• Publications
  • Influence
WHYPER: Towards Automating Risk Assessment of Mobile Applications
TLDR
We present WHYPER, a framework using Natural Language Processing (NLP) techniques to identify sentences that describe the need for a given permission in an application description. Expand
  • 302
  • 24
  • PDF
AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context
TLDR
We introduce AppContext, an approach of static program analysis that extracts the contexts of security-sensitive behaviors to assist app analysis in differentiating between malicious and benign behaviors. Expand
  • 198
  • 22
  • PDF
SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps
TLDR
We design and implement SUPOR, a novel static analysis tool that automatically examines the UIs to identify sensitive user inputs containing critical user data, such as user credentials, finance, and medical data. Expand
  • 71
  • 8
  • PDF
High Fidelity Data Reduction for Big Data Security Dependency Analyses
TLDR
This paper proposes a new approach that exploits the dependency among system events to reduce the number of log entries while still supporting high-quality forensic analysis. Expand
  • 51
  • 7
  • PDF
Inferring method specifications from natural language API descriptions
TLDR
We propose a novel approach to formalize the description of specifications in the natural language texts of API documents (targeted towards generating code contracts), enabling existing tools to process these specifications. Expand
  • 126
  • 6
  • PDF
Relation extraction for inferring access control rules from natural language artifacts
TLDR
We propose an approach that extracts relations (i.e., the relationship among two or more items) from NL artifacts such as requirements documents to infer access control rules. Expand
  • 24
  • 6
  • PDF
Automated extraction of security policies from natural-language software documents
TLDR
We propose an approach, called Text2Policy, to automatically extract ACPs from NL software documents and resource-access information from NL scenario-based functional requirements. Expand
  • 87
  • 5
  • PDF
Precise identification of problems for structural test generation
TLDR
We propose a novel approach, called Covana, which precisely identifies and reports problems that prevent the tools from achieving high structural coverage primarily by determining whether branch statements containing notcovered branches have data dependencies. Expand
  • 65
  • 5
  • PDF
Characteristic studies of loop problems for structural test generation via symbolic execution
TLDR
Dynamic Symbolic Execution (DSE) is a state-of-the-art test-generation approach that systematically explores program paths to generate high-covering tests. Expand
  • 38
  • 3
  • PDF
SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
TLDR
We propose a novel stream-based query system that takes as input, a real-time event feed aggregated from multiple hosts in an enterprise, and provides an anomaly query engine that queries the event feed to identify anomalies based on the specified anomalies. Expand
  • 35
  • 3
  • PDF