Forced-Path Execution for Android Applications on x86 Platforms
作者: Ryan Johnson , Angelos Stavrou
关键词:
摘要: We present a code analysis framework that performs scalable forced-path execution of Android applications in commodity hardware. Our goal is to reveal the full application functional behavior for large commercial without access source code. do so by identifying blocks and API calls are deemed sensitive provide security report an analyst regarding functionality under inspection. show our approach allowing each software component numerous instances modules. Each instance exercises different path through call-graph leading state space coverage exposing any hidden or unwanted functionality. The output list calls, parameter values, call graphs, control flow graphs. how this can be leveraged automated policy enforcement runtime
sci-hub.se 参考文章(20)
Zhaohui Wang, Ryan Johnson, Rahul Murmuria, Angelos Stavrou, Exposing Security Risks for Commercial Mobile Devices Lecture Notes in Computer Science. pp. 3- 21 ,(2012) , 10.1007/978-3-642-33704-8_2
David A. Molnar, Michael Y. Levin, Patrice Godefroid, Automated Whitebox Fuzz Testing. network and distributed system security symposium. ,(2008)
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, Heng Yin, Automatically Identifying Trigger-based Behavior in Malware Botnet Detection. pp. 65- 88 ,(2008) , 10.1007/978-0-387-68768-1_4
Ryan Johnson, Zhaohui Wang, Corey Gagnon, Angelos Stavrou, Analysis of Android Applications' Permissions 2012 IEEE Sixth International Conference on Software Security and Reliability Companion. pp. 45- 46 ,(2012) , 10.1109/SERE-C.2012.44
Iker Burguera, Urko Zurutuza, Simin Nadjm-Tehrani, Crowdroid Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11. pp. 15- 26 ,(2011) , 10.1145/2046614.2046619
Thomas Bläsing, Leonid Batyuk, Aubrey-Derrick Schmidt, Seyit Ahmet Camtepe, Sahin Albayrak, An Android Application Sandbox system for suspicious software detection international conference on malicious and unwanted software. pp. 55- 62 ,(2010) , 10.1109/MALWARE.2010.5665792
D.M. Cohen, S.R. Dalal, J. Parelius, G.C. Patton, The combinatorial design approach to automatic test generation IEEE Software. ,vol. 13, pp. 83- 88 ,(1996) , 10.1109/52.536462
P. Oehlert, Violating assumptions with fuzzing ieee symposium on security and privacy. ,vol. 3, pp. 58- 62 ,(2005) , 10.1109/MSP.2005.55
Randal E. Bryant, Symbolic Boolean manipulation with ordered binary-decision diagrams ACM Computing Surveys. ,vol. 24, pp. 293- 318 ,(1992) , 10.1145/136035.136043
Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, David Wagner, Android permissions: user attention, comprehension, and behavior symposium on usable privacy and security. pp. 3- ,(2012) , 10.1145/2335356.2335360