wip classloader paper
This commit is contained in:
Jean-Marie Mineau
parent
6d9096e314
commit
c5e119e877
GPG key ID:
B66AEEDA9B645AD2
13 changed files with 3138 additions and 8 deletions
237
bibliography.bib
237
bibliography.bib
|
|
@ -680,3 +680,240 @@
|
|||
file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/RWT9CKBF/9425937.html:text/html;Mauthe et al. - 2021 - A Large-Scale Empirical Study of Android App Decom.pdf:/home/histausse/Zotero/storage/I8KKRIJV/Mauthe et al. - 2021 - A Large-Scale Empirical Study of Android App Decom.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@ARTICLE{9118907,
|
||||
author={Pan, Ya and Ge, Xiuting and Fang, Chunrong and Fan, Yong},
|
||||
journal={IEEE Access},
|
||||
title={A Systematic Literature Review of Android Malware Detection Using Static Analysis},
|
||||
year={2020},
|
||||
volume={8},
|
||||
number={},
|
||||
pages={116363-116379},
|
||||
keywords={Malware;Static analysis;Feature extraction;Analytical models;Bibliographies;Sensitivity;Systematics;Android malware detection;static analysis;systematic literature review},
|
||||
doi={10.1109/ACCESS.2020.3002842}}
|
||||
|
||||
@inproceedings{zhang2015dexhunter,
|
||||
author={Zhang, Yueqian and Luo, Xiapu and Yin, Haoyang},
|
||||
title={Dexhunter: toward extracting hidden code from packed android applications},
|
||||
booktitle={European Symposium on Research in Computer Security},
|
||||
number={20},
|
||||
address={Vienna, Austria},
|
||||
pages={293--311},
|
||||
month={nov},
|
||||
year={2015},
|
||||
publisher={Springer}
|
||||
}
|
||||
@inproceedings{liao2016automated,
|
||||
author={Liao, Yibin and Li, Jiakuan and Li, Bo and Zhu, Guodong and Yin, Yue and Cai, Ruoyan},
|
||||
title={Automated Detection and Classification for Packed Android Applications},
|
||||
booktitle={International Conference on Mobile Services},
|
||||
address={San Francisco, USA},
|
||||
pages={200--203},
|
||||
month={jun},
|
||||
year={2016},
|
||||
publisher={IEEE}
|
||||
}
|
||||
@inproceedings{xue2017adaptive,
|
||||
author={Xue, Lei and Luo, Xiapu and Yu, Le and Wang, Shuai and Wu, Dinghao},
|
||||
title={Adaptive unpacking of Android apps},
|
||||
booktitle={International Conference on Software Engineering},
|
||||
number={39},
|
||||
address={Buenos Aires, Argentina},
|
||||
pages={358--369},
|
||||
month={may},
|
||||
year={2017},
|
||||
publisher={IEEE}
|
||||
}
|
||||
@inproceedings{wong2018tackling,
|
||||
author={Wong, Michelle Y and Lie, David},
|
||||
title={Tackling runtime-based obfuscation in Android with TIRO},
|
||||
booktitle={USENIX Security Symposium},
|
||||
number={27},
|
||||
address={Baltimore, USA},
|
||||
pages={1247-1262},
|
||||
month={aug},
|
||||
year={2018},
|
||||
publisher={USENIX}
|
||||
}
|
||||
|
||||
|
||||
@article{Egele2012,
|
||||
title = {A survey on automated dynamic malware-analysis techniques and tools},
|
||||
volume = {44},
|
||||
issn = {03600300},
|
||||
doi = {10.1145/2089125.2089126},
|
||||
number = {2},
|
||||
journaltitle = {{ACM} Computing Surveys},
|
||||
author = {Egele, Manuel and Scholte, Theodoor and Kirda, Engin and Kruegel, Christopher},
|
||||
date = {2012},
|
||||
note = {{ISBN}: 0360-0300},
|
||||
file = {PDF:/home/jf/Zotero/storage/6FHSYVW2/Egele et al. - 2012 - A survey on automated dynamic malware-analysis techniques and tools.pdf:application/pdf},
|
||||
}
|
||||
|
||||
|
||||
|
||||
@inproceedings{Arzt2013,
|
||||
location = {Rennes, France},
|
||||
title = {Instrumenting Android and Java Applications as Easy as abc},
|
||||
volume = {8174},
|
||||
isbn = {978-3-642-40786-4},
|
||||
doi = {10.1007/978-3-642-40787-1_26},
|
||||
pages = {364--381},
|
||||
booktitle = {Fourth International Conference on Runtime Verification},
|
||||
publisher = {Springer Berlin Heidelberg},
|
||||
author = {Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric},
