Bushra
Aloraini,
PhD
candidate
David
R.
Cheriton
School
of
Computer
Science
Modern software such as Android apps incorporates rich and complex features leading to different security concerns, hence, enhancing software security is a significant area of research. One of the most important security concerns is software vulnerabilities that are caused unintentionally by developers. Static Application Security Testing (SAST) tools have been one way to detect such vulnerabilities earlier to reduce the associated cost.
Our research indicates that buffer errors are the most frequent type of vulnerabilities that threaten Android apps; however, according to current literature and our work, state-of-the-art SAST tools do not efficiently discover buffer error vulnerabilities in such apps. The main reason for such undetected vulnerabilities is a lack of static analysis capabilities for cross-language analysis, among other reasons. This happens since most of the modern apps, such as Android apps, may involve multiple programming languages in one app. In this study, we introduce a cross-language methodology to analyze Android apps to detect such vulnerabilities.