News & Achievements

Dr Daniel Luo received the ACM SIGSOFT Distinguished Paper Award at ICSE 2021

We are pleased to announce that Dr Daniel Luo, Associate Professor of COMP, together with his PhD student, Zhan Xian, and other researchers recently received the ACM SIGSOFT Distinguished Paper Award at the 43rd ACM/IEEE International Conference on Software Engineering (ICSE 2021) with the paper titled “ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications”.

Since third-party libraries (TPLs) have been widely used in mobile apps, accurate detection of TPLs in Android apps is essential to many security and software maintenance tasks, such as repackaged apps identification, vulnerability discovery, etc. Unfortunately, it is non-trivial to identify TPLs accurately due to the challenges like TPL dependency, code obfuscation, and diverse versions. In this paper, the research team proposed and developed a novel system named “ATVHunter”, which could pinpoint the precise vulnerable in-app TPL versions and provide detailed information about the vulnerabilities and TPLs.

Extensive experimental results showed that “ATVHunter” outperformed state-of-the-art TPL detection tools in terms of accuracy and efficiency. To investigate the ecosystem of the vulnerable TPLs used by apps, the team constructed a comprehensive vulnerable TPL dataset and used “ATVHunter” to conduct a large-scale analysis on the apps from the Google Play store. “ATVHunter” found 9,050 apps including vulnerable TPL versions with 53,337 vulnerabilities and 7,480 security bugs, most of which had high risks and were not recognised by app developers. This result uncovered severe security issues in mobile apps and was very important to mobile app developers, users and security researchers.

The IEEE/ACM International Conference on Software Engineering (ICSE) is the premier software engineering conference. Since 1975, ICSE has provided a forum where researchers, practitioners, and educators gather together to present and discuss the most recent innovations, trends, experiences and issues in the field of software engineering.