|
||||
date = {2013-09},
|
||||
note = {Series Title: {LNCS}},
|
||||
keywords = {★, security, dynamic analysis, android, java, runtime},
|
||||
file = {PDF:/home/jf/Zotero/storage/LPNNXEJI/Arzt, Rasthofer, Bodden - 2013 - Instrumenting Android and Java Applications as Easy as abc.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@inproceedings{mineau_evaluating_2024,
|
||||
location = {Limassol, Cyprus},
|
||||
title = {Evaluating the Reusability of Android Static Analysis Tools},
|
||||
volume = {{LNCS} 14614},
|
||||
rights = {All rights reserved},
|
||||
url = {http://dx.doi.org/10.1007/978-3-031-66459-5_10},
|
||||
doi = {10.1007/978-3-031-66459-5_10},
|
||||
series = {{LNCS}},
|
||||
shorttitle = {Rank B in {CORE}.},
|
||||
pages = {153--170},
|
||||
booktitle = {{ICSR} 2024 - 21st International Conference on Software and Systems Reuse},
|
||||
publisher = {Springer},
|
||||
author = {Mineau, Jean-Marie and Lalande, Jean-François},
|
||||
date = {2024-06},
|
||||
note = {Medium: {ICSR} 2024},
|
||||
}
|
||||
|
||||
|
||||
@inproceedings{Duan2018,
|
||||
title = {Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation},
|
||||
booktitle = {24th Annual Network and Distributed System Security Symposium},
|
||||
author = {Duan, Yue and Zhang, Mu and Bhaskar, Abhishek Vasisht and Yin, Heng and Pan, Xiaorui and Li, Tongxin and Wang, Xueqiang and Wang, Xiaofeng},
|
||||
date = {2018},
|
||||
note = {Issue: February},
|
||||
keywords = {★},
|
||||
file = {PDF:/home/jf/Zotero/storage/Y3TWNQKP/Duan et al. - 2018 - Things You May Not Know About Android (Un)Packers A Systematic Study based on Whole-System Emulation.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@article{he_systematic_2023,
|
||||
title = {A {Systematic} {Study} of {Android} {Non}-{SDK} ({Hidden}) {Service} {API} {Security}},
|
||||
volume = {20},
|
||||
issn = {1941-0018},
|
||||
url = {https://ieeexplore.ieee.org/abstract/document/9739878},
|
||||
doi = {10.1109/TDSC.2022.3160872},
|
||||
abstract = {Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce security checks for protection. Unfortunately, the security checks in the service helpers may be bypassed via directly exploiting the non-SDK (hidden) APIs, degrading the stability and posing severe security threats such as privilege escalation, automatic function execution without users’ interactions, crashes, and DoS attacks. Google has proposed various approaches to address this problem, e.g., case-by-case fixing the bugs or even proposing a blacklist to block all the non-SDK APIs. However, the developers can still figure out new ways of exploiting these hidden APIs to evade the non-SDKs restrictions. In this article, we systematically study the vulnerabilities due to the hidden API exploitation and analyze the effectiveness of Google’s countermeasures. We aim to answer if there are still vulnerable hidden APIs that can be exploited in newest Android 12. We develop a static analysis tool called {\textbackslash}sf ServiceAuditServiceAudit to automatically mine the inconsistent security enforcement between service helper classes and the hidden service APIs. We apply {\textbackslash}sf ServiceAuditServiceAudit to Android 6{\textbackslash}sim∼12. Our tool discovers 112 vulnerabilities in Android 6 with a higher precision than existing approaches. Moreover, in Android 11 and 12, we identify more than 25 hidden APIs with inconsistent protections; however, only one of the vulnerable APIs can lead to severe security problem in Android 11, and none of them work on Android 12.},
|
||||
number = {2},
|
||||
urldate = {2024-09-09},
|
||||
journal = {IEEE Transactions on Dependable and Secure Computing},
|
||||
author = {He, Yi and Gu, Yacong and Su, Purui and Sun, Kun and Zhou, Yajin and Wang, Zhi and Li, Qi},
|
||||
month = mar,
|
||||
year = {2023},
|
