Auflistung nach Autor:in "Glanz, Leonid"
1 - 2 von 2
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragCodeMatch(Software Engineering und Software Management 2018, 2018) Glanz, Leonid; Amann, Sven; Eichberg, Michael; Reif, Michael; Mezini, MiraESEC/FSE 2017 Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. Popular mobile apps are regularly installed by millions of users. This fact attracts malicious actors to create altered, repackaged versions of those apps to steal the original owner’s revenue or to trick users to infect their devices with malware. Detecting such repackaged apps is, therefore, necessary for a secure and viable app market but is challenging due to the use of code obfuscation and the widespread usage of libraries. Due to the recent fact, non-repackaged, legitimate apps often share a majority of their code base and are classified as repackaged by state-of-the-art detectors. We, therefore, propose a new library filtering approach that relies on code representations at five different abstraction levels to achieve resilience against code obfuscation. Additionally, we propose to use the most abstract representation in combination with fuzzy-hashing to detect repackaged apps. Our evaluation shows that the overall approach leads to a better detection rate up to 50%.
- KonferenzbeitragHidden Truths in Dead Software Paths(Software Engineering 2016, 2016) Eichberg, Michael; Hermann, Ben; Mezini, Mira; Glanz, LeonidApproaches and techniques for statically finding a multitude of issues in source code have been developed in the past. A core property of these approaches is that they are usually targeted towards finding only a very specific kind of issue and that the effort to develop such an analysis is significant. This strictly limits the number of kinds of issues that can be detected. In this paper, we discuss a generic approach - based on the detection of infeasible paths in code - that can discover a wide range of code smells ranging from useless code that hinders comprehension to real bugs. The issues are identified by computing the difference between the control-flow graph that contains all technically possible edges and the corresponding graph recorded while performing a more precise analysis using abstract interpretation. The approach was evaluated using the Java Development Kit as well as the Qualitas Corpus (a collection of over 100 Java Applications) and enabled us to find thousands of issues.