Harzevili et al., 2023 - Google Patents
Automatic Static Vulnerability Detection for Machine Learning Libraries: Are We There Yet?Harzevili et al., 2023
- Document ID
- 3105880569503993499
- Author
- Harzevili N
- Shin J
- Wang J
- Wang S
- Nagappan N
- Publication year
- Publication venue
- 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)
External Links
Snippet
Automatic detection of software security vulnerabilities is critical in software quality assurance. Many static analysis tools that can help detect security vulnerabilities have been proposed. While these static analysis tools are mainly evaluated on general software …
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3636—Software debugging by tracing the execution of the program
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0793—Remedial or corrective actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
- G06F11/0775—Content or structure details of the error report, e.g. specific table structure, specific error fields
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/75—Structural analysis for program understanding
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
- G06F8/41—Compilation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Cao et al. | MVD: memory-related vulnerability detection based on flow-sensitive graph neural networks | |
| Muske et al. | Survey of approaches for handling static analysis alarms | |
| US20210149788A1 (en) | Software diagnosis using transparent decompilation | |
| US10664601B2 (en) | Method and system automatic buffer overflow warning inspection and bug repair | |
| Ding et al. | Towards the use of the readily available tests from the release pipeline as performance tests: Are we there yet? | |
| US11983094B2 (en) | Software diagnostic context selection and use | |
| Lenarduzzi et al. | A critical comparison on six static analysis tools: Detection, agreement, and precision | |
| Le Goues et al. | Specification mining with few false positives | |
| Harzevili et al. | Characterizing and understanding software security vulnerabilities in machine learning libraries | |
| Tomassi et al. | On the real-world effectiveness of static bug detectors at finding null pointer exceptions | |
| Anu et al. | An approach to recommendation of verbosity log levels based on logging intention | |
| Mallissery et al. | Demystify the fuzzing methods: A comprehensive survey | |
| Nguyen et al. | Code-centric learning-based just-in-time vulnerability detection | |
| Zhai et al. | Progressive scrutiny: Incremental detection of ubi bugs in the linux kernel | |
| Suneja et al. | Towards reliable AI for source code understanding | |
| Mohajer et al. | Skipanalyzer: An embodied agent for code analysis with large language models | |
| Nourry et al. | The human side of fuzzing: Challenges faced by developers during fuzzing activities | |
| Harzevili et al. | Automatic Static Vulnerability Detection for Machine Learning Libraries: Are We There Yet? | |
| Tan et al. | SyzDirect: Directed Greybox Fuzzing for Linux Kernel | |
| Chu et al. | Graph Neural Networks for Vulnerability Detection: A Counterfactual Explanation | |
| Shin et al. | Automatic static bug detection for machine learning libraries: Are we there yet? | |
| Yadavally et al. | A Learning-Based Approach to Static Program Slicing | |
| Tahir et al. | Test flakiness’ causes, detection, impact and responses: A multivocal review | |
| CN114297664A (en) | Open source component vulnerability detection method based on Gradle | |
| Xiao et al. | Performing high efficiency source code static analysis with intelligent extensions |