[en] In Android-based mobile computing, since the original Java source code is irretrievable from Dalvik bytecode, intermediate representations (IRs) were developed to represent Dalvik bytecode in readable form. To date, SMALI, JASMIN, and JIMPLE are all used as Android application IRs by mobile developers, testers and researchers. Here, we compare these three IRs via randomized event-based testing (Monkey testing) to determine that which most accurately preserves the original program behaviors in terms of the number of successfully injected events. As such program behaviors are critical to mobile security, the choice of IR is crucial during software security testing. In our experiment, we developed an event-based comparative scheme, and conducted a comprehensive empirical study. Statistical comparison of the three IRs’ program behaviors shows that SMALI behaves closest to the original applications and hence is the most suitable for software security testing as the most accurate alternative to the original Java source code (which is usually not publicly available).
Disciplines :
Sciences informatiques
Auteur, co-auteur :
Arnatovich, Yauhen Leanidavich; Nanyang Technological University > Infinitus, Infocomm Centre of Excellence
Tan, Hee Beng Kuan; Nanyang Technological University > School of Electrical and Electronic Engineering
SHAR, Lwin Khin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Langue du document :
Anglais
Titre :
Empirical Comparison of Intermediate Representations for Android Applications
Date de publication/diffusion :
03 juillet 2014
Nom de la manifestation :
26th International Conference on Software Engineering and Knowledge Engineering
Lieu de la manifestation :
Vancouver, Canada
Date de la manifestation :
01-07-2014 TO 03-07-2014
Manifestation à portée :
International
Titre de l'ouvrage principal :
26th International Conference on Software Engineering and Knowledge Engineering
Android security related tools. http://ashishb.net/security/androidsecurity-related-tools/, 2013. Accessed: 08-Mar-2014.
Soot: a Java Optimization Framework. http://www.sable.mcgill.ca/soot/, 2008. Accessed: 08-Mar-2014.
Analyzer and Disassembler for Java class files. http://classfileanalyzer.javaseiten.de/, 2008. Accessed: 08-Mar-2014.
L. Batyuk, M. Herpich, S. A. Camtepe, K. Raddatz, A. Schmidt, S. Albayrak, "Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications," in 6th Intern. Conf. MALWARE'11, pp. 66-72, IEEE, 2011.
C. Zheng, S. X. Zhu, S. F. Dai, G. F. Gu, X. R. Gong, X. H. Han, W. Zou, "Smart Droid: an automatic system for revealing UI-based trigger conditions in android applications," in Proc. SPSM'12, pp. 93-104, 2012.
Smali: An assembler/disassembler for Android's dex format. https://code.google.com/p/smali/, 2009. Accessed: 08-Mar-2014.
J. Hoffmann, M. Ussath, T. Holz, M. Spreitzenbarth, "Slicing droids: program slicing for smali code," in Proc. SAC'13, pp. 1844-1851, 2013.
R. Johnson, Z. H. Wang, C. Gagnon, A. Stavrou, "Analysis of Android Applications' Permissions," in 6th Intern. Conf. SERE-C'12, pp. 45-46, IEEE, 2012.
V. Rastogi, Y. Chen, X. Jiang, "Droid Chameleon: evaluating Android anti-malware against transformation attacks," in Proc. CCS'13, pp. 329-334, 2013.
A. Bartel, J. Klein, Y. Le Traon, M. Monperrus, "Dexpler: Converting Android Dalvik Bytecode to Jimple for Static Analysis with Soot," in Proc. SOAP'12, pp. 27-38, 2012.
R. Vallée-Rai, E. Gagnon, L. Hendren, P. Lam, P. Pominville, V. Sundaresan, "Optimizing Java bytecode using the Soot framework: Is it feasible?," in Compiler Construction, Springer Berlin Heidelberg, pp. 18-34, 2000.
R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, V. Sundaresan, "Soot: a Java bytecode optimization framework," in CASCON'10, pp. 214-224, IBM Corp., 2010.
R. Vallee-Rai, L. J. Hendren, Jimple: Simplifying Java Bytecode for Analyses and Transformations. Sable Research Group, McGill University, 1998.
P. Parízek, O. Šerý, J. Kofroň, P. Jančík, Soot Framework. Faculty of Mathematics and Physics, Charles University in Prague, 2013.
D. Bornstein, Dalvik VM Internals. Google, 2008.
D. Ehringer, The Dalvik virtual machine architecture. Technical report, Google, 2010.
J. Huang, Understanding the Dalvik Virtual Machine. Developer, 0xlab, 2012.
W. J. Conover, Practical Nonparametric Statistic, 3rd ed., John Wiley & Sons, Inc., 1999.
D. J. Sheskin, Handbook of Parametric and Nonparametric Statistical Procedures, 3rd ed., Taylor & Francis, 2003.
A. Marcus, J. I. Maletic, "Identification of high-level concept clones in source code," in Proc. ASE'01, pp. 107-114, IEEE, 2001.
A. T. T. Ying, G. C. Murphy, R. Ng, M. C. Chu-Carroll, "Predicting source code changes by mining change history," IEEE Trans. Software Eng., vol. 30, no. 9, pp. 574-586, 2004.
T. Eisenbarth, R. Koschke, D. Simon, "Locating features in source code," IEEE Trans. Software Eng., vol. 29, no. 3, pp. 210-224, 2003.
M. W. Godfrey, L. Zou, "Using origin analysis to detect merging and splitting of source code entities," IEEE Trans. Software Eng., vol. 31, no. 2, pp. 166-181, 2005.
