APP-Miner: Detecting API Misuses via Automatically Mining API Path Patterns
Jiasheng Jiang, Jingzheng Wu, Xiang Ling, Tianyue Luo, Sheng Qu, Yanjun Wu
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 4
The talk "APP-Miner: Detecting API Misuses via Automatically Mining API Path Patterns" by Jiasheng Jiang and his co-authors from the Institute of Software, Chinese Academy of Sciences, introduces a novel framework designed to automatically identify API misuses in software. In modern software development, programmers frequently utilize Application Programming Interfaces (APIs) to implement complex functionalities without necessarily understanding their intricate internal mechanisms or the specific **API patterns** required for correct usage. Violations of these patterns can lead to severe security implications, ranging from memory leaks and integer overflows to stack overflows.
AI review
APP-Miner presents a robust, automated framework for detecting API misuses by mining implicit patterns from source code. Its novel approach to frequent subgraph mining, addressing connectivity and computational complexity, yielded 19 CVEs in critical projects. This is a significant advancement in practical static analysis for software security.