[Soot-list] Regarding your paper on FLOWDROID

[Marc-André Laverdière]

Hello everybody,

For everybody's general information...

Livshits has agreed to license SB Micro under a FLOSS license and I'm 
doing small tweaks to it. You can find it here: 
http://too4words.github.io/securibench-micro/

Since it is a synthetic benchmark, we know precisely where the 
vulnerabilities are. They are documented by /* BAD */ in the source 
code. This is a perfect oracle. The downsides are obviously 
non-representativity and experimenter bias.

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 18/02/15 09:35 AM, Steven Arzt wrote:
> Hi,
>
> SecuriBench micro is a micro-benchmarking suite, so the test cases are
> rather small. This means that one is able to analyze them by hand to
> check how many data leaks there should be. Additionally, since the suite
> was designed with static analysis tools in mind, there is a
> documentation. Just search for SecuriBench Micro in a web search engine
> of your liking.
>
> Best regards,
>
>    Steven
>
> *Von:*H S [mailto:aras_h1988 at yahoo.com]
> *Gesendet:* Mittwoch, 18. Februar 2015 15:32
> *An:* Steven Arzt; Soot List; Soot-list
> *Betreff:* WG: Regarding your paper on FLOWDROID
>
> Hi Steven,
>
> I wanted to know how you determine the number of actual leaks in an
> Android application, where you have concluded that your app was able to
> detect for example 58 of 60 actual leaks.
>
> /"Table 2 shows our test results grouped by test categories. The/
>
> /TP column shows the true positives, i.e., the number of actual leaks/
>
> /that FLOWDROID found. For the example of Basic, for instance,/
>
> /FLOWDROID found 58 out of 60."/
>
> I would appreciate your answer on it.
>
> Thanks and kind regards,
>
> Sarah
>
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>