CYSEC researchers will present five full research papers at the International Conference on Software Engineering (ICSE), which is the premier conference in software engineering. The papers present tools, techniques, and empirical study results that ultimately help developers to construct correct and secure software.
Past experience shows that security vulnerabilities are often related to software bugs. To identify and avoid such bugs, developing novel ways to analyze and debug programs is crucial. The results that will be presented at ICSE address these challenges, e.g., through a novel taint analysis for Android applications and a debugging methodology for reactive programs. Furthermore, the papers include empirical studies related to software security and correctness, such as a study on identifier names as a source of information for program analyses and a study on the usability of Java's cryptography APIs.
The following papers were accepted at ICSE:
- Debugging for Reactive Programming (Guido Salvaneschi, Mira Mezini)
- Nomen est Omen: Exploring and Exploiting Similarities between Argument and Parameter Names (Hui Liu, Qiurong Liu, Cristian-Alexandru Staicu, Michael Pradel, Yue Luo)
- StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework (Steven Arzt, Eric Bodden)
- Jumping Through Hoops: Why do Java Developers Struggle With Cryptography APIs? (Sarah Nadi, Stefan Krüger, Mira Mezini, Eric Bodden)