Naturalistic Static Program Analysis
Mohammad Mehdi Pourhashem Kallehbasti, Mohammad Ghafari
TL;DR
This paper introduces a framework enabling developers to define static program analyses using natural language, simplifying the development process and demonstrated through identifying cryptography misuses in Java programs.
Contribution
The paper presents a novel framework allowing natural language specification of static analyses, streamlining development and application in security vulnerability detection.
Findings
Framework effectively identifies cryptography misuses in Java
Simplifies static analysis development process
Facilitates rapid deployment of custom analyses
Abstract
Static program analysis development is a non-trivial and time-consuming task. We present a framework through which developers can define static program analyses in natural language. We show the application of this framework to identify cryptography misuses in Java programs, and we discuss how it facilitates static program analysis development for developers.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Security and Verification in Computing · Software Engineering Research