Conferences related to Static Analysis

Back to Top

2023 Annual International Conference of the IEEE Engineering in Medicine & Biology Conference (EMBC)

The conference program will consist of plenary lectures, symposia, workshops and invitedsessions of the latest significant findings and developments in all the major fields of biomedical engineering.Submitted full papers will be peer reviewed. Accepted high quality papers will be presented in oral and poster sessions,will appear in the Conference Proceedings and will be indexed in PubMed/MEDLINE.


2020 59th IEEE Conference on Decision and Control (CDC)

The CDC is the premier conference dedicated to the advancement of the theory and practice of systems and control. The CDC annually brings together an international community of researchers and practitioners in the field of automatic control to discuss new research results, perspectives on future developments, and innovative applications relevant to decision making, automatic control, and related areas.


2020 IEEE 29th International Symposium on Industrial Electronics (ISIE)

ISIE focuses on advancements in knowledge, new methods, and technologies relevant to industrial electronics, along with their applications and future developments.


2020 IEEE Applied Power Electronics Conference and Exposition (APEC)

APEC focuses on the practical and applied aspects of the power electronics business. Not just a power designer’s conference, APEC has something of interest for anyone involved in power electronics including:- Equipment OEMs that use power supplies and converters in their equipment- Designers of power supplies, dc-dc converters, motor drives, uninterruptable power supplies, inverters and any other power electronic circuits, equipments and systems- Manufacturers and suppliers of components and assemblies used in power electronics- Manufacturing, quality and test engineers involved with power electronics equipment- Marketing, sales and anyone involved in the business of power electronic- Compliance engineers testing and qualifying power electronics equipment or equipment that uses power electronics


2020 IEEE Frontiers in Education Conference (FIE)

The Frontiers in Education (FIE) Conference is a major international conference focusing on educational innovations and research in engineering and computing education. FIE 2019 continues a long tradition of disseminating results in engineering and computing education. It is an ideal forum for sharing ideas, learning about developments and interacting with colleagues inthese fields.


More Conferences

Periodicals related to Static Analysis

Back to Top

Applied Superconductivity, IEEE Transactions on

Contains articles on the applications and other relevant technology. Electronic applications include analog and digital circuits employing thin films and active devices such as Josephson junctions. Power applications include magnet design as well asmotors, generators, and power transmission


Automatic Control, IEEE Transactions on

The theory, design and application of Control Systems. It shall encompass components, and the integration of these components, as are necessary for the construction of such systems. The word `systems' as used herein shall be interpreted to include physical, biological, organizational and other entities and combinations thereof, which can be represented through a mathematical symbolism. The Field of Interest: shall ...


Biomedical Engineering, IEEE Transactions on

Broad coverage of concepts and methods of the physical and engineering sciences applied in biology and medicine, ranging from formalized mathematical theory through experimental science and technological development to practical clinical applications.


Circuits and Systems for Video Technology, IEEE Transactions on

Video A/D and D/A, display technology, image analysis and processing, video signal characterization and representation, video compression techniques and signal processing, multidimensional filters and transforms, analog video signal processing, neural networks for video applications, nonlinear video signal processing, video storage and retrieval, computer vision, packet video, high-speed real-time circuits, VLSI architecture and implementation for video technology, multiprocessor systems--hardware and software-- ...


Circuits and Systems I: Regular Papers, IEEE Transactions on

Part I will now contain regular papers focusing on all matters related to fundamental theory, applications, analog and digital signal processing. Part II will report on the latest significant results across all of these topic areas.


More Periodicals

Most published Xplore authors for Static Analysis

Back to Top

Xplore Articles related to Static Analysis

Back to Top

Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions

2018 IEEE Cybersecurity Development (SecDev), 2018

Parfait [1] is a static analysis tool originally developed to find implementation defects in C/C++ systems code. Parfait's focus is on proving both high precision (low false positives) as well as scaling to systems with millions of lines of code (typically requiring ~10 minutes of analysis time per million lines). Parfait has since been extended to detect security vulnerabilities in ...


