R&amp;R tool for Android applications hiding malicious features

Lee, Jusuk; Kim, Ajung; Lee, Sumin; Hong, Jiman

doi:10.1145/3477314.3507143

Cited by 1 publication

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, Maik deploys a program on two different systems, records its execution, and compares the two execution traces upon replay to verify the correctness of the program [11]. Lee et al propose a tool for recording and replaying Android APIs to analyze the evasion techniques used in sophisticated malware [12]. Wang et al present Pinpoint, a system that records execution of the program (including user inputs and graphical output) and replays the output [14].…”

Section: Record/replay Techniquesmentioning

confidence: 99%

RR-Row: Redirect-on-Write Based Virtual Machine Disk for Record/Replay

ZHAO,

XIAN,

et al. 2024

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Record/replay is one essential tool in clouds to provide many capabilities such as fault tolerance, software debugging, and security analysis by recording the execution into a log and replaying it deterministically later on. However, in virtualized environments, the log file increases heavily due to saving a considerable amount of I/O data, finally introducing significant storage costs. To mitigate this problem, this paper proposes RR-Row, a redirect-on-write based virtual machine disk for record/replay scenarios. RR-Row appends the written data into new blocks rather than overwrites the original blocks during normal execution so that all written data are reserved in the disk. In this way, the record system only saves the block id instead of the full content, and the replay system can directly fetch the data from the disk rather than the log, thereby reducing the log size a lot. In addition, we propose several optimizations for improving I/O performance so that it is also suitable for normal execution. We implement RR-Row for QEMU and conduct a set of experiments. The results show that RR-Row reduces the log size by 68% compared to the currently used Raw/QCow2 disk without compromising I/O performance.

show abstract

Section: Record/replay Techniquesmentioning

confidence: 99%