||||
note = {Conference Name: IEEE Transactions on Dependable and Secure Computing},
|
||||
keywords = {Security, Android, security, Internet, Smart phones, Static analysis, Codes, Sun, Blocklists, non-sdk API},
|
||||
pages = {1609--1623},
|
||||
file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/7U7WUIFL/9739878.html:text/html;Submitted Version:/home/histausse/Zotero/storage/74BN4HRJ/He et al. - 2023 - A Systematic Study of Android Non-SDK (Hidden) Service API Security.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@inproceedings{li_accessing_2016,
|
||||
title = {Accessing {Inaccessible} {Android} {APIs}: {An} {Empirical} {Study}},
|
||||
shorttitle = {Accessing {Inaccessible} {Android} {APIs}},
|
||||
url = {https://ieeexplore.ieee.org/abstract/document/7816486},
|
||||
doi = {10.1109/ICSME.2016.35},
|
||||
abstract = {As Android becomes a de-facto choice of development platform for mobile apps, developers extensively leverage its accompanying Software Development Kit to quickly build their apps. This SDK comes with a set of APIs which developers may find limited in comparison to what system apps can do or what framework developers are preparing to harness capabilities of new generation devices. Thus, developers may attempt to explore in advance the normally "inaccessible" APIs for building unique API-based functionality in their app. The Android programming model is unique in its kind. Inaccessible APIs, which however are used by developers, constitute yet another specificity of Android development, and is worth investigating to understand what they are, how they evolve over time, and who uses them. To that end, in this work, we empirically investigate 17 important releases of the Android framework source code base, and we find that inaccessible APIs are commonly implemented in the Android framework, which are further neither forward nor backward compatible. Moreover, a small set of inaccessible APIs can eventually become publicly accessible, while most of them are removed during the evolution, resulting in risks for such apps that have leveraged inaccessible APIs. Finally, we show that inaccessible APIs are indeed accessed by third-party apps, and the official Google Play store has tolerated the proliferation of apps leveraging inaccessible API methods.},
|
||||
urldate = {2024-09-09},
|
||||
booktitle = {2016 {IEEE} {International} {Conference} on {Software} {Maintenance} and {Evolution} ({ICSME})},
|
||||
author = {Li, Li and Bissyandé, Tegawendé F. and Le Traon, Yves and Klein, Jacques},
|
||||
month = oct,
|
||||
year = {2016},
|
||||
keywords = {Androids, Google, Humanoid robots, Software, Libraries, Runtime, Ecosystems},
|
||||
pages = {411--422},
|
||||
file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/WQ564CZA/7816486.html:text/html;PDF:/home/histausse/Zotero/storage/ZTDU84BY/Li et al. - 2016 - Accessing Inaccessible Android APIs An Empirical Study.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@article{tozawa_formalization_2002,
|
||||
title = {Formalization and {Analysis} of {Class} {Loading} in {Java}},
|
||||
volume = {15},
|
||||
issn = {1573-0557},
|
||||
url = {https://doi.org/10.1023/A:1019912130555},
|
||||
doi = {10.1023/A:1019912130555},
|
||||
abstract = {Since Java security relies on the type-safety of the JVM, many formal approaches have been taken in order to prove the soundness of the JVM. This paper presents a new formalization of the JVM and proves its soundness. It is the first model to employ dynamic linking and bytecode verification to analyze the loading constraint scheme of Java2. The key concept required for proving the soundness of the new model is augmented value typing, which is defined from ordinary value typing combined with the loading constraint scheme. In proving the soundness of the model, it is shown that there are some problems inside the current reference implementation of the JVM with respect to our model. We also analyze the findClass scheme, newly introduced in Java2. The same analysis also shows why applets cannot exploit the type-spoofing vulnerability reported by Saraswat, which led to the introduction of the loading constraint scheme.},
