With the increasing complexity of application software there is an acute need for software analysis approaches that are capable of identifying bugs, failures, and most importantly vulnerabilities on a large scale. In this dissertation, first we stress the necessity of having automated software analysis approaches and then propose analysis approaches for detecting vulnerabilities in software via analysis and testing in general, and security assessment in particular. We show the efficiency and effectiveness of these analysis techniques in detecting vulnerabilities.
First, we study security issues in smartphone applications by studying the security discrepancies between Android apps and their website counterparts, depicting the essential need of efficient software analysis techniques to fully automate the mobile app analysis process. By a comprehensive study on 100 popular app-web pairs, we find that, with respect to various security policies, the mobile apps often have weaker or non-existent security measures compared to their website counterparts.
Second, as a consequence of the former, we develop AndroidSlicer, the first novel, efficient, and effective dynamic program slicing tool for Android apps that is useful for a variety of tasks, from testing to debugging to security assessment. Our work in this domain focuses on making large scale applications of slicing practical in order to detect bugs and vulnerabilities in real-world apps. We present two new applications of the dynamic slicing technique in mobile apps: (1) detecting the "stuck'' states (missing progress indicators) in mobile apps. We present, implement, and evaluate ProgressDroid, a tool for discovering missing progress indicator bugs based on program dependencies; and (2) detecting security vulnerabilities in unique device ID generators.
Finally, in the same vein of deploying analysis tools for detecting vulnerabilities, we present GAGA, an efficient genetic algorithm for graph anonymization that simultaneously delivers high anonymization and utility preservation. Experiments show that GAGA improves the defense against DA techniques by reducing the rate of successfully de-anonymized users by at least a factor of 2.7 in comparison to the baseline and at the same time, under 16 graph and application utility metrics, GAGA is overall the best at preserving utilities.