| Presentation | 2017-03-14 Towards finding Code Snippets on a Question and Answer Website causing Mobile App Vulnerabilities Hiroki Nakano, Fumihiro Kanei, Mitsuaki Akiyama, Katsunari Yoshioka, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Android app developers sometimes copy code snippets posted on a Question and Answer Website and develop their apps. If a code snippet has vulnerabilities, android apps with the problematic snippet could also have the same vulnerabilities. However, influence of problematic snippets on the vulnerabilities of Android apps has not been investigated in depth. In this paper, we collect code snippets from the Question and Answer Website, extract possibly problematic snippet, and calculate similarity between those snippets with vulnerable apps. As a result, we show that a single problematic snippet cause 2,177 apps to contain a vulnerability, 18% of all collected apps with that vulnerability. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Mobile App / Vulnerabilities / Question and Answer Website / Code Snippets |
| Paper # | ICSS2016-68 |
| Date of Issue | 2017-03-06 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2017/3/13(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | University of Nagasaki |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | System Security, etc. |
| Chair | Yutaka Miyake(KDDI R&D Labs.) |
| Vice Chair | Yoshiaki Shiraishi(Kobe Univ.) / Takeshi Ueda(Mitsubishi Electric) |
| Secretary | Yoshiaki Shiraishi(NII) / Takeshi Ueda(Yokohama National Univ.) |
| Assistant | Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Towards finding Code Snippets on a Question and Answer Website causing Mobile App Vulnerabilities |
| Sub Title (in English) | |
| Keyword(1) | Mobile App |
| Keyword(2) | Vulnerabilities |
| Keyword(3) | Question and Answer Website |
| Keyword(4) | Code Snippets |
| 1st Author's Name | Hiroki Nakano |
| 1st Author's Affiliation | Yokohama National University(YNU) |
| 2nd Author's Name | Fumihiro Kanei |
| 2nd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 3rd Author's Name | Mitsuaki Akiyama |
| 3rd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
| 4th Author's Name | Katsunari Yoshioka |
| 4th Author's Affiliation | Yokohama National University(YNU) |
| Date | 2017-03-14 |
| Paper # | ICSS2016-68 |
| Volume (vol) | vol.116 |
| Number (no) | ICSS-522 |
| Page | pp.pp.171-176(ICSS), |
| #Pages | 6 |
| Date of Issue | 2017-03-06 (ICSS) |