Static Analysis of Dlsym-Like Function Calls

2018 Ivannikov Memorial Workshop (IVMEM), 2018

The problem of constructing full call graph of a program can be complicated by absence of indirect calls in the graph. It may happen when a developer decides to invoke a function by pointer. The appearance of functions like dlsym makes it possible. Such functions allows to obtain an address of a function from a library at runtime. The paper ...


A comparative study on software vulnerability static analysis techniques and tools

2010 IEEE International Conference on Information Theory and Information Security, 2010

Using static analysis tools can detect software vulnerabilities, which is important for improving the security of software. Static analysis technology has developed rapidly, but the comparison and evaluation of static analysis techniques and tools are not much. This paper focuses on software vulnerability static analysis techniques and tools. First we discuss the commonly-used static analysis techniques and tools, and compare ...


A Framework for Combining and Ranking Static Analysis Tool Findings Based on Tool Performance Statistics

2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), 2017

This paper proposes a conceptual, performance-based ranking framework that prioritises the output of multiple Static Analysis Tools, to improve the tool effectiveness and usefulness. The framework weights the performance of Static Analysis Tools per defect type and cross-validates the findings between different Static Analysis Tools' reports. An initial validation shows the potential benefits of the proposed framework.


An Automated Brute Force Method Based on Webpage Static Analysis

2018 10th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA), 2018

Web application is widely used in many enterprises, while providing convenience, the web application brings lots of the security risk. Password is the first line of defense in the web application, the weak password problem has always been a short board in web application security protection system. The existing weak password detection method based on dynamic intercept is of high ...


More Xplore Articles

Educational Resources on Static Analysis

Back to Top

IEEE.tv Videos

IEEE John von Neumann Medal - Patrick Cousot - 2018 IEEE Honors Ceremony
Formula Hybrid
IMS 2012 Microapps - Improve Microwave Circuit Design Flow Through Passive Model Yield and Sensitivity Analysis
Overcoming the Static Learning Bottleneck - the Need for Adaptive Neural Learning - Craig Vineyard: 2016 International Conference on Rebooting Computing
IMS 2011 Microapps - Yield Analysis During EM Simulation
Spectrum Analysis: RF Boot Camp
Surgical Robotics: Analysis and Control Architecture for Semiautonomous Robotic Surgery
IMS 2012 Microapps - Generation and Analysis Techniques for Cost-efficient SATCOM Measurements Richard Overdorf, Agilent
Similarity and Fuzzy Logic in Cluster Analysis
IMS 2011 Microapps - A Practical Approach to Verifying RFICs with Fast Mismatch Analysis
IMS MicroApps: Multi-Rate Harmonic Balance Analysis
New Approach of Vehicle Electrification: Analysis of Performance and Implementation Issue
A Flexible Testbed for 5G Waveform Generation and Analysis: MicroApps 2015 - Keysight Technologies
Edge Computing and Network Slicing for the Factories of the Future - Future X Network Panel Talk - Andreas Mueller - Brooklyn 5G Summit 2018
IMS 2011 Microapps - STAN Tool: A New Method for Linear and Nonlinear Stability Analysis of Microwave Circuits
IMS 2011 Microapps - Tools for Creating FET and MMIC Thermal Profiles
Zohara Cohen AMA EMBS Individualized Health
IMS 2011 Microapps - Remcom's XFdtd and Wireless InSite: Advanced Tools for Advanced Communication Systems Analysis
Micro-Apps 2013: Power Added Efficiency (PAE) Analysis with 8990B Peak Power Analyzer
Network Analysis: RF Boot Camp

IEEE-USA E-Books

  • Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions

    Parfait [1] is a static analysis tool originally developed to find implementation defects in C/C++ systems code. Parfait's focus is on proving both high precision (low false positives) as well as scaling to systems with millions of lines of code (typically requiring ~10 minutes of analysis time per million lines). Parfait has since been extended to detect security vulnerabilities in applications code, supporting the Java EE and PL/SQL server stack. In this abstract we describe some of the challenges we encountered in this process including some of the differences seen between the applications code being analysed, our solutions that enable us to analyse a variety of applications, and a summary of the challenges that remain.

