An analysis on secure coding using symbolic execution engine

Kim, Joon-Ho; Ma, Myung-Chul; Park, Jae-Pyo

doi:10.1007/s11416-016-0263-5

Cited by 3 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Semi-automic diagnosis [14,54,148,149,189,193] Feedback-based [114,153] Checklists [8,140] UI & navigation tools [5,21,33,70,79,138] Alarm-relevant queries [42,80,127,190] Automated repair [12,15,115,116,179] Others [6,112,119,121,133,136,144] Fig. 1.…”

Section: Overview Of the Extracted Datamentioning

confidence: 99%

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

View full text Add to dashboard Cite

Static analysis tools have showcased their importance and usefulness in automated detection of defects. However, the tools are known to generate a large number of alarms which are warning messages to the user. The large number of alarms and cost incurred by their manual inspection have been identified as two major reasons for underuse of the tools in practice. To address these concerns plentitude of studies propose postprocessing of alarms: processing the alarms after they are generated. These studies differ greatly in their approaches to postprocess alarms. A comprehensive overview of the postprocessing approaches is, however, missing. In this article, we review 130 primary studies that propose postprocessing of alarms. The studies are collected by combining keywords-based database search and snowballing. We categorize approaches proposed by the collected studies into six main categories: clustering, ranking, pruning, automated elimination of false positives, combination of static and dynamic analyses, and simplification of manual inspection. We provide overview of the categories and sub-categories identified for them, their merits and shortcomings, and different techniques used to implement the approaches. Furthermore, we provide (1) guidelines for selection of the postprocessing techniques by the users/designers of static analysis tools; and (2) directions that can be explored by the researchers.

show abstract

Section: Overview Of the Extracted Datamentioning

confidence: 99%

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

View full text Add to dashboard Cite

show abstract

“…Additional studies to control the OTT with voice and motion are also demanded. The paper by Kim et al [8] introduces an analysis of secure coding using a symbolic execution engine. They present security vulnerabilities through white-box/black-box analyses and enhanced security vulnerability inspection.…”

mentioning

confidence: 99%

Knowledge-based System and Security

Jeong¹,

Park

2016

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Welcome to this special issue of the Journal of Computer Virology and Hacking Techniques on Knowledge-based System and Security. The main goal for this special issue is to be a timely vehicle for publishing selected research papers from academia and practitioners in different industries on this emerging topic. Knowledge-based security systems are developed to ensure computer virology-making by effectively using timely and appropriate knowledge base, security management, hacking techniques for convergence [11][12][13][14]. This special issue covers some of the hottest topics in knowledge-based system and security, including: Privacy and authentication for wireless network; Convergence security in ubiquitous computing; Algorithmic and computer virology; Innovative applications of ubiquitous computing; Intelligent applications for security processing; Hacking, Knowledge processing algorithms; User experience in knowledge security systems, embedded systems security; Personalization, privacy, computer virology, Information indexing; computer virology; Cryptology and embedded systems; Security applications in computer virology.The paper by Lee [1] presents a secure game development method for the Internet of Things (IoT). The proposed method for developing a game in the IoT service environment looks at the length-related password vulnerability and introduces a method with which a hacker lures Internet users and seizes the users' IDs and passwords, as well as their password generation patterns. An additional improved process is

show abstract

Fuzz Testing in Stack-Based Buffer Overflow

Bhardwaj

Bawa

2018

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

An analysis on secure coding using symbolic execution engine

Cited by 3 publications

References 2 publications

Survey of Approaches for Postprocessing of Static Analysis Alarms

Survey of Approaches for Postprocessing of Static Analysis Alarms

Knowledge-based System and Security

Fuzz Testing in Stack-Based Buffer Overflow

Contact Info

Product

Resources

About