References of "Zhauniarovich, Yury"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailFine-grained Code Coverage Measurement in Automated Black-box Android Testing
Pilgun, Aleksandr UL; Gadyatskaya, Olga UL; Zhauniarovich, Yury et al

in ACM Transactions on Software Engineering and Methodology (2020), 29(4), 1-35

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic ... [more ▼]

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic analysis are being developed by the Android community. Code coverage is one of the most common metrics for evaluating effectiveness of these frameworks. Furthermore, code coverage is used as a fitness function for guiding evolutionary and fuzzy testing techniques. However, there are no reliable tools for measuring fine-grained code coverage in black-box Android app testing. We present the Android Code coVerage Tool, ACVTool for short, that instruments Android apps and measures code coverage in the black-box setting at class, method and instruction granularity. ACVTool has successfully instrumented 96.9% of apps in our experiments. It introduces a negligible instrumentation time overhead, and its runtime overhead is acceptable for automated testing tools. We demonstrate practical value of ACVTool in a large-scale experiment with Sapienz, a state-of-art automated testing tool. Using ACVTool on the same cohort of apps, we have compared different coverage granularities applied by Sapienz in terms of the found amount of crashes. Our results show that none of the applied coverage granularities clearly outperforms others in this aspect. [less ▲]

Detailed reference viewed: 93 (10 UL)
Full Text
Peer Reviewed
See detailDissecting Android Cryptocurrency Miners
Dashevskyi, Stanislav UL; Zhauniarovich, Yury; Gadyatskaya, Olga UL et al

in CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy, New Orleans LA USA, March 2020 (2020, March)

Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards ... [more ▼]

Cryptojacking applications pose a serious threat to mobile devices. Due to the extensive computations, they deplete the battery fast and can even damage the device. In this work we make a step towards combating this threat. We collected and manually verified a large dataset of Android mining apps. In this paper, we analyze the gathered miners and identify how they work, what are the most popular libraries and APIs used to facilitate their development, and what static features are typical for this class of applications. Further, we analyzed our dataset using VirusTotal. The majority of our samples is considered malicious by at least one VirusTotal scanner, but 16 apps are not detected by any engine; and at least 5 apks were not seen previously by the service. Mining code could be obfuscated or fetched at runtime, and there are many confusing miner-related apps that actually do not mine. Thus, static features alone are not sufficient for miner detection.We have collected a feature set of dynamic metrics both for miners and unrelated benign apps, and built a machine learning-based tool for dynamic detection. Our BrenntDroid tool is able to detect miners with 95% of accuracy on our dataset. [less ▲]

Detailed reference viewed: 86 (2 UL)
Full Text
Peer Reviewed
See detailDEMO: An Effective Android Code Coverage Tool
Pilgun, Aleksandr UL; Gadyatskaya, Olga UL; Dashevskyi, Stanislav UL et al

Poster (2018, October 15)

The deluge of Android apps from third-party developers calls for sophisticated security testing and analysis techniques to inspect suspicious apps without accessing their source code. Code coverage is an ... [more ▼]

The deluge of Android apps from third-party developers calls for sophisticated security testing and analysis techniques to inspect suspicious apps without accessing their source code. Code coverage is an important metric used in these techniques to evaluate their effectiveness, and even as a fitness function to help achieving better results in evolutionary and fuzzy approaches. Yet, so far there are no reliable tools for measuring fine-grained bytecode coverage of Android apps. In this work we present ACVTool that instruments Android apps and measures the smali code coverage at the level of classes, methods, and instructions. Tool repository: https://github.com/pilgun/acvtool [less ▲]

Detailed reference viewed: 104 (16 UL)
See detail[GitHub] pilgun/acvtool: ACVTool v0.2
Pilgun, Aleksandr UL; Zhauniarovich, Yury; Gadyatskaya, Olga

Software (2018)

ACVTool (Android Code Coverage Tool) is a tool to measure fine-grained code coverage of 3rd-party Android apps.

Detailed reference viewed: 71 (1 UL)
Full Text
Peer Reviewed
See detailSmall changes, big changes: an updated view on the Android permission system
Zhauniarovich, Yury; Gadyatskaya, Olga UL

in Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Paris, France, September 19-21, 2016, Proceedings (2016, September)

Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. was immutably used in ... [more ▼]

Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the description of the architecture provided by Enck et al. was immutably used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model. To our surprise, the permission system evolved with almost every release. After analysis of 16 Android versions, we can con firm that the modi fications, especially introduced in Android 6.0, considerably impact the aptness of old conclusions and tools for newer releases. For instance, since Android 6.0 some signature permissions, previously granted only to apps signed with a platform certi cate, can be granted to third-party apps even if they are signed with a non-platform certi cate; many permissions considered before as threatening are now granted by default. In this paper, we review in detail the updated system, introduced changes, and their security implications. We highlight some bizarre behaviors, which may be of interest for developers and security researchers. We also found a number of bugs during our analysis, and provided patches to AOSP where possible. [less ▲]

Detailed reference viewed: 178 (6 UL)
Full Text
Peer Reviewed
See detailTowards Black Box Testing of Android Apps
Zhauniarovich, Yury; Philippov, Anton; Gadyatskaya, Olga UL et al

in Proc. of Software Assurance Workshop at the 10th International Conference on Availability, Reliability and Security (ARES) (2015, August)

Many state-of-art mobile application testing frameworks (e.g., Dynodroid, EvoDroid) enjoy Emma or other code coverage libraries to measure the coverage achieved. The underlying assumption for these ... [more ▼]

Many state-of-art mobile application testing frameworks (e.g., Dynodroid, EvoDroid) enjoy Emma or other code coverage libraries to measure the coverage achieved. The underlying assumption for these frameworks is availability of the app source code. Yet, application markets and security researchers face the need to test third-party mobile applications in the absence of the source code. There exists a number of frameworks both for manual and automated test generation that address this challenge. However, these frameworks often do not provide any statistics on the code coverage achieved, or provide coarse-grained ones like a number of activities or methods covered. At the same time, given two test reports generated by different frameworks, there is no way to understand which one achieved better coverage if the reported metrics were different (or no coverage results were provided). To address these issues we designed a framework called BBOXTESTER that is able to generate code coverage reports and produce uniform coverage metrics in testing without the source code. Security researchers can automatically execute applications exploiting current stateof- art tools, and use the results of our framework to assess if the security-critical code was covered by the tests. In this paper we report on design and implementation of BBOXTESTER and assess its efficiency and effectiveness. [less ▲]

Detailed reference viewed: 120 (1 UL)
Full Text
Peer Reviewed
See detailStaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications
Zhauniarovich, Yury; Ahmad, Maqsood; Gadyatskaya, Olga UL et al

in Proceedings of CODASPY '15 (2015, March)

Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use ... [more ▼]

Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These techniques defuse even the most recent static analyzers that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA. [less ▲]

Detailed reference viewed: 107 (0 UL)
Full Text
Peer Reviewed
See detailFSquaDRA: Fast Detection of Repackaged Applications
Zhauniarovich, Yury; Gadyatskaya, Olga UL; Crispo, Bruno et al

in Data and Applications Security and Privacy XXVIII (2014, July)

The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of ... [more ▼]

The ease of Android applications repackaging and proliferation of application clones in Google Play and other markets call for new effective techniques to detect repackaged code and combat distribution of cloned applications. Today all existing techniques for repackaging detection are based on code similarity or feature (e.g., permission set) similarity evaluation. We propose a new approach to detect repackaging based on the resource files available in application packages. Our tool called FSquaDRA performs a quick pairwise application comparison (full pairwise comparison for 55,000 applications in just 80 hours on a laptop), as it measures how many identical resources are present inside both packages under analysis. The intuition behind our approach is that malicious repackaged applications still need to maintain the “look and feel” of the originals by including the same images and other resource files, even though they might have additional code included or some of the original code removed. To evaluate the reliability of our approach we perform a comparison of the FSquaDRA similarity scores with the code-based similarity scores of AndroGuard for a dataset of randomly selected application pairs, and our results demonstrate strong positive correlation of the FSquaDRA resource-based score with the code-based similarity score. [less ▲]

Detailed reference viewed: 160 (3 UL)