Litcius/Paper detail

RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection

Tao Lv, Ruishi Li, Yi Yang, Kai Chen, Xiaojing Liao, Xiaofeng Wang, Peiwei Hu, Luyi Xing

202027 citationsDOI

Abstract

To use library APIs, a developer is supposed to follow guidance and respect some constraints, which we call integration assumptions (IAs). Violations of these assumptions can have serious consequences, introducing security-critical flaws such as use-after-free, NULL-dereference, and authentication errors. Analyzing a program for compliance with IAs involves significant effort and needs to be automated. A promising direction is to automatically recover IAs from a library document using Natural Language Processing (NLP) and then verify their consistency with the ways APIs are used in a program through code analysis. However, a practical solution along this line needs to overcome several key challenges, particularly the discovery of IAs from loosely formatted documents and interpretation of their informal descriptions to identify complicated constraints (e.g., data-/control-flow relations between different APIs).

Topics & Concepts

Computer scienceConsistency (knowledge bases)Misuse detectionKey (lock)Information retrievalCode (set theory)Programming languageNull (SQL)Authentication (law)Control flowSoftware engineeringData miningDatabaseComputer securityArtificial intelligenceSet (abstract data type)Intrusion detection systemAnomaly-based intrusion detection systemSoftware Engineering ResearchWeb Application Security VulnerabilitiesAdvanced Malware Detection Techniques
RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection | Litcius