This commit is contained in:
Jean-Marie Mineau
parent
19286eba61
commit
eb35d092ac
GPG key ID:
B66AEEDA9B645AD2
10 changed files with 170 additions and 43 deletions
|
|
@ -1234,3 +1234,66 @@ month = aug
|
|||
file = {Full Text PDF:/home/histausse/Zotero/storage/I6H4B9IU/Mayrhofer et al. - 2021 - The Android Platform Security Model.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@article{dexlego,
|
||||
title = {{DexLego}: {Reassembleable} bytecode extraction for aiding static analysis},
|
||||
doi = {10.1109/DSN.2018.00075},
|
||||
abstract = {The scale of Android applications in the market is growing rapidly. To efficiently detect the malicious behavior in these applications, an array of static analysis tools are proposed. However, static analysis tools suffer from code hiding techniques like packing, dynamic loading, self modifying, and reflection. In this paper, we thus present DexLego, a novel system that performs a reassembleable bytecode extraction for aiding static analysis tools to reveal the malicious behavior of Android applications. DexLego leverages just-in-time collection to extract data and bytecode from an application at runtime, and reassembles them to a new Dalvik Executable (DEX) file offline. The experiments on DroidBench and real-world applications show that DexLego correctly reconstructs the behavior of an application in the reassembled DEX file, and significantly improves analysis result of the existing static analysis systems.},
|
||||
journal = {Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018},
|
||||
author = {Ning, Zhenyu and Zhang, Fengwei},
|
||||
year = {2018},
|
||||
note = {Publisher: IEEE
|
||||
ISBN: 9781538655955},
|
||||
keywords = {★, Android, application analysis, dynamic analysis, self modifying code, static analysis, unpacking},
|
||||
pages = {690--701},
|
||||
file = {PDF:/home/histausse/Zotero/storage/2ZHQJGWG/Ning, Zhang - 2018 - DexLego Reassembleable bytecode extraction for aiding static analysis.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@inproceedings{samhi_jucify_2022,
|
||||
address = {New York, NY, USA},
|
||||
series = {{ICSE} '22},
|
||||
title = {{JuCify}: a step towards {Android} code unification for enhanced static analysis},
|
||||
isbn = {978-1-4503-9221-1},
|
||||
shorttitle = {{JuCify}},
|
||||
url = {https://dl.acm.org/doi/10.1145/3510003.3512766},
|
||||
doi = {10.1145/3510003.3512766},
|
||||
abstract = {Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JuCify approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JuCify builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are "unreachable" in apps' call-graphs, both in goodware and malware. Using JuCify, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JuCify's model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JuCify we can find sensitive data leaks that pass through native code.},
|
||||
urldate = {2023-03-27},
|
||||
booktitle = {Proceedings of the 44th {International} {Conference} on {Software} {Engineering}},
|
||||
publisher = {Association for Computing Machinery},
|
||||
author = {Samhi, Jordan and Gao, Jun and Daoudi, Nadia and Graux, Pierre and Hoyez, Henri and Sun, Xiaoyu and Allix, Kevin and Bissyandé, Tegawendé F. and Klein, Jacques},
|
||||
month = jul,
|
||||
year = {2022},
|
||||
pages = {1232--1244},
|
||||
file = {Samhi et al. - 2022 - JuCify a step towards Android code unification fo.pdf:/home/histausse/Zotero/storage/ML7EEFWX/Samhi et al. - 2022 - JuCify a step towards Android code unification fo.pdf:application/pdf},
|
||||
}
|
||||
|
||||
@INPROCEEDINGS{angrPeople,
|
||||
author={Shoshitaishvili, Yan and Wang, Ruoyu and Salls, Christopher and Stephens, Nick and Polino, Mario and Dutcher, Andrew and Grosen, John and Feng, Siji and Hauser, Christophe and Kruegel, Christopher and Vigna, Giovanni},
|
||||
booktitle={2016 IEEE Symposium on Security and Privacy (SP)},
|
||||
title={SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis},
|
||||
year={2016},
|
||||
volume={},
|
||||
number={},
|
||||
pages={138-157},
|
||||
keywords={Computer bugs;Semantics;Security;Binary codes;Engines;Operating systems;attacks and defenses;security architectures;system security},
|
||||
doi={10.1109/SP.2016.17}
|
||||
}
|
||||
|
||||
@inproceedings{li_droidra_2016,
|
||||
address = {New York, NY, USA},
|
||||
series = {{ISSTA} 2016},
|
||||
title = {{DroidRA}: taming reflection to support whole-program analysis of {Android} apps},
|
||||
isbn = {978-1-4503-4390-9},
|
||||
shorttitle = {{DroidRA}},
|
||||
url = {https://doi.org/10.1145/2931037.2931044},
|
||||
doi = {10.1145/2931037.2931044},
|
||||
abstract = {Android developers heavily use reflection in their apps for legitimate reasons, but also significantly for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are inconsistent given the measures taken by malware writers to elude static detection. We propose the DroidRA instrumentation-based approach to address this issue in a non-invasive way. With DroidRA, we reduce the resolution of reflective calls to a composite constant propagation problem. We leverage the COAL solver to infer the values of reflection targets and app, and we eventually instrument this app to include the corresponding traditional Java call for each reflective call. Our approach allows to boost an app so that it can be immediately analyzable, including by such static analyzers that were not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and demonstrate that it can allow state-of-the-art tools to provide more sound and complete analysis results.},
|
||||
urldate = {2025-07-22},
|
||||
booktitle = {Proceedings of the 25th {International} {Symposium} on {Software} {Testing} and {Analysis}},
|
||||
publisher = {Association for Computing Machinery},
|
||||
author = {Li, Li and Bissyandé, Tegawendé F. and Octeau, Damien and Klein, Jacques},
|
||||
month = jul,
|
||||
year = {2016},
|
||||
pages = {318--329},
|
||||
file = {Submitted Version:/home/histausse/Zotero/storage/RPJ5UCTI/Li et al. - 2016 - DroidRA taming reflection to support whole-program analysis of Android apps.pdf:application/pdf},
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue