iBet uBet web content aggregator. Adding the entire web to your favor.

Link to original content: https://doi.org/10.1145/2771284.2771288

Droidel: a general approach to Android framework modeling | Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis

research-article

Droidel: a general approach to Android framework modeling

Authors:

Sam Blackshear,

Alexandra Gendreau,

Bor-Yuh Evan ChangAuthors Info & Claims

SOAP 2015: Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis

Pages 19 - 25

https://doi.org/10.1145/2771284.2771288

Published: 14 June 2015 Publication History

Abstract

We present an approach and tool for general-purpose modeling of Android for static analysis. Our approach is to explicate the reflective bridge between the Android framework and an application to make the framework source amenable to static analysis. Our Droidel tool does this by automatically generating application-specific stubs that summarize the reflective behavior for a particular app. The result is a program with a single entry-point that can be processed by any existing Java analysis platform (e.g., Soot, WALA, Chord). We compared call graphs constructed using Droidel to call graphs constructed using a state-of-the-art Android model and found that Droidel captures more concrete behaviors.

References

[1]

Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Salvatore De Carmine, and Atif M. Memon. Using GUI ripping for automated testing of Android applications. In Automated Software Engineering (ASE), 2012.

Digital Library

[2]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Programming Language Design and Implementation (PLDI), 2014.

Digital Library

[3]

Tanzirul Azim and Iulian Neamtiu. Targeted and depth-first exploration for systematic testing of Android apps. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 2013.

Digital Library

[4]

David F. Bacon and Peter F. Sweeney. Fast static analysis of C++ virtual function calls. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 1996.

Digital Library

[5]

Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders. In International Conference on Software Engineering (ICSE), 2011.

Digital Library

[6]

Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. Analyzing inter-application communication in Android. In Mobile Systems, Applications, and Services (MobiSys), 2011.

Digital Library

[7]

Yu Feng, Saswat Anand, Isil Dillig, and Alex Aiken. Apposcopy: Semantics-based detection of Android malware through static analysis. In Foundations of Software Engineering (FSE), 2014.

Digital Library

[8]

Adam P. Fuchs, Avik Chaudhuri, and Jeffrey S. Foster. SCanDroid: Automated security certification of Android applications. Technical Report CS-TR-4991, University of Maryland, College Park, 2009.

[9]

Michael I. Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilham, Nguyen Nguyen, and Martin Rinard. Information-flow analysis of Android applications in DroidSafe. In Network and Distributed System Security (NDSS), 2015.

[10]

Yue Li, Tian Tan, Yulei Sui, and Jingling Xue. Self-inferencing reflection resolution for Java. In Object-Oriented Programming (ECOOP), 2014.

Digital Library

[11]

Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondrej Lhoták, José Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis. In defense of soundiness: a manifesto. Commun. ACM, 58(2), 2015.

Digital Library

[12]

Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. CHEX: statically vetting Android apps for component hijacking vulnerabilities. In Computer and Communications Security (CCS), 2012.

Digital Library

[13]

Aravind Machiry, Rohan Tahiliani, and Mayur Naik. Dynodroid: an input generation system for Android apps. In European Software Engineering Conference and Foundations of Software Engineering (ESEC/FSE), 2013.

Digital Library

[14]

Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis. In USENIX Security, 2013.

Digital Library

[15]

Atanas Rountev and Dacong Yan. Static reference analysis for GUI objects in Android software. In Code Generation and Optimization (CGO), 2014.

Digital Library

[16]

Yannis Smaragdakis, George Kastrinis, George Balatsouras, and Martin Bravenboer. More sound static handling of Java reflection. Technical report, 2014.

[17]

Vijay Sundaresan, Laurie J. Hendren, Chrislain Razafimahefa, Raja Vallée-Rai, Patrick Lam, Etienne Gagnon, and Charles Godin. Practical virtual method call resolution for Java. In Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 2000.

Digital Library

[18]

Shengqian Yang, Dacong Yan, Haowei Wu, Yan Wang, and Atanas Rountev. Static control-flow analysis of user-driven callbacks in Android applications. In International Conference on Software Engineering (ICSE), 2015.

Digital Library

[19]

Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, and Wei Zou. SmartDroid: an automatic system for revealing UI-based trigger conditions in Android applications. In Security and Privacy in Smartphones and Mobile Devices (SPSM@CCS), 2012.

Digital Library

[20]

Introduction Overview: Modeling Versus Explicating Design and Implementation of Droidel Designing Droidel for General Usability Implementation Empirical Evaluation Related Work Conclusion

Cited By

Samhi JJust RBissyandé TErnst MKlein JChristakis MPradel M(2024)Call Graph Soundness in Android Static AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680333(945-957)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680333
Meier SMover SKaki GChang B(2023)Historia: Refuting Callback Reachability with Message-History LogicsProceedings of the ACM on Programming Languages10.1145/36228657:OOPSLA2(1905-1934)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622865
Luo LPiskachev GKrishnamurthy RDolby JBodden ESchäf M(2023)Model Generation For Java Frameworks2023 IEEE Conference on Software Testing, Verification and Validation (ICST)10.1109/ICST57152.2023.00024(165-175)Online publication date: Apr-2023
https://doi.org/10.1109/ICST57152.2023.00024
Show More Cited By

Index Terms

Droidel: a general approach to Android framework modeling

Recommendations

DroidRA: taming reflection to support whole-program analysis of Android apps
ISSTA 2016: Proceedings of the 25th International Symposium on Software Testing and Analysis

Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective ...
On the unsoundness of static analysis for Android GUIs
SOAP 2016: Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis

Android software presents exciting new challenges for the static analysis community. However, static analyses for Android are typically unsound. This is due to the lack of specification of the Android framework, the continuous evolution of framework ...
HybriDroid: static analysis framework for Android hybrid applications
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Mobile applications (apps) have long invaded the realm of desktop apps, and hybrid apps become a promising solution for supporting multiple mobile platforms. Providing both platform-specific functionalities via native code like native apps and user ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SOAP 2015: Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis

June 2015

30 pages

ISBN:9781450335850

DOI:10.1145/2771284

Program Chairs:
Anders Møller,
Mayur Naik

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

PLDI '15

Sponsor:

SIGPLAN

PLDI '15: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 14, 2015

OR, Portland, USA

Acceptance Rates

Overall Acceptance Rate 11 of 11 submissions, 100%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
248
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Samhi JJust RBissyandé TErnst MKlein JChristakis MPradel M(2024)Call Graph Soundness in Android Static AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680333(945-957)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680333
Meier SMover SKaki GChang B(2023)Historia: Refuting Callback Reachability with Message-History LogicsProceedings of the ACM on Programming Languages10.1145/36228657:OOPSLA2(1905-1934)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622865
Luo LPiskachev GKrishnamurthy RDolby JBodden ESchäf M(2023)Model Generation For Java Frameworks2023 IEEE Conference on Software Testing, Verification and Validation (ICST)10.1109/ICST57152.2023.00024(165-175)Online publication date: Apr-2023
https://doi.org/10.1109/ICST57152.2023.00024
Chen MTu TZhang HWen QWang W(2022)Jasmine: A Static Analysis Framework for Spring Core TechnologiesProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3556910(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3556910
Luo LSpinellis DGousios GChechik MDi Penta M(2021)A general approach to modeling Java framework behaviorsProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3473489(1680-1682)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3473489
Wang JWu YZhou GYu YGuo ZXiong YDevanbu PCohen MZimmermann T(2020)Scaling static taint analysis to industrial SOA applications: a case study at AlibabaProceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3368089.3417059(1477-1486)Online publication date: 8-Nov-2020
https://dl.acm.org/doi/10.1145/3368089.3417059
Toman JGrossman D(2019)Concerto: a framework for combined concrete and abstract interpretationProceedings of the ACM on Programming Languages10.1145/32903563:POPL(1-29)Online publication date: 2-Jan-2019
https://dl.acm.org/doi/10.1145/3290356
Hu YNeamtiu I(2018)Static Detection of Event-based Races in Android AppsACM SIGPLAN Notices10.1145/3296957.317317353:2(257-270)Online publication date: 19-Mar-2018
https://dl.acm.org/doi/10.1145/3296957.3173173
Hu YNeamtiu IShen XTuck JBianchini RSarkar V(2018)Static Detection of Event-based Races in Android AppsProceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3173162.3173173(257-270)Online publication date: 19-Mar-2018
https://dl.acm.org/doi/10.1145/3173162.3173173
Fu XLee DJung CKnoop JSchordan MJohnson TO'Boyle M(2018)nAdroid: statically detecting ordering violations in Android applicationsProceedings of the 2018 International Symposium on Code Generation and Optimization10.1145/3168829(62-74)Online publication date: 24-Feb-2018
https://dl.acm.org/doi/10.1145/3168829
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents