Reference : DroidRA: Taming Reflection to Support Whole-Program Analysis of Android Apps
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/27761
DroidRA: Taming Reflection to Support Whole-Program Analysis of Android Apps
English
Li, Li mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Octeau, Damien []
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
Jul-2016
The 2016 International Symposium on Software Testing and Analysis
Yes
No
International
The 2016 International Symposium on Software Testing and Analysis (ISSTA 2016)
from 18-07-2016 to 20-07-2016
[en] Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentation-based approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results.
Researchers ; Professionals ; Students ; General public ; Others
http://hdl.handle.net/10993/27761

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
li2016droidra.pdfAuthor preprint802.06 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.