Boosting Static Analysis of Android Apps through Code Instrumentation

Li, Li

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Boosting Static Analysis of Android Apps through Code Instrumentation

Li, Li

2016 • In The Doctoral Symposium of 38th International Conference on Software Engineering (ICSE-DS 2016)

Peer reviewed

Permalink
https://hdl.handle.net/10993/26823

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

article.pdf

Author preprint (251.83 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Abstract :

[en] Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis.

Research center :

SnT

Disciplines :

Computer science

Author, co-author :

Li, Li ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

Language :

English

Title :

Boosting Static Analysis of Android Apps through Code Instrumentation

Publication date :

May 2016

Event name :

The Doctoral Symposium of 38th International Conference on Software Engineering (ICSE-DS 2016)

Event date :

from 14-05-2016 to 22-05-2016

Audience :

International

Main work title :

The Doctoral Symposium of 38th International Conference on Software Engineering (ICSE-DS 2016)

Peer reviewed :

Peer reviewed

Name of the research project :

AndroMap C13/IS/5921289

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 19 April 2016

Statistics

Number of views

143 (6 by Unilu)

Number of downloads

751 (14 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

T. j. watson libraries for analysis, Aug. 2014. http://wala. sourceforge. net
Chris Allan, Pavel Avgustinov, Aske Simon Christensen, Bruno Dufour, Christopher Goard, Laurie Hendren, Sascha Kuzins, Jennifer Lhoták, Ondrej Lhoták, Oege de Moor, et al. abc: the aspectbench compiler for aspectj. In OOPSLA. ACM, 2005
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, ow,field, object-sensitive and lifecycle-aware taint analysis for android apps. In PLDI, 2014
Paulo Barros, Rene Just, Suzanne Millstein, Paul Vines, Werner Dietl, Marcelo d'Armorim, and Michael D. Ernst. Static analysis of implicit control ow: Resolving java reection and android intents. In ASE, 2015
Alexandre Bartel, Jacques Klein, Martin Monperrus, and Yves Le Traon. Dexpler: Converting android dalvik bytecode to jimple for static analysis with soot. In SOAP, 2012
Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. Taming reection: Aiding static analysis in the presence of reection and custom class loaders. In ICSE, pages 241-250. ACM, 2011
Mathias Braux and Jacques Noye. Towards partially evaluating reection in java. ACM SIGPLAN Notices, 34 (11): 2-11, 1999
William Klieber, Lori Flynn, Amar Bhosale, Limin Jia, and Lujo Bauer. Android taint ow analysis for app sets. In SOAP, pages 1-6. ACM, 2014
Patrick Lam, Eric Bodden, Ondrej Lhoták, and Laurie Hendren. The soot framework for java program analysis: a retrospective. In CETUS, 2011
Ond-rej Lhoták and Laurie Hendren. Scaling java points-to analysis using spark. In CC, 2003
Li Li, Kevin Allix, Daoyuan Li, Alexandre Bartel, Tegawende F Bissyande, and Jacques Klein. Potential Component Leaks in Android Apps: An Investigation into a new Feature Set for Malware Detection. In QRS, 2015
Li Li, Alexandre Bartel, Tegawende F Bissyande, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In ICSE, 2015
Li Li, Alexandre Bartel, Jacques Klein, and Yves Le Traon. Automatically exploiting potential component leaks in android applications. In TrustCom, 2014
Li Li, Tegawende Bissyande, Damien Octeau, and Jacques Klein. Droidra: Taming reection to support whole-program analysis of android apps. 2015
Li Li, Daoyuan Li, Alexandre Bartel, Tegawende F Bissyande, Jacques Klein, and Yves Le Traon. Towards a generic framework for automating extensive analysis of android applications. In SAC, 2016
Benjamin Livshits, John Whaley, and Monica S Lam. Reection analysis for java. In APLAS. 2005
Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. Composite constant propagation: Application to android inter-component communication analysis. In ICSE, 2015
Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In USENIX Security, 2013
Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. Amandroid: A precise and general inter-component data ow analysis framework for security vetting of android apps. In CCS, 2014
Mu Zhang and Heng Yin. AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications. In NDSS, 2014.