The soot-based toolchain for analyzing Android apps
作者: Steven Arzt , Siegfried Rasthofer , Eric Bodden
DOI: 10.1109/MOBILESOFT.2017.2
关键词:
摘要: Due to the quality and security requirements that come with an always-on mobile device processing large amounts of highly sensitive information, Android apps are important target for automated program analysis. Yet, research on new approaches in this field often requires a significant amount work be spent engineering tasks not central concrete question at hand. These programming debugging can significantly delay progress field. We therefore argue greatly benefits from having universal platform readily usable components well-tested fundamental algorithms top which researchers build their own prototypes. Besides decreasing required effort each piece research, such also provides base comparing different within one uniform framework, thereby fostering comparability reproducibility. In paper, we present Soot framework analysis various integrated open-source tools built it were designed re-usability mind. artifacts already core many commercial projects worldwide. shared platform, results tool only used as inputs others, but individual data objects passed around form API prototypes ease.
acm.org
ieeecomputersociety.org参考文章(38)
Raja Vallee-Rai, Laurie Hendren, Jimple: Simplifying Java Bytecode for Analyses and Transformations ,(1998)
Ondřej Lhoták, Laurie Hendren, Scaling Java points-to analysis using SPARK compiler construction. pp. 153- 169 ,(2003) , 10.1007/3-540-36579-6_12
Siegfried Rasthofer, Steven Arzt, Max Kolhagen, Brian Pfretzschner, Stephan Huber, Eric Bodden, Philipp Richter, DroidSearch: A tool for scaling Android app triage to real-world app stores science and information conference. pp. 247- 256 ,(2015) , 10.1109/SAI.2015.7237151
Damien Octeau, Yves Le Traon, Eric Bodden, Alexandre Bartel, Patrick McDaniel, Jacques Klein, Somesh Jha, Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis usenix security symposium. pp. 543- 558 ,(2013)
Eric Bodden, Patrick Lam, Clara: partially evaluating runtime monitors at compile time tutorial supplement runtime verification. pp. 74- 88 ,(2010)
Ondrej Lhotak, Eric Bodden, Patrick Lam, Laurie Hendren, The Soot framework for Java program analysis: a retrospective ,(2011)
Daniel Luchaup, Damien Octeau, Patrick McDaniel, Somesh Jha, Matthew Dering, Composite constant propagation: application to Android inter-component communication analysis international conference on software engineering. ,vol. 1, pp. 77- 88 ,(2015) , 10.5555/2818754.2818767
Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, Guofei Jiang, CHEX Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 229- 240 ,(2012) , 10.1145/2382196.2382223
I Gordon Michael, Kim Deokhwan, H Perkins Jeff, Gilham Limei, Nguyen Nguyen, C Rinard Martin, None, Information-Flow Analysis of Android Applications in DroidSafe network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23089
Steffen Lortz, Heiko Mantel, Artem Starostin, Timo Bähr, David Schneider, Alexandra Weber, Cassandra: Towards a Certifying App Store for Android security and privacy in smartphones and mobile devices. pp. 93- 104 ,(2014) , 10.1145/2666620.2666631