  • Static Analysis of Dlsym-Like Function Calls

    The problem of constructing full call graph of a program can be complicated by absence of indirect calls in the graph. It may happen when a developer decides to invoke a function by pointer. The appearance of functions like dlsym makes it possible. Such functions allows to obtain an address of a function from a library at runtime. The paper suggests two step static analysis for revealing symbols loaded at runtime. The first step collects auxiliary information about a program between translation units, the second applies collected information to analyze individual translation units.

  • A comparative study on software vulnerability static analysis techniques and tools

    Using static analysis tools can detect software vulnerabilities, which is important for improving the security of software. Static analysis technology has developed rapidly, but the comparison and evaluation of static analysis techniques and tools are not much. This paper focuses on software vulnerability static analysis techniques and tools. First we discuss the commonly-used static analysis techniques and tools, and compare these tools in a technical perspective, and then we analyze the characteristics of these tools through the experiment, finally, combining dynamic analysis, we propose an efficient software vulnerability detection method.

  • A Framework for Combining and Ranking Static Analysis Tool Findings Based on Tool Performance Statistics

    This paper proposes a conceptual, performance-based ranking framework that prioritises the output of multiple Static Analysis Tools, to improve the tool effectiveness and usefulness. The framework weights the performance of Static Analysis Tools per defect type and cross-validates the findings between different Static Analysis Tools' reports. An initial validation shows the potential benefits of the proposed framework.

  • An Automated Brute Force Method Based on Webpage Static Analysis

    Web application is widely used in many enterprises, while providing convenience, the web application brings lots of the security risk. Password is the first line of defense in the web application, the weak password problem has always been a short board in web application security protection system. The existing weak password detection method based on dynamic intercept is of high complexity and low degree of automation, which cannot meet the needs of information security supervision. In this paper, a weak password detection method based on the static analysis of webpage is proposed, which automatically extract the key information of login process by identify and analyze the form of the login page. Based on this method, a system prototype which can automatically detect the weak password for Web application and supports captcha recognize of common digital and letter combinations is realized. The system has a high degree of automation, and has good practicability and application prospect.

  • Path sensitive static analysis of taint-style vulnerabilities in PHP code

    This paper presents a novel path-sensitive static analysis method for detecting taint-style vulnerabilities in PHP code. The new method includes three key, the first of which is path searching during a basic block, the second is path searching between blocks, and the third is path searching crossing function call. A tool name POSE implements the new method and the testing results show the method is valid for taint-style vulnerabilities in PHP code.

  • Hands-On Tutorial: Auditing Static Analysis Alerts Using a Lexicon & Rules

    This hands-on tutorial teaches participants how to audit static analysis alerts, using an auditing lexicon and rules. There is no widely-accepted lexicon or standard set of rules for auditing static analysis alerts in the software engineering community. Auditing rules and a lexicon should guide different auditors to make the same determination for an alert. Standard terms and processes are necessary so that initial determinations are correctly interpreted, which helps organizations reduce code flaws. They are also needed to improve the quality of audit data to benefit research on alert prioritization. This tutorial teaches a suggested set of auditing rules and a lexicon, briefly detailing rationales based on modern software engineering practices for each rule and each lexicon term. The majority of time in the tutorial will be spent by participants working with provided small programs and associated static analysis alerts, examining them using the lexicon and rules to make a determination, separately and as a group. These hands-on activities will be interspersed with presenting the auditing rules, so participants immediately put what was taught into practice on relevant code and alerts. We hope that the auditing rules and lexicon taught will be immediately useful for participants to adopt (partially or in full) in their workplace, and that learning about them will motivate community discussion leading to agreed-upon standards.

  • A Comparison of Open-Source Static Analysis Tools for Vulnerability Detection in C/C++ Code

    We describe work that is part of a research project on static code analysis between the Alexandru Ioan Cuza University and Bitdefender. The goal of the project is to develop customized static analysis tools for detecting potential vulnerabilities in C/C++ code. We present the results of benchmarking several existing open source static analysis tools for C/C++ against the Toyota ITC test suite [1] in order to determine which tools are best suited to our purpose. The Toyota ITC test suite is a synthetic benchmark for C/C++ consisting of around 650 test cases organized by defect type and defect subtype and is well-suited to our purpose, since it contains various bugs such as buffer overflows that are common in C/C++ code. We analyze the open-source static analysis tools according to the existing quality indicators such as detection rate and false positive rate proposed in [1], but we also introduce a new quality metric that we call robust detection which also allows us to measure unique detections by tool and by (sub)defect type. We also find several mistakes in the Toyota ITC testsuite that we fix. We publish the harness used to benchmark the static analyzers in order for anyone to be able to reproduce our results.

  • Evaluating State-of-the-Art Free and Open Source Static Analysis Tools Against Buffer Errors in Android Apps

    Modern mobile apps incorporate rich and complex features, opening the doors for different security concerns. Android is the dominant platform in mobile app markets, and enhancing its apps security is a considerable area of research. Android malware (introduced intentionally by developers) has been well studied and many tools are available to detect them. However, little attention has been directed to address vulnerabilities caused unintentionally by developers in Android apps. Static analysis has been one way to detect such vulnerabilities in traditional desktop and server side desktop. Therefore, our research aims at assessing static analysis tools that could be used by Android developers. Our preliminary analysis revealed that Buffer Errors are the most frequent type of vulnerabilities that threaten Android apps. Also, we found that Buffer Errors in Android apps have the highest risk on Android that affects data integrity, confidentiality, and availability. Our main study therefore tested whether state-of-the-art static analysis tools could detect Buffer Errors in Android apps. We investigated 6 static analysis tools that are designed to detect Buffer Errors. The study shows that the free and open source state-of-the-art static analysis tools do not efficiently discover Buffer Error vulnerabilities in Android apps. We analyzed the tools carefully to see why they could not discover Buffer Errors and found that the lack of semantic analysis capabilities, inapplicability to Android apps, and the gap between native code and other contexts were some of the reasons. Thus, we concluded that there is a need to build better free and open source static analysis tools for detecting Buffer Errors in Android apps.

  • The Android Malware Static Analysis: Techniques, Limitations, and Open Challenges

    This paper aims to explain static analysis techniques in detail, and to highlight the weaknesses and challenges which face it. To this end, more than 80 static analysis-based framework have been studied, and in their light, the process of detecting malicious applications has been divided into four phases that were explained in a schematic manner. Also, the features that is used in static analysis were discussed in detail by dividing it into four categories namely, Manifest-based features, code-based features, semantic features and app's metadata-based features. Also, the challenges facing methods based on static analysis were discussed in detail. Finally, a case study was conducted to test the strength of some known commercial antivirus and one of the stat- of-art academic static analysis frameworks against obfuscation techniques used by developers of malicious applications. The results showed a significant impact on the performance of the most tested antiviruses and frameworks, which is reflecting the urgent need for more accurately tools.



Standards related to Static Analysis

Back to Top

(Replaced) IEEE Standard VHDL Language Reference Manual

his standard revises and enhances the VHDL language reference manual (LRM) by including a standard C language interface specification; specifications from previously separate, but related, standards IEEE Std 1164 -1993,1 IEEE Std 1076.2 -1996, and IEEE Std 1076.3-1997; and general language enhancements in the areas of design and verification of electronic systems.



Jobs related to Static Analysis

Back to Top