Reference : JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/49267
JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
English
Samhi, Jordan mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Gao, Jun mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Daoudi, Nadia mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Graux, Pierre mailto [University of Lille]
Hoyez, Henri mailto [Technische Universität Kaiserslautern]
Sun, Xiaoyu mailto [Monash University]
Allix, Kevin mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX >]
21-May-2022
44th International Conference on Software Engineering (ICSE 2022)
Yes
No
International
44th International Conference on Software Engineering (ICSE 2022)
from 21-05-2022 to 29-05-2022
Pittsburgh
United States of America
[en] Static Analysis ; Android Security ; Android code unification
[en] Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JuCify approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JuCify builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are ``unreachable'' in apps' call-graphs, both in goodware and malware. Using JuCify, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JuCify's model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JuCify we can find sensitive data leaks that pass through native code.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Trustworthy Software Engineering (TruX)
Fonds National de la Recherche - FnR
Researchers
http://hdl.handle.net/10993/49267
FnR ; FNR14596679 > Jordan Samhi > DIANA > Dissecting Android Applications Using Static Analysis > 01/03/2020 > 31/10/2023 > 2020

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
jucify_preprint.pdfAuthor preprint603.65 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.