Uncovering the iceberg from the tip: Generating API Specifications for Bug Detection via Specification Propagation Analysis
Miaoqian Lin
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · API Security
In the realm of software security, the correct and safe usage of Application Programming Interfaces (APIs) is paramount. However, the intricate nature of APIs, especially in low-level languages like C, often leads to misuse, resulting in critical vulnerabilities such as reference count errors, memory leaks, and improper resource handling. The challenge lies in the fact that many crucial API specifications—the rules governing their correct usage—are either poorly documented, hidden within complex code, or simply not observed through typical usage patterns. This talk, presented by Miaoqian Lin at the NDSS Symposium, introduces **API spec**, a novel framework designed to address this pervasive problem by inferring hidden API specifications through a technique called **specification propagation analysis**.
AI review
Solid systems security research with a clean insight: spec propagation through call hierarchies lets you bootstrap thousands of API contracts from a handful of seeds. 186 confirmed Linux kernel bugs from 6 seed specs is a result that speaks for itself, and the 90%+ of generated specs invisible to frequency-based methods is a direct indictment of the state of the art.