Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Sixth Static Analysis Tool Exposition (SATE VI)

Webinar: Static Analysis Tool Exposition (SATE VI)
Webinar: Static Analysis Tool Exposition (SATE VI)

Agenda:

  • SATE overview
  • Classic track
  • Ockham criteria track
  • Mobile track
  • General discussion

The classic track combines the production, CVE and synthetic tracks from the previous SATEs. In SATE VI, we intend to seed a significant number of vulnerabilities in large software, combining the advantages of all three of the old tracks into one. We will be able to measure more aspects of tool effectiveness (recall, precision, etc.) while keeping the complexity of real code. We intend to support C and Java in SATE VI.

The Ockham criteria track highlights the strengths of sound analyzers. There seems to be a consensus for C. Currently, we are leaning toward using Juliet 1.2.1 and possibly SV-COMP.

The mobile track will focus on between three and four mobile application test cases. For this first foray into the mobile space, we will be focusing on the Android operating system. All test cases will represent full, deployable, mobile applications. One test case in particular will focus on seeding vulnerabilities into a real world, open source, mobile application. While the SATE focuses primarily on static analysis, we invite participants to submit analysis of any and all kinds including dynamic and behavioral analysis. The organizing meeting will provide us with important feedback concerning the direction we take the test cases, so all voices are welcome.

Additional information will be available on the SATE VI website at https://samate.nist.gov/SATE.html

Presentation Slides (PDF)

SATE VI: Ockham Sound Analysis Criteria

 

 

Created May 24, 2017, Updated July 23, 2020