|
||||
language = {en},
|
||||
number = {1},
|
||||
urldate = {2024-04-30},
|
||||
journal = {Higher-Order and Symbolic Computation},
|
||||
author = {Tozawa, Akihiko and Hagiya, Masami},
|
||||
month = mar,
|
||||
year = {2002},
|
||||
keywords = {security, Java, class loading},
|
||||
pages = {7--55},
|
||||
file = {Tozawa and Hagiya - 2002 - Formalization and Analysis of Class Loading in Jav.pdf:/home/histausse/Zotero/storage/YCL3ULAF/Tozawa and Hagiya - 2002 - Formalization and Analysis of Class Loading in Jav.pdf:application/pdf},
|
||||
}
|
||||
|
||||
|
||||
@article{gong_secure_1998,
|
||||
title = {Secure {Java} class loading},
|
||||
volume = {2},
|
||||
issn = {1941-0131},
|
||||
url = {https://ieeexplore.ieee.org/abstract/document/735987},
|
||||
doi = {10.1109/4236.735987},
|
||||
abstract = {The class loading mechanism, central to Java, plays a key role in JDK 1.2 by enabling an improved security policy that is permission-based and extensible. The author concludes that JDK 1.2 has introduced a powerful and secure class loading mechanism. It not only enforces type safety and name space separation but also has a significant role in the new security architecture that supports fine grained, permission based access control. The new class loading mechanism's flexibility-through its delegation scheme and the rich set of class loader classes-gives Java applications and applets greater freedom to customize and specify how, when, and from where classes are loaded. Because the class loading mechanism is central to both the correctness and the security of the Java runtime system, we would like to model and define this mechanism, perhaps in a formal verification system. We can then obtain a formal specification and prove (or disprove) that the mechanism as currently designed is sufficient for security.},
|
||||
number = {6},
|
||||
urldate = {2024-04-30},
|
||||
journal = {IEEE Internet Computing},
|
||||
author = {Gong, Li},
|
||||
month = nov,
|
||||
year = {1998},
|
||||
note = {Conference Name: IEEE Internet Computing},
|
||||
keywords = {Internet, Java, File systems, Access control, Computer architecture, Computer security, Layout, Permission, Public key, Sun},
|
||||
pages = {56--61},
|
||||
file = {Gong - 1998 - Secure Java class loading.pdf:/home/histausse/Zotero/storage/4REG3E94/Gong - 1998 - Secure Java class loading.pdf:application/pdf;IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/5D7Z3JNH/735987.html:text/html},
|
||||
}
|
||||
|
||||
@article{liang_dynamic_1998,
|
||||
title = {Dynamic class loading in the {Java} virtual machine},
|
||||
volume = {33},
|
||||
issn = {0362-1340},
|
||||
url = {https://dl.acm.org/doi/10.1145/286942.286945},
|
||||
doi = {10.1145/286942.286945},
|
||||
abstract = {Class loaders are a powerful mechanism for dynamically loading software components on the Java platform. They are unusual in supporting all of the following features: laziness, type-safe linkage, user-defined extensibility, and multiple communicating namespaces.We present the notion of class loaders and demonstrate some of their interesting uses. In addition, we discuss how to maintain type safety in the presence of user-defined dynamic class loading.},
|
||||
number = {10},
|
||||
urldate = {2024-10-15},
|
||||
journal = {SIGPLAN Not.},
|
||||
author = {Liang, Sheng and Bracha, Gilad},
|
||||
month = oct,
|
||||
year = {1998},
|
||||
pages = {36--44},
|
||||
file = {Full Text PDF:/home/histausse/Zotero/storage/5N43QJ69/Liang and Bracha - 1998 - Dynamic class loading in the Java virtual machine.pdf:application/pdf},
|
||||
}
|
||||
|
||||
|
||||
@inproceedings{zhou_dynamic_2022,
|
||||
title = {Dynamic {Class} {Generating} and {Loading} {Technology} in {Android} {Web} {Application}},
|
||||
url = {https://ieeexplore.ieee.org/abstract/document/9851782},
|
||||
doi = {10.1109/ISNCC55209.2022.9851782},
|
||||
abstract = {Google’s android operating system has been widely used since being released, and occupies a major share of the market in the field of mobile computation. In Android, user applications mostly run in the dalvik virtual machine (DVM) due to the copyrights. The byte codes that the DVM use are different from the java virtual machine (JVM), so the class files that conform to the Java specification can’t be loaded and executed directly in android. Based on the analysis of the class loading mechanism of DVM and JVM, this paper proposes the dynamic class generating and loading mechanism in Android with existing technologies. The mechanism solves the compatibility problem caused by the differences of class file byte code, and extends the thought of ‘written once, run anywhere’. Two simple applications demonstrate the validity and effectiveness of the technology.},
|
||||
urldate = {2024-04-30},
|
||||
booktitle = {2022 {International} {Symposium} on {Networks}, {Computers} and {Communications} ({ISNCC})},
|
||||
author = {Zhou, Wenwen and Yongzhi, Yang and Wang, Jiejuan},
|
||||
month = jul,
|
||||
year = {2022},
|
||||
keywords = {android, Java, Smart phones, dynamic, Loading, byte code, class load, Codes, compatibility, Computers, dalvik, java virtual machine, Operating systems, Virtual machining},
|
||||
pages = {1--6},
|
||||
file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/ZR9MJBAG/9851782.html:text/html;Zhou et al. - 2022 - Dynamic Class Generating and Loading Technology in.pdf:/home/histausse/Zotero/storage/5X4AAR9N/Zhou et al. - 2022 - Dynamic Class Generating and Loading Technology in.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@inproceedings{kriz_provisioning_2015,
|
||||
title = {Provisioning of application modules to {Android} devices},
|
||||
url = {https://ieeexplore.ieee.org/abstract/document/7129009},
|
||||
doi = {10.1109/RADIOELEK.2015.7129009},
|
||||
abstract = {The Google Android platform supports provisioning of packaged applications to an Android device. However, an existing approach requires user's interaction during the installation of a new application or its modules. We present a new approach to dynamic modules loading which enables provisioning of new modules to Android device dynamically without the interaction with the user. It will allow complex applications to adapt to the surrounding conditions and requirements of the user by downloading additional code from a server or a neighboring peer device. In our solution we propose to replace the default application class-loader with a custom one while employing some existing mechanisms of class-loading from APK packages at the Android platform.},
|
||||
urldate = {2024-04-30},
|
||||
booktitle = {2015 25th {International} {Conference} {Radioelektronika} ({RADIOELEKTRONIKA})},
|
||||
author = {Kriz, Pavel and Maly, Filip},
|
||||
month = apr,
|
||||
year = {2015},
|
||||
keywords = {Android, Androids, Humanoid robots, Java, Mobile handsets, Servers, Loading, class loading, Java Reflection API, m-client, modular application, Reflection},
|
||||
pages = {423--426},
|
||||
file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/QEQLZHMD/7129009.html:text/html;Kriz and Maly - 2015 - Provisioning of application modules to Android dev.pdf:/home/histausse/Zotero/storage/8GRUYQLQ/Kriz and Maly - 2015 - Provisioning of application modules to Android dev.pdf:application/pdf},
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue