Arzt, Steven ; Bodden, Eric (2016)
StubDroid: automatic inference of precise data-flow summaries for the android framework.
doi: 10.1145/2884781.2884816
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Smartphone users suffer from insufficient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library. In most cases, the existence of those models is taken for granted, despite the fact that the models are hard to come by: Given the size and evolution speed of a modern smartphone operating system it is prohibitively expensive to derive models manually from code or documentation. In this work, we therefore present StubDroid, the first fully automated approach for inferring precise and efficient library models for taint-analysis problems. StubDroid automatically constructs these summaries from a binary distribution of the library. In our experiments, we use StubDroid-inferred models to prevent the static taint analysis FlowDroid from having to re-analyze the Android runtime library over and over again for each analyzed app. As the results show, the models make it possible to analyze apps in seconds whereas most complete re-analyses would time out after 30 minutes. Yet, StubDroid yields comparable precision. In comparison to manually crafted summaries, StubDroid’s cause the analysis to be more precise and to use less time and memory.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2016 |
Autor(en): | Arzt, Steven ; Bodden, Eric |
Art des Eintrags: | Bibliographie |
Titel: | StubDroid: automatic inference of precise data-flow summaries for the android framework |
Sprache: | Deutsch |
Publikationsjahr: | Mai 2016 |
Verlag: | ACM |
(Heft-)Nummer: | 38 |
Buchtitel: | ICSE '16 Proceedings of the 38th International Conference on Software Engineering |
DOI: | 10.1145/2884781.2884816 |
Kurzbeschreibung (Abstract): | Smartphone users suffer from insufficient information on how commercial as well as malicious apps handle sensitive data stored on their phones. Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library. In most cases, the existence of those models is taken for granted, despite the fact that the models are hard to come by: Given the size and evolution speed of a modern smartphone operating system it is prohibitively expensive to derive models manually from code or documentation. In this work, we therefore present StubDroid, the first fully automated approach for inferring precise and efficient library models for taint-analysis problems. StubDroid automatically constructs these summaries from a binary distribution of the library. In our experiments, we use StubDroid-inferred models to prevent the static taint analysis FlowDroid from having to re-analyze the Android runtime library over and over again for each analyzed app. As the results show, the models make it possible to analyze apps in seconds whereas most complete re-analyses would time out after 30 minutes. Yet, StubDroid yields comparable precision. In comparison to manually crafted summaries, StubDroid’s cause the analysis to be more precise and to use less time and memory. |
Freie Schlagworte: | Static analysis, summary, library, framework model, model inference |
ID-Nummer: | TUD-CS-2016-14760 |
Fachbereich(e)/-gebiet(e): | Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) |
Hinterlegungsdatum: | 10 Aug 2017 15:29 |
Letzte Änderung: | 22 Jan 2019 11:17 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |