Empirical Comparison of Intermediate Representations for Android Applications

Arnatovich, Yauhen Leanidavich; Tan, Hee Beng Kuan; Shar, Lwin Khin

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Empirical Comparison of Intermediate Representations for Android Applications

Arnatovich, Yauhen Leanidavich; Tan, Hee Beng Kuan; Shar, Lwin Khin

2014 • In 26th International Conference on Software Engineering and Knowledge Engineering

Peer reviewed

Permalink
https://hdl.handle.net/10993/18548

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

seke14paper_84.pdf

Author preprint (1.17 MB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

intermediate representation; Android computing; event-based testing

Abstract :

[en] In Android-based mobile computing, since the original Java source code is irretrievable from Dalvik bytecode, intermediate representations (IRs) were developed to represent Dalvik bytecode in readable form. To date, SMALI, JASMIN, and JIMPLE are all used as Android application IRs by mobile developers, testers and researchers. Here, we compare these three IRs via randomized event-based testing (Monkey testing) to determine that which most accurately preserves the original program behaviors in terms of the number of successfully injected events. As such program behaviors are critical to mobile security, the choice of IR is crucial during software security testing. In our experiment, we developed an event-based comparative scheme, and conducted a comprehensive empirical study. Statistical comparison of the three IRs’ program behaviors shows that SMALI behaves closest to the original applications and hence is the most suitable for software security testing as the most accurate alternative to the original Java source code (which is usually not publicly available).

Disciplines :

Computer science

Author, co-author :

Arnatovich, Yauhen Leanidavich; Nanyang Technological University > Infinitus, Infocomm Centre of Excellence

Tan, Hee Beng Kuan; Nanyang Technological University > School of Electrical and Electronic Engineering

Shar, Lwin Khin ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Language :

English

Title :

Empirical Comparison of Intermediate Representations for Android Applications

Publication date :

03 July 2014

Event name :

26th International Conference on Software Engineering and Knowledge Engineering

Event place :

Vancouver, Canada

Event date :

01-07-2014 TO 03-07-2014

Audience :

International

Main work title :

26th International Conference on Software Engineering and Knowledge Engineering

Peer reviewed :

Peer reviewed

Available on ORBilu :

since 28 October 2014

Statistics

Number of views

133 (17 by Unilu)

Number of downloads

2 (2 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Android security related tools. http://ashishb.net/security/androidsecurity-related-tools/, 2013. Accessed: 08-Mar-2014.
Soot: a Java Optimization Framework. http://www.sable.mcgill.ca/soot/, 2008. Accessed: 08-Mar-2014.
Analyzer and Disassembler for Java class files. http://classfileanalyzer.javaseiten.de/, 2008. Accessed: 08-Mar-2014.
L. Batyuk, M. Herpich, S. A. Camtepe, K. Raddatz, A. Schmidt, S. Albayrak, "Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications," in 6th Intern. Conf. MALWARE'11, pp. 66-72, IEEE, 2011.
C. Zheng, S. X. Zhu, S. F. Dai, G. F. Gu, X. R. Gong, X. H. Han, W. Zou, "Smart Droid: an automatic system for revealing UI-based trigger conditions in android applications," in Proc. SPSM'12, pp. 93-104, 2012.
Smali: An assembler/disassembler for Android's dex format. https://code.google.com/p/smali/, 2009. Accessed: 08-Mar-2014.
J. Hoffmann, M. Ussath, T. Holz, M. Spreitzenbarth, "Slicing droids: program slicing for smali code," in Proc. SAC'13, pp. 1844-1851, 2013.
R. Johnson, Z. H. Wang, C. Gagnon, A. Stavrou, "Analysis of Android Applications' Permissions," in 6th Intern. Conf. SERE-C'12, pp. 45-46, IEEE, 2012.
V. Rastogi, Y. Chen, X. Jiang, "Droid Chameleon: evaluating Android anti-malware against transformation attacks," in Proc. CCS'13, pp. 329-334, 2013.
Jasmin - Java Assembler Interface. http://jasmin.sourceforge.net/about.html, 1996. Accessed: 08-Mar-2014.
A. Bartel, J. Klein, Y. Le Traon, M. Monperrus, "Dexpler: Converting Android Dalvik Bytecode to Jimple for Static Analysis with Soot," in Proc. SOAP'12, pp. 27-38, 2012.
R. Vallée-Rai, E. Gagnon, L. Hendren, P. Lam, P. Pominville, V. Sundaresan, "Optimizing Java bytecode using the Soot framework: Is it feasible?," in Compiler Construction, Springer Berlin Heidelberg, pp. 18-34, 2000.
R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, V. Sundaresan, "Soot: a Java bytecode optimization framework," in CASCON'10, pp. 214-224, IBM Corp., 2010.
R. Vallee-Rai, L. J. Hendren, Jimple: Simplifying Java Bytecode for Analyses and Transformations. Sable Research Group, McGill University, 1998.
P. Parízek, O. Šerý, J. Kofroň, P. Jančík, Soot Framework. Faculty of Mathematics and Physics, Charles University in Prague, 2013.
D. Bornstein, Dalvik VM Internals. Google, 2008.
D. Ehringer, The Dalvik virtual machine architecture. Technical report, Google, 2010.
J. Huang, Understanding the Dalvik Virtual Machine. Developer, 0xlab, 2012.
Android Debug Bridge, Android Developers. http://developer.android.com/tools/help/adb.html, 2009. Accessed: 08-Mar-2014.
M. Gargenta, Learning Android. O'Reilly Media, Inc., 2011.
Soot: A Java optimization framework. https://github.com/Sable/soot, 2014. Accessed: 08-Mar-2014.
S. Christey, The Infinite Monkey Protocol Suite (IMPS). RFC Editor, United States, 2000.
N. Nyman, Using Monkey Test Tools. Software Testing & Quality Engineering, 2000.
UI/Application Exerciser Monkey, Android Developers. http://developer.android.com/tools/help/monkey.html, 2009. Accessed: 08-Mar-2014.
W. J. Conover, Practical Nonparametric Statistic, 3rd ed., John Wiley & Sons, Inc., 1999.
D. J. Sheskin, Handbook of Parametric and Nonparametric Statistical Procedures, 3rd ed., Taylor & Francis, 2003.
A. Marcus, J. I. Maletic, "Identification of high-level concept clones in source code," in Proc. ASE'01, pp. 107-114, IEEE, 2001.
A. T. T. Ying, G. C. Murphy, R. Ng, M. C. Chu-Carroll, "Predicting source code changes by mining change history," IEEE Trans. Software Eng., vol. 30, no. 9, pp. 574-586, 2004.
T. Eisenbarth, R. Koschke, D. Simon, "Locating features in source code," IEEE Trans. Software Eng., vol. 29, no. 3, pp. 210-224, 2003.
M. W. Godfrey, L. Zou, "Using origin analysis to detect merging and splitting of source code entities," IEEE Trans. Software Eng., vol. 31, no. 2, pp. 166-181, 2005.