, 2020

27

Snelting et al. - Java Object-sensitive ANAlysis (JOANA)

Gregor Snelting, Simon Bischof, Dennis Giffhorn, Jürgen Graf, Christian Hammer, Martin Hecker, Martin Mohr, Daniel Wasserrab

JOANA Project Page, , , Checking Probabilistic Noninterference Using JOANA, nformation Technology, Vol. 56, 2014

28

Snyk Open Source

Snyk

Snyk Website, ,

29

SonarSource et al. - SonarQube

SonarSource

SonarQube Java Vulnerability Rules, ,

30

Tang et al.

Junwei Tang, Ruixuan Li, Hongmu Han, Heng Zhan, Xiwu Gu

Detecting Permission Over-claim of Android Applications with Static and Semantic Analysis Approach, Trustcom/BigDataSE/ICESS, 2017

31

Wang et al.

Haoyu Wang, Yao Guo, Zihao Tang, Guangdong Bai, Xiangqun Chen

Reevaluating Android Permission Gaps with Static and Dynamic Analysis, Global Communications Conference (GLOBECOM), 2015

32

Wei et al. - Amandroid

Fengguo Wei, Sankardas Roy, Xinming Ou, Robby

Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps, Transactions on Privacy and Security, 2018

33

Wheeler et al. - Flawfinder

David A. Wheeler

Flawfinder Website, ,

34

Xu et al.

Zhiwu Xu, Xiongya Hu, Yida Tao, Shengchao Qin

Analyzing Cryptographic API Usages for Android Applications Using HMM and N-Gram, International Symposium on Theoretical Aspects of Software Engineering (TASE), 2020

35

Zhang et al. - PeX

Tong Zhang, Wenbo Shen, Dongyoon Lee, Changhee Jung, Ahmed M. Azab, Ruowen Wang

PeX: A Permission Check Analysis Framework for Linux Kernel, USENIX Security Symposium, 2019

36

Semgrep Security Rules

Unknown Authors