Towards a Generic Framework for Automating Extensive Analysis of Android Applications

Li, Li; Li, Daoyuan; BARTEL, Alexandre; Bissyande, Tegawendé François D Assise; Klein, Jacques; Le Traon, Yves

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Towards a Generic Framework for Automating Extensive Analysis of Android Applications

Li, Li; Li, Daoyuan; BARTEL, Alexandre et al.

2016 • In The 31st ACM/SIGAPP Symposium on Applied Computing (SAC 2016)

Peer reviewed

Permalink
https://hdl.handle.net/10993/26632

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

article.pdf

Author preprint (300.83 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Android; Static Analysis; Generic Framework; Apkpler

Abstract :

[en] Despite much effort in the community, the momentum of Android research has not yet produced complete tools to perform thorough analysis on Android apps, leaving users vulnerable to malicious apps. Because it is hard for a single tool to efficiently address all of the various challenges of Android programming which make analysis difficult, we propose to instrument the app code for reducing the analysis complexity, e.g., transforming a hard problem to a easy-resolvable one. To this end, we introduce in this paper Apkpler, a plugin-based framework for supporting such instrumentation. We evaluate Apkpler with two plugins, demonstrating the feasibility of our approach and showing that Apkpler can indeed be leveraged to reduce the analysis complexity of Android apps.

Research center :

SnT

Disciplines :

Computer science

Author, co-author :

Li, Li ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Li, Daoyuan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

BARTEL, Alexandre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Bissyande, Tegawendé François D Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Klein, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)

Le Traon, Yves ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

yes

Language :

English

Title :

Towards a Generic Framework for Automating Extensive Analysis of Android Applications

Publication date :

April 2016

Event name :

The 31st ACM/SIGAPP Symposium on Applied Computing (SAC 2016)

Event date :

from 04-04-2016 to 08-04-2016

Audience :

International

Main work title :

The 31st ACM/SIGAPP Symposium on Applied Computing (SAC 2016)

Peer reviewed :

Peer reviewed

Name of the research project :

AndroMap C13/IS/5921289

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 12 April 2016

Statistics

Number of views

189 (10 by Unilu)

Number of downloads

376 (6 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Steven Arzt, Siegfried Rasthofer, and Eric Bodden. Instrumenting android and java applications as easy as abc. In RV, 2013.
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In PLDI, 2014.
Alexandre Bartel, Jacques Klein, Martin Monperrus, and Yves Le Traon. Dexpler: Converting android dalvik bytecode to jimple for static analysis with soot. In SOAP, 2012.
Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In ICSE, 2011.
Parvez Faruki, Shweta Bhandari, Vijay Laxmi1 Manoj Gaur, and Mauro Conti. Droidanalyst: Synergic app framework for static and dynamic app analysis. 2015.
Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen. Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. In TRUST, 2012.
Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. The soot framework for java program analysis: a retrospective. In CETUS 2011.
Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, and Yves Le Traon. ApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis. In IFIP SEC, 2015.
Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In ICSE, 2015.
Li Li, Alexandre Bartel, Jacques Klein, and Yves Le Traon. Automatically exploiting potential component leaks in android applications. In TrustCom, 2014.
Li Li, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. An Investigation into the Use of Common Libraries in Android Apps. In Technique Report, 2015.
Jeremy Ludwig, Robert Richards, Bart Presnell, and Dan Fu. A general framework for developing training apps on android devices. In I/ITSEC, 2012.
Damien Octeau, Somesh Jha, and Patrick McDaniel. Retargeting android applications to java bytecode. In FSE, 2012.
Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. Composite constant propagation: Application to android inter-component communication analysis. In ICSE, 2015.
Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In USENIX Security, 2013.
Martin Rinard. Analysis of multithreaded programs. In Static Analysis, pages 1-19. Springer, 2001.
Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In CCS, 2014.
Mu Zhang and Heng Yin. Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications. In NDSS, 2014.
Yajin Zhou and Xuxian Jiang. Dissecting android malware: Characterization and evolution. In S&P